@@ -46,11 +46,16 @@ AC_ARG_ENABLE(

 	[enable_lzo="yes"]

 )

-AC_ARG_ENABLE(

-	[lzo-stub],

-	[AS_HELP_STRING([--enable-lzo-stub], [don't compile LZO compression support but still allow limited interoperability with LZO-enabled peers @<:@default=no@:>@])],

-	,

-	[enable_lzo_stub="no"]

+AC_ARG_ENABLE(snappy,

+	[  --disable-snappy        Disable Snappy compression support],

+	[enable_snappy="$enableval"],

+	[enable_snappy="yes"]

+)

+

+AC_ARG_ENABLE(comp-stub,

+	[  --enable-comp-stub      Don't compile compression support but still allow limited interoperability with compression-enabled peers],

+	[enable_comp_stub="$enableval"],

+	[enable_comp_stub="no"]

 )

 AC_ARG_ENABLE(

@@ -895,6 +900,46 @@ if test "${have_lzo}" = "yes"; then

 	CFLAGS="${saved_CFLAGS}"

 fi

+dnl

+dnl check for Snappy library

+dnl

+

+AC_ARG_VAR([SNAPPY_CFLAGS], [C compiler flags for snappy])

+AC_ARG_VAR([SNAPPY_LIBS], [linker flags for snappy])

+if test "$enable_snappy" = "yes" && test "$enable_comp_stub" = "no"; then

+    AC_CHECKING([for Snappy Library and Header files])

+    havesnappylib=1

+

+    # if SNAPPY_LIBS is set, we assume it will work, otherwise test

+    if test -z "${SNAPPY_LIBS}"; then

+	AC_CHECK_LIB(snappy, snappy_compress,

+	    [ SNAPPY_LIBS="-lsnappy" ],

+	    [

+	        AC_MSG_RESULT([Snappy library not found.])

+	        havesnappylib=0

+	    ])

+    fi

+

+    saved_CFLAGS="${CFLAGS}"

+    CFLAGS="${CFLAGS} ${SNAPPY_CFLAGS}"

+    AC_CHECK_HEADER(snappy-c.h,

+       ,

+       [

+	   AC_MSG_RESULT([Snappy headers not found.])

+	   havesnappylib=0

+       ])

+

+    if test $havesnappylib = 0 ; then

+	AC_MSG_RESULT([Snappy library available from http://code.google.com/p/snappy/])

+        AC_MSG_ERROR([Or try ./configure --disable-snappy OR ./configure --enable-comp-stub])

+    fi

+    OPTIONAL_SNAPPY_CFLAGS="${SNAPPY_CFLAGS}"

+    OPTIONAL_SNAPPY_LIBS="${SNAPPY_LIBS}"

+    AC_DEFINE(ENABLE_SNAPPY, 1, [Enable Snappy compression library])

+    CFLAGS="${saved_CFLAGS}"

+fi

+

+

 AC_MSG_CHECKING([git checkout])

 GIT_CHECKOUT="no"

 if test -n "${GIT}" -a -d "${srcdir}/.git"; then

@@ -1003,10 +1048,10 @@ if test "${enable_lzo}" = "yes"; then

 	OPTIONAL_LZO_LIBS="${LZO_LIBS}"

 	AC_DEFINE([ENABLE_LZO], [1], [Enable LZO compression library])

 fi

-if test "${enable_lzo_stub}" = "yes"; then

-	test "${enable_lzo}" = "yes" && AC_MSG_ERROR([Cannot have both lzo stub and lzo enabled])

-	AC_DEFINE([ENABLE_LZO_STUB], [1], [Enable LZO stub capability])

-	AC_DEFINE([ENABLE_LZO], [1], [Enable LZO compression library])

+if test "${enable_comp_stub}" = "yes"; then

+	test "${enable_lzo}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and lzo enabled (use --disable-lzo)])

+	test "${enable_snappy}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and snappy enabled (use --disable-snappy)])

