@@ -3,6 +3,14 @@ Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>

 $Id$

+2005.10.01 -- Version 2.1-beta2

+

+* Made LZO setting pushable.

+* Renamed sample-keys/tmp-ca.crt to ca.crt.

+* Fixed bug where remove_iroutes_from_push_route_list

+  was missing routes if those routes had

+  an implied netmask (by omission) of 255.255.255.255. 

+

 2005.09.26 -- Version 2.1-beta1

 * Merged with 2.0.3-rc1

@@ -115,7 +115,7 @@

 #define D_PID_DEBUG_LOW      LOGLEV(7, 70, M_DEBUG)  /* show low-freq packet-id debugging info */

 #define D_MULTI_DEBUG        LOGLEV(7, 70, M_DEBUG)  /* show medium-freq multi debugging info */

 #define D_MSS                LOGLEV(7, 70, M_DEBUG)  /* show MSS adjustments */

-#define D_COMP_LOW           LOGLEV(7, 70, M_DEBUG)  /* show adaptive compression state changes */

+#define D_COMP_LOW           LOGLEV(3, 70, M_DEBUG)  /* show adaptive compression state changes JYFIXME */

 #define D_REMOTE_LIST        LOGLEV(7, 70, M_DEBUG)  /* show --remote list */

 #define D_SCRIPT             LOGLEV(7, 70, M_DEBUG)  /* show parms & env vars passed to scripts */

 #define D_SHOW_NET           LOGLEV(7, 70, M_DEBUG)  /* show routing table and adapter list */

@@ -142,7 +142,7 @@

 #define D_TLS_DEBUG          LOGLEV(9, 70, M_DEBUG)  /* show detailed info from TLS routines */

 #define D_CRYPTO_DEBUG       LOGLEV(9, 70, M_DEBUG)  /* show detailed info from crypto.c routines */

-#define D_COMP               LOGLEV(9, 70, M_DEBUG)  /* show compression info */

+#define D_COMP               LOGLEV(4, 70, M_DEBUG)  /* show compression info JYFIXME */

 #define D_READ_WRITE         LOGLEV(9, 70, M_DEBUG)  /* show all tun/tcp/udp reads/writes/opens */

 #define D_PACKET_CONTENT     LOGLEV(9, 70, M_DEBUG)  /* show before/after encryption packet content */

 #define D_TLS_NO_SEND_KEY    LOGLEV(9, 70, M_DEBUG)  /* show when no data channel send-key exists */

@@ -397,7 +397,7 @@ encrypt_sign (struct context *c, bool comp_frag)

     {

 #ifdef USE_LZO

       /* Compress the packet. */

-      if (c->options.comp_lzo)

+      if (lzo_defined (&c->c2.lzo_compwork))

 	lzo_compress (&c->c2.buf, b->lzo_compress_buf, &c->c2.lzo_compwork, &c->c2.frame);

 #endif

 #ifdef ENABLE_FRAGMENT

@@ -764,7 +764,7 @@ process_incoming_link (struct context *c)

 #ifdef USE_LZO

       /* decompress the incoming packet */

-      if (c->options.comp_lzo)

+      if (lzo_defined (&c->c2.lzo_compwork))

 	lzo_decompress (&c->c2.buf, c->c2.buffers->lzo_decompress_buf, &c->c2.lzo_compwork, &c->c2.frame);

 #endif

@@ -956,6 +956,7 @@ pull_permission_mask (const struct context *c)

     | OPT_P_SETENV

     | OPT_P_SHAPER

     | OPT_P_TIMER

+    | OPT_P_COMP

     | OPT_P_PERSIST

     | OPT_P_MESSAGES

     | OPT_P_EXPLICIT_NOTIFY

@@ -998,6 +999,17 @@ do_deferred_options (struct context *c, const unsigned int found)

     }

 #endif

+#ifdef USE_LZO

+  if (found & OPT_P_COMP)

+    {

+      if (lzo_defined (&c->c2.lzo_compwork))

+	{

+	  msg (D_PUSH, "OPTIONS IMPORT: LZO parms modified");

+	  lzo_modify_flags (&c->c2.lzo_compwork, c->options.lzo);

+	}

+    }

+#endif

+

   if (found & OPT_P_SHAPER)

     {

       msg (D_PUSH, "OPTIONS IMPORT: traffic shaper enabled");

@@ -1474,7 +1486,7 @@ do_init_frame (struct context *c)

   /*

    * Initialize LZO compression library.