+	AC_DEFINE([ENABLE_COMP_STUB], [1], [Enable compression stub capability])

 fi

 if test "${enable_pkcs11}" = "yes"; then

@@ -1060,6 +1105,8 @@ AC_SUBST([OPTIONAL_CRYPTO_CFLAGS])

 AC_SUBST([OPTIONAL_CRYPTO_LIBS])

 AC_SUBST([OPTIONAL_LZO_CFLAGS])

 AC_SUBST([OPTIONAL_LZO_LIBS])

+AC_SUBST([OPTIONAL_SNAPPY_CFLAGS])

+AC_SUBST([OPTIONAL_SNAPPY_LIBS])

 AC_SUBST([OPTIONAL_PKCS11_HELPER_CFLAGS])

 AC_SUBST([OPTIONAL_PKCS11_HELPER_LIBS])

@@ -2352,12 +2352,32 @@ consecutive messages in the same category.  This is useful to

 limit repetitive logging of similar message types.

 .\"*********************************************************

 .TP

+.B \-\-compress [algorithm]

+Enable a compression algorithm.

+

+The

+.B algorithm

+parameter may be "snappy", "lzo", or empty.  Snappy and LZO

+are different compression algorithms, with Snappy generally

+offering the best performance.

+

+If the

+.B algorithm

+parameter is empty, compression will be turned off, but the packet

+framing for compression will still be enabled, allowing a different

+setting to be pushed later.

+.\"*********************************************************

+.TP

 .B \-\-comp-lzo [mode]

-Use fast LZO compression \-\- may add up to 1 byte per

+Use LZO compression \-\- may add up to 1 byte per

 packet for incompressible data.

 .B mode

 may be "yes", "no", or "adaptive" (default).

+This option is deprecated in favor of the newer

+.B --compress

+option.

+

 In a server mode setup, it is possible to selectively turn

 compression on or off for individual clients.

@@ -26,6 +26,7 @@ AM_CFLAGS = \

 	$(TAP_CFLAGS) \

 	$(OPTIONAL_CRYPTO_CFLAGS) \

 	$(OPTIONAL_LZO_CFLAGS) \

+	$(OPTIONAL_SNAPPY_CFLAGS) \

 	$(OPTIONAL_PKCS11_HELPER_CFLAGS)

 if WIN32

 # we want unicode entry point but not the macro

@@ -41,6 +42,7 @@ openvpn_SOURCES = \

 	circ_list.h \

 	clinat.c clinat.h \

 	common.h \

+	comp.c comp.h compstub.c \

 	crypto.c crypto.h crypto_backend.h \

 	crypto_openssl.c crypto_openssl.h \

 	crypto_polarssl.c crypto_polarssl.h \

@@ -98,6 +100,7 @@ openvpn_SOURCES = \

 	session_id.c session_id.h \

 	shaper.c shaper.h \

 	sig.c sig.h \

+	snappy.c snappy.h \

 	socket.c socket.h \

 	socks.c socks.h \

 	ssl.c ssl.h  ssl_backend.h \

@@ -116,6 +119,7 @@ openvpn_LDADD = \

 	$(top_builddir)/src/compat/libcompat.la \

 	$(SOCKETS_LIBS) \

 	$(OPTIONAL_LZO_LIBS) \

+	$(OPTIONAL_SNAPPY_LIBS) \

 	$(OPTIONAL_PKCS11_HELPER_LIBS) \

 	$(OPTIONAL_CRYPTO_LIBS) \

 	$(OPTIONAL_SELINUX_LIBS) \

new file mode 100644

@@ -0,0 +1,135 @@

+/*

+ *  OpenVPN -- An application to securely tunnel IP networks

+ *             over a single UDP port, with support for SSL/TLS-based

+ *             session authentication and key exchange,

+ *             packet encryption, packet authentication, and

+ *             packet compression.

+ *

+ *  Copyright (C) 2002-2012 OpenVPN Technologies, Inc. <sales@openvpn.net>

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License version 2

+ *  as published by the Free Software Foundation.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program (see the file COPYING included with this

+ *  distribution); if not, write to the Free Software Foundation, Inc.,

+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

+ */

+

+#ifdef HAVE_CONFIG_H

+#include "config.h"

+#elif defined(_MSC_VER)

+#include "config-msvc.h"

+#endif

+

+#include "syshead.h"

+

+#ifdef USE_COMP

+

+#include "comp.h"

+#include "error.h"

+#include "otime.h"

+

+#include "memdbg.h"

+

+struct compress_context *

+comp_init(const struct compress_options *opt)

+{

+  struct compress_context *compctx = NULL;

+  switch (opt->alg)

+    {

+    case COMP_ALG_STUB:

+      ALLOC_OBJ_CLEAR (compctx, struct compress_context);

+      compctx->flags = opt->flags;

+      compctx->alg = comp_stub_alg;

+      (*compctx->alg.compress_init)(compctx);

+      break;

+#ifdef ENABLE_LZO

+    case COMP_ALG_LZO:

+      ALLOC_OBJ_CLEAR (compctx, struct compress_context);

+      compctx->flags = opt->flags;

+      compctx->alg = lzo_alg;

+      (*compctx->alg.compress_init)(compctx);

+      break;

+#endif

+#ifdef ENABLE_SNAPPY

+    case COMP_ALG_SNAPPY:

+      ALLOC_OBJ_CLEAR (compctx, struct compress_context);

+      compctx->flags = opt->flags;

+      compctx->alg = snappy_alg;

+      (*compctx->alg.compress_init)(compctx);

+      break;

+#endif

+    }

+  return compctx;

+}

+

+void

+comp_uninit(struct compress_context *compctx)

+{

+  if (compctx)

+    {

+      (*compctx->alg.compress_uninit)(compctx);

+      free(compctx);

+    }

+}

+

+void

+comp_add_to_extra_frame(struct frame *frame)

+{

+  /* Leave room for our one-byte compressed/didn't-compress prefix byte. */

+  frame_add_to_extra_frame (frame, COMP_PREFIX_LEN);

+}

+

+void

+comp_add_to_extra_buffer(struct frame *frame)

+{

+  /* Leave room for compression buffer to expand in worst case scenario

+     where data is totally uncompressible */

+  frame_add_to_extra_buffer (frame, COMP_EXTRA_BUFFER (EXPANDED_SIZE(frame)));

+}

+

+void

+comp_print_stats (const struct compress_context *compctx, struct status_output *so)

+{

+  if (compctx)

+    {

+      status_printf (so, "pre-compress bytes," counter_format, compctx->pre_compress);

+      status_printf (so, "post-compress bytes," counter_format, compctx->post_compress);

+      status_printf (so, "pre-decompress bytes," counter_format, compctx->pre_decompress);

+      status_printf (so, "post-decompress bytes," counter_format, compctx->post_decompress);

+    }

+}

+

+/*

+ * Tell our peer which compression algorithms we support.

+ */

+void

+comp_generate_peer_info_string(const struct compress_options *opt, struct buffer *out)

+{

+  if (opt)

+    {

+      bool lzo_avail = false;

+      if (!(opt->flags & COMP_F_ADVERTISE_STUBS_ONLY))

+	{

+#if defined(ENABLE_SNAPPY)

+	  buf_printf (out, "IV_SNAPPY=1\n");

+#endif

+#if defined(ENABLE_LZO)

+	  buf_printf (out, "IV_LZO=1\n");

+	  lzo_avail = true;

+#endif

+	}

+      if (!lzo_avail)

+	buf_printf (out, "IV_LZO_STUB=1\n");

+      buf_printf (out, "IV_COMP_STUB=1\n");

+    }

+}

+

+#endif /* USE_COMP */

new file mode 100644

@@ -0,0 +1,171 @@

+/*

+ *  OpenVPN -- An application to securely tunnel IP networks

+ *             over a single UDP port, with support for SSL/TLS-based

+ *             session authentication and key exchange,

+ *             packet encryption, packet authentication, and

+ *             packet compression.