    */

-  if (c->options.comp_lzo)

+  if (c->options.lzo & LZO_SELECTED)

     {

       lzo_adjust_frame_parameters (&c->c2.frame);

@@ -1493,7 +1505,7 @@ do_init_frame (struct context *c)

       lzo_adjust_frame_parameters (&c->c2.frame_fragment_omit);	/* omit LZO frame delta from final frame_fragment */

 #endif

     }

-#endif

+#endif /* USE_LZO */

 #ifdef ENABLE_SOCKS

   /*

@@ -2404,8 +2416,8 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int

 #ifdef USE_LZO

   /* initialize LZO compression library. */

-  if (options->comp_lzo && (c->mode == CM_P2P || child))

-    lzo_compress_init (&c->c2.lzo_compwork, options->comp_lzo_adaptive);

+  if ((options->lzo & LZO_SELECTED) && (c->mode == CM_P2P || child))

+    lzo_compress_init (&c->c2.lzo_compwork, options->lzo);

 #endif

   /* initialize MTU variables */

@@ -2496,7 +2508,7 @@ close_instance (struct context *c)

 	do_close_check_if_restart_permitted (c);

 #ifdef USE_LZO

-	if (c->options.comp_lzo)

+	if (lzo_defined (&c->c2.lzo_compwork))

 	  lzo_compress_uninit (&c->c2.lzo_compwork);

 #endif

@@ -44,9 +44,6 @@ lzo_adaptive_compress_test (struct lzo_adaptive_compress *ac)

   const bool save = ac->compress_state;

   const time_t local_now = now;

-  if (!ac->enabled)

-    return true;

-

   if (!ac->compress_state)

     {

       if (local_now >= ac->next)

@@ -84,11 +81,8 @@ lzo_adaptive_compress_test (struct lzo_adaptive_compress *ac)

 inline static void

 lzo_adaptive_compress_data (struct lzo_adaptive_compress *ac, int n_total, int n_comp)

 {

-  if (ac->enabled)

-    {

-      ac->n_total += n_total;

-      ac->n_comp += n_comp;

-    }

+  ac->n_total += n_total;

+  ac->n_comp += n_comp;

 }

 void lzo_adjust_frame_parameters (struct frame *frame)

@@ -102,18 +96,19 @@ void lzo_adjust_frame_parameters (struct frame *frame)

 }

 void

-lzo_compress_init (struct lzo_compress_workspace *lzowork, bool adaptive)

+lzo_compress_init (struct lzo_compress_workspace *lzowork, unsigned int flags)

 {

   CLEAR (*lzowork);

   lzowork->wmem_size = LZO_WORKSPACE;

-  lzowork->ac.enabled = adaptive;

+  lzowork->flags = flags;

   if (lzo_init () != LZO_E_OK)

     msg (M_FATAL, "Cannot initialize LZO compression library");

   lzowork->wmem = (lzo_voidp) lzo_malloc (lzowork->wmem_size);

   check_malloc_return (lzowork->wmem);

   msg (M_INFO, "LZO compression initialized");

+  lzowork->defined = true;

 }

 void

@@ -121,9 +116,24 @@ lzo_compress_uninit (struct lzo_compress_workspace *lzowork)

 {

   if (lzowork)

     {

+      ASSERT (lzowork->defined);

       lzo_free (lzowork->wmem);

       lzowork->wmem = NULL;

+      lzowork->defined = false;

+    }

+}

+

+static inline bool

+lzo_compression_enabled (struct lzo_compress_workspace *lzowork)

+{

+  if ((lzowork->flags & (LZO_SELECTED|LZO_ON)) == (LZO_SELECTED|LZO_ON))

+    {

+      if (lzowork->flags & LZO_ADAPTIVE)

+	return lzo_adaptive_compress_test (&lzowork->ac);

+      else

+	return true;

     }

+  return false;

 }

 /* Magic numbers to tell our peer if we compressed or not */

@@ -139,6 +149,8 @@ lzo_compress (struct buffer *buf, struct buffer work,

   int err;

   bool compressed = false;

+  ASSERT (lzowork->defined);

+

   if (buf->len <= 0)

     return;

@@ -146,7 +158,7 @@ lzo_compress (struct buffer *buf, struct buffer work,

    * In order to attempt compression, length must be at least COMPRESS_THRESHOLD,

    * and our adaptive level must give the OK.