+ *

+ *  Copyright (C) 2002-2012 OpenVPN Technologies, Inc. <sales@openvpn.net>

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License version 2

+ *  as published by the Free Software Foundation.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program (see the file COPYING included with this

+ *  distribution); if not, write to the Free Software Foundation, Inc.,

+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

+ */

+

+/*

+ * Generic compression support.  Currently we support

+ * Snappy and LZO 2.

+ */

+#ifndef OPENVPN_COMP_H

+#define OPENVPN_COMP_H

+

+#ifdef USE_COMP

+

+#include "buffer.h"

+#include "mtu.h"

+#include "common.h"

+#include "status.h"

+

+/* algorithms */

+#define COMP_ALG_UNDEF  0

+#define COMP_ALG_STUB   1 /* support compression command byte and framing without actual compression */

+#define COMP_ALG_LZO    2 /* LZO algorithm */

+#define COMP_ALG_SNAPPY 3 /* Snappy algorithm */

+

+/* Compression flags */

+#define COMP_F_ADAPTIVE   (1<<0) /* COMP_ALG_LZO only */

+#define COMP_F_ASYM       (1<<1) /* only downlink is compressed, not uplink */

+#define COMP_F_SWAP       (1<<2) /* initial command byte is swapped with last byte in buffer to preserve payload alignment */

+#define COMP_F_ADVERTISE_STUBS_ONLY (1<<3) /* tell server that we only support compression stubs */

+

+/*

+ * Length of prepended prefix on compressed packets

+ */

+#define COMP_PREFIX_LEN 1

+

+/*

+ * Prefix bytes

+ */

+#define NO_COMPRESS_BYTE      0xFA

+#define NO_COMPRESS_BYTE_SWAP 0xFB /* to maintain payload alignment, replace this byte with last byte of packet */

+

+/*

+ * Compress worst case size expansion (for any algorithm)

+ *

+ * LZO:    len + len/8 + 128 + 3

+ * Snappy: len + len/6 + 32

+ */

+#define COMP_EXTRA_BUFFER(len) ((len)/6 + 128 + 3 + COMP_PREFIX_LEN)

+

+/*

+ * Don't try to compress any packet smaller than this.

+ */

+#define COMPRESS_THRESHOLD 100

+

+/* Forward declaration of compression context */

+struct compress_context;

+

+/*

+ * Virtual methods and other static info for each compression algorithm

+ */

+struct compress_alg

+{

+  const char *name;

+  void (*compress_init)(struct compress_context *compctx);

+  void (*compress_uninit)(struct compress_context *compctx);

+  void (*compress)(struct buffer *buf, struct buffer work,

+		   struct compress_context *compctx,

+		   const struct frame* frame);

+

+  void (*decompress)(struct buffer *buf, struct buffer work,

+		     struct compress_context *compctx,

+		     const struct frame* frame);

+};

+

+/*

+ * Headers for each compression implementation

+ */

+#ifdef ENABLE_LZO

+#include "lzo.h"

+#endif

+

+#ifdef ENABLE_SNAPPY

+#include "snappy.h"

+#endif

+

+/*

+ * Information that basically identifies a compression

+ * algorithm and related flags.

+ */

+struct compress_options

+{

+  int alg;

+  unsigned int flags;

+};

+

+/*

+ * Workspace union of all supported compression algorithms

+ */

+union compress_workspace_union

+{

+#ifdef ENABLE_LZO

+  struct lzo_compress_workspace lzo;

+#endif

+#ifdef ENABLE_SNAPPY

+  struct snappy_workspace snappy;

+#endif

+};

+

+/*

+ * Context for active compression session

+ */

+struct compress_context

+{

+  unsigned int flags;

+  struct compress_alg alg;

+  union compress_workspace_union wu;

+

+  /* statistics */

+  counter_type pre_decompress;

+  counter_type post_decompress;

+  counter_type pre_compress;

+  counter_type post_compress;

+};

+

+extern const struct compress_alg comp_stub_alg;

+

+struct compress_context *comp_init(const struct compress_options *opt);

+

+void comp_uninit(struct compress_context *compctx);

+

+void comp_add_to_extra_frame(struct frame *frame);

+void comp_add_to_extra_buffer(struct frame *frame);

+

+void comp_print_stats (const struct compress_context *compctx, struct status_output *so);

+

+void comp_generate_peer_info_string(const struct compress_options *opt, struct buffer *out);

+

+static inline bool

+comp_enabled(const struct compress_options *info)

+{

+  return info->alg != COMP_ALG_UNDEF;

+}

+

+static inline bool

+comp_unswapped_prefix(const struct compress_options *info)

+{

+  return !(info->flags & COMP_F_SWAP);

+}

+

+#endif /* USE_COMP */

+#endif

new file mode 100644

@@ -0,0 +1,118 @@

+/*

+ *  OpenVPN -- An application to securely tunnel IP networks

+ *             over a single UDP port, with support for SSL/TLS-based

+ *             session authentication and key exchange,

+ *             packet encryption, packet authentication, and

+ *             packet compression.

+ *

+ *  Copyright (C) 2002-2012 OpenVPN Technologies, Inc. <sales@openvpn.net>

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License version 2

+ *  as published by the Free Software Foundation.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program (see the file COPYING included with this

+ *  distribution); if not, write to the Free Software Foundation, Inc.,

+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

+ */

+

+#ifdef HAVE_CONFIG_H

+#include "config.h"

+#elif defined(_MSC_VER)

+#include "config-msvc.h"

+#endif

+

+#include "syshead.h"

+

+#if defined(USE_COMP)

+

+#include "comp.h"

+#include "error.h"

+#include "otime.h"

+

+#include "memdbg.h"

+

+static void

+stub_compress_init (struct compress_context *compctx)

+{

+}

+

+static void

+stub_compress_uninit (struct compress_context *compctx)

+{

+}

+

+static void

+stub_compress (struct buffer *buf, struct buffer work,

+	       struct compress_context *compctx,

+	       const struct frame* frame)

+{

+  if (buf->len <= 0)

+    return;

+  if (compctx->flags & COMP_F_SWAP)

+    {

+      uint8_t *head = BPTR (buf);

+      uint8_t *tail  = BEND (buf);

+      ASSERT (buf_safe (buf, 1));

+      ++buf->len;

+

+      /* move head byte of payload to tail */

+      *tail = *head;

+      *head = NO_COMPRESS_BYTE_SWAP;

+    }

+  else

+    {

+      uint8_t *header = buf_prepend (buf, 1);

+      *header = NO_COMPRESS_BYTE;

+    }

+}

+

+static void

+stub_decompress (struct buffer *buf, struct buffer work,

+		 struct compress_context *compctx,

+		 const struct frame* frame)

+{

+  uint8_t c;

+  if (buf->len <= 0)

+    return;

+  if (compctx->flags & COMP_F_SWAP)

+    {

+      uint8_t *head = BPTR (buf);

+      c = *head;

+      --buf->len;

+      *head = *BEND (buf);

+      if (c != NO_COMPRESS_BYTE_SWAP)

+	{

+	  dmsg (D_COMP_ERRORS, "Bad compression stub (swap) decompression header byte: %d", c);

+	  buf->len = 0;

+	}

+    }

+  else

+    {

+      c = *BPTR (buf);

+      ASSERT (buf_advance (buf, 1));

+      if (c != NO_COMPRESS_BYTE)

+	{

+	  dmsg (D_COMP_ERRORS, "Bad compression stub decompression header byte: %d", c);

+	  buf->len = 0;