    */

-  if (buf->len >= COMPRESS_THRESHOLD && lzo_adaptive_compress_test (&lzowork->ac))

+  if (buf->len >= COMPRESS_THRESHOLD && lzo_compression_enabled (lzowork))

     {

       ASSERT (buf_init (&work, FRAME_HEADROOM (frame)));

       ASSERT (buf_safe (&work, LZO_EXTRA_BUFFER (PAYLOAD_SIZE (frame))));

@@ -169,7 +181,8 @@ lzo_compress (struct buffer *buf, struct buffer work,

       lzowork->post_compress += work.len;

       /* tell adaptive level about our success or lack thereof in getting any size reduction */

-      lzo_adaptive_compress_data(&lzowork->ac, buf->len, work.len);

+      if (lzowork->flags & LZO_ADAPTIVE)

+	lzo_adaptive_compress_data (&lzowork->ac, buf->len, work.len);

     }

   /* did compression save us anything ? */

@@ -195,6 +208,8 @@ lzo_decompress (struct buffer *buf, struct buffer work,

   uint8_t c;		/* flag indicating whether or not our peer compressed */

   int err;

+  ASSERT (lzowork->defined);

+

   if (buf->len <= 0)

     return;

@@ -235,11 +250,20 @@ lzo_decompress (struct buffer *buf, struct buffer work,

     }

 }

+void

+lzo_modify_flags (struct lzo_compress_workspace *lzowork, unsigned int flags)

+{

+  ASSERT (lzowork->defined);

+  lzowork->flags = flags;

+}

+

 /*

  * Print statistics

  */

 void lzo_print_stats (const struct lzo_compress_workspace *lzo_compwork, struct status_output *so)

 {

+  ASSERT (lzo_compwork->defined);

+

   status_printf (so, "pre-compress bytes," counter_format, lzo_compwork->pre_compress);

   status_printf (so, "post-compress bytes," counter_format, lzo_compwork->post_compress);

   status_printf (so, "pre-decompress bytes," counter_format, lzo_compwork->pre_decompress);

@@ -22,6 +22,9 @@

  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

  */

+#ifndef OPENVPN_LZO_H

+#define OPENVPN_LZO_H

+

 #ifdef USE_LZO

 #ifdef LZO_HEADER_DIR

@@ -37,6 +40,11 @@

 #include "common.h"

 #include "status.h"

+/* LZO flags */

+#define LZO_SELECTED   (1<<0)

+#define LZO_ON         (1<<1)

+#define LZO_ADAPTIVE   (1<<2)  

+

 /*

  * Use LZO compress routine lzo1x_1_15_compress which is described

  * as faster but needs a bit more memory than the standard routine.

@@ -74,7 +82,6 @@

 				 retest for n seconds */

 struct lzo_adaptive_compress {

-  bool enabled;

   bool compress_state;

   time_t next;

   int n_total;

@@ -90,6 +97,8 @@ struct lzo_compress_workspace

   lzo_voidp wmem;

   int wmem_size;

   struct lzo_adaptive_compress ac;

+  unsigned int flags;

+  bool defined;

   /* statistics */

   counter_type pre_decompress;

@@ -100,10 +109,12 @@ struct lzo_compress_workspace

 void lzo_adjust_frame_parameters(struct frame *frame);

-void lzo_compress_init (struct lzo_compress_workspace *lzowork, bool adaptive);

+void lzo_compress_init (struct lzo_compress_workspace *lzowork, unsigned int flags);

 void lzo_compress_uninit (struct lzo_compress_workspace *lzowork);

+void lzo_modify_flags (struct lzo_compress_workspace