+	}

+    }

+}

+

+const struct compress_alg comp_stub_alg = {

+  "stub",

+  stub_compress_init,

+  stub_compress_uninit,

+  stub_compress,

+  stub_decompress

+};

+

+#else

+static void dummy(void) {}

+#endif /* USE_STUB */

@@ -444,10 +444,10 @@ encrypt_sign (struct context *c, bool comp_frag)

   if (comp_frag)

     {

-#ifdef ENABLE_LZO

+#ifdef USE_COMP

       /* Compress the packet. */

-      if (lzo_defined (&c->c2.lzo_compwork))

-	lzo_compress (&c->c2.buf, b->lzo_compress_buf, &c->c2.lzo_compwork, &c->c2.frame);

+      if (c->c2.comp_context)

+	(*c->c2.comp_context->alg.compress)(&c->c2.buf, b->compress_buf, c->c2.comp_context, &c->c2.frame);

 #endif

 #ifdef ENABLE_FRAGMENT

       if (c->c2.fragment)

@@ -846,10 +846,10 @@ process_incoming_link (struct context *c)

 	fragment_incoming (c->c2.fragment, &c->c2.buf, &c->c2.frame_fragment);

 #endif

-#ifdef ENABLE_LZO

+#ifdef USE_COMP

       /* decompress the incoming packet */

-      if (lzo_defined (&c->c2.lzo_compwork))

-	lzo_decompress (&c->c2.buf, c->c2.buffers->lzo_decompress_buf, &c->c2.lzo_compwork, &c->c2.frame);

+      if (c->c2.comp_context)

+	(*c->c2.comp_context->alg.decompress)(&c->c2.buf, c->c2.buffers->decompress_buf, c->c2.comp_context, &c->c2.frame);

 #endif

 #ifdef PACKET_TRUNCATION_CHECK

@@ -1770,14 +1770,12 @@ do_deferred_options (struct context *c, const unsigned int found)

     }

 #endif

-#ifdef ENABLE_LZO

+#ifdef USE_COMP

   if (found & OPT_P_COMP)

     {

-      if (lzo_defined (&c->c2.lzo_compwork))

-	{

-	  msg (D_PUSH, "OPTIONS IMPORT: LZO parms modified");

-	  lzo_modify_flags (&c->c2.lzo_compwork, c->options.lzo);

-	}

+      msg (D_PUSH, "OPTIONS IMPORT: compression parms modified");

+      comp_uninit (c->c2.comp_context);

+      c->c2.comp_context = comp_init (&c->options.comp);

     }

 #endif

@@ -2272,6 +2270,10 @@ do_init_crypto_tls (struct context *c, const unsigned int flags)

 #endif

 #endif

+#ifdef USE_COMP

+  to.comp_options = options->comp;

+#endif

+

   /* TLS handshake authentication (--tls-auth) */

   if (options->tls_auth_file)

     {

@@ -2354,30 +2356,50 @@ do_init_crypto (struct context *c, const unsigned int flags)

 static void

 do_init_frame (struct context *c)

 {

-#ifdef ENABLE_LZO

+#ifdef USE_COMP

   /*

-   * Initialize LZO compression library.

+   * modify frame parameters if compression is enabled

    */

-  if (c->options.lzo & LZO_SELECTED)

+  if (comp_enabled(&c->options.comp))

     {

-      lzo_adjust_frame_parameters (&c->c2.frame);

+      comp_add_to_extra_frame (&c->c2.frame);

+#if !defined(ENABLE_SNAPPY)

       /*

-       * LZO usage affects buffer alignment.

+       * Compression usage affects buffer alignment when non-swapped algs

+       * such as LZO is used.

+       * Newer algs like Snappy and comp-stub with COMP_F_SWAP don't need

+       * any special alignment because of the control-byte swap approach.

+       * LZO alignment (on the other hand) is problematic because

+       * the presence of the control byte means that either the output of

+       * decryption must be written to an unaligned buffer, or the input

+       * to compression (or packet dispatch if packet is uncompressed)

+       * must be read from an unaligned buffer.

+       * This code tries to align the input to compression (or packet

+       * dispatch if packet is uncompressed) at the cost of requiring

+       * decryption output to be written to an unaligned buffer, so

+       * it's more of a tradeoff than an optimal solution and we don't

+       * include it when we are doing a modern build with Snappy.

+       * Strictly speaking, on the server it would be better to execute

+       * this code for every connection after we decide the compression

+       * method, but currently the frame code doesn't appear to be

+       * flexible enough for this, since the frame is already established

+       * before it is known which compression options will be pushed.

        */

-      if (CIPHER_ENABLED (c))

+      if (comp_unswapped_prefix (&c->options.comp) && CIPHER_ENABLED (c))

 	{

-	  frame_add_to_align_adjust (&c->c2.frame, LZO_PREFIX_LEN);

+	  frame_add_to_align_adjust (&c->c2.frame, COMP_PREFIX_LEN);

 	  frame_or_align_flags (&c->c2.frame,

 				FRAME_HEADROOM_MARKER_FRAGMENT

 				|FRAME_HEADROOM_MARKER_DECRYPT);

 	}

+#endif

 #ifdef ENABLE_FRAGMENT

-      lzo_adjust_frame_parameters (&c->c2.frame_fragment_omit);	/* omit LZO frame delta from final frame_fragment */

+      comp_add_to_extra_frame (&c->c2.frame_fragment_omit); /* omit compression frame delta from final frame_fragment */

 #endif

     }

-#endif /* ENABLE_LZO */

+#endif /* USE_COMP */

 #ifdef ENABLE_SOCKS

   /*

@@ -2406,6 +2428,17 @@ do_init_frame (struct context *c)

    */

   frame_finalize_options (c, NULL);

+#ifdef USE_COMP

+  /*

+   * Modify frame parameters if compression is compiled in.

+   * Should be called after frame_finalize_options.

+   */

+  comp_add_to_extra_buffer (&c->c2.frame);

+#ifdef ENABLE_FRAGMENT

+  comp_add_to_extra_buffer (&c->c2.frame_fragment_omit); /* omit compression frame delta from final frame_fragment */

+#endif

+#endif /* USE_COMP */

+

 #ifdef ENABLE_FRAGMENT

   /*

    * Set frame parameter for fragment code.  This is necessary because

@@ -2537,9 +2570,9 @@ init_context_buffers (const struct frame *frame)

   b->decrypt_buf = alloc_buf (BUF_SIZE (frame));

 #endif

-#ifdef ENABLE_LZO

-  b->lzo_compress_buf = alloc_buf (BUF_SIZE (frame));

-  b->lzo_decompress_buf = alloc_buf (BUF_SIZE (frame));

+#ifdef USE_COMP

+  b->compress_buf = alloc_buf (BUF_SIZE (frame));

+  b->decompress_buf = alloc_buf (BUF_SIZE (frame));

 #endif

   return b;

@@ -2554,9 +2587,9 @@ free_context_buffers (struct context_buffers *b)

       free_buf (&b->read_tun_buf);

       free_buf (&b->aux_buf);

-#ifdef ENABLE_LZO

-      free_buf (&b->lzo_compress_buf);

-      free_buf (&b->lzo_decompress_buf);

+#ifdef USE_COMP

+      free_buf (&b->compress_buf);

+      free_buf (&b->decompress_buf);

 #endif

 #ifdef ENABLE_CRYPTO

@@ -3388,10 +3421,10 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int

       goto sig;

   }

-#ifdef ENABLE_LZO

-  /* initialize LZO compression library. */

-  if ((options->lzo & LZO_SELECTED) && (c->mode == CM_P2P || child))

-    lzo_compress_init (&c->c2.lzo_compwork, options->lzo);

+#ifdef USE_COMP

+  /* initialize compression library. */

+  if (comp_enabled(&options->comp) && (c->mode == CM_P2P || child))

+    c->c2.comp_context = comp_init (&options->comp);

 #endif

   /* initialize MTU variables */

@@ -3505,9 +3538,12 @@ close_instance (struct context *c)

 	/* if xinetd/inetd mode, don't allow restart */

 	do_close_check_if_restart_permitted (c);

-#ifdef ENABLE_LZO

-	if (lzo_defined (&c->c2.lzo_compwork))

-	  lzo_compress_uninit (&c->c2.lzo_compwork);

+#ifdef USE_COMP

+	if (c->c2.comp_context)

+	  {

+	    comp_uninit (c->c2.comp_context);

+	    c->c2.comp_context = NULL;

+	  }

 #endif

 	/* free buffers */

@@ -3631,6 +3667,10 @@ inherit_context_child (struct context *dest,

       dest->c2.link_socket_info->lsa = &dest->c1.link_socket_addr;

       dest->c2.link_socket_info->connection_established = false;

     }

+

+#ifdef USE_COMP

+  dest->c2.comp_context = NULL;

+#endif

 }

 void

@@ -3679,6 +3719,10 @@ inherit_context_top (struct context *dest,

   dest->c2.event_set = NULL;

   if (proto_is_dgram(src->options.ce.proto))

     do_event_set_init (dest, false);

+

+#ifdef USE_COMP

+  dest->c2.comp_context = NULL;

+#endif

 }

 void

@@ -34,15 +34,17 @@

 #include "syshead.h"

-#ifdef ENABLE_LZO

+#if defined(ENABLE_LZO)

-#include "lzo.h"

+#include "comp.h"

 #include "error.h"

 #include "otime.h"

 #include "memdbg.h"

-#ifndef ENABLE_LZO_STUB

+/* Initial command byte to tell our peer if we compressed */

+#define LZO_COMPRESS_BYTE 0x66

+

 /**

  * Perform adaptive compression housekeeping.

  *

@@ -97,101 +99,69 @@ lzo_adaptive_compress_data (struct lzo_adaptive_compress *ac, int n_total, int n

   ac->n_comp += n_comp;

 }

-#endif /* ENABLE_LZO_STUB */

-

-void lzo_adjust_frame_parameters (struct frame *frame)

-{

-  /* Leave room for our one-byte compressed/didn't-compress prefix byte. */

-  frame_add_to_extra_frame (frame, LZO_PREFIX_LEN);

-

-  /* Leave room for compression buffer to expand in worst case scenario

-     where data is totally uncompressible */

-  frame_add_to_extra_buffer (frame, LZO_EXTRA_BUFFER (EXPANDED_SIZE(frame)));

-}

-

-void

-lzo_compress_init (struct lzo_compress_workspace *lzowork, unsigned int flags)

+static void

+lzo_compress_init (struct compress_context *compctx)

 {

-  CLEAR (*lzowork);

-

-  lzowork->flags = flags;

-#ifndef ENABLE_LZO_STUB

-  lzowork->wmem_size = LZO_WORKSPACE;

-

+  msg (D_INIT_MEDIUM, "LZO compression initializing");

+  ASSERT(!(compctx->flags & COMP_F_SWAP));

+  compctx->wu.lzo.wmem_size = LZO_WORKSPACE;

   if (lzo_init () != LZO_E_OK)

     msg (M_FATAL, "Cannot initialize LZO compression library");

-  lzowork->wmem = (lzo_voidp) lzo_malloc (lzowork->wmem_size);

-  check_malloc_return (lzowork->wmem);

-  msg (D_INIT_MEDIUM, "LZO compression initialized");

-#else

-  msg (D_INIT_MEDIUM, "LZO stub compression initialized");

-#endif

-  lzowork->defined = true;

+  compctx->wu.lzo.wmem = (lzo_voidp) lzo_malloc (compctx->wu.lzo.wmem_size);

+  check_malloc_return (compctx->wu.lzo.wmem);

 }

-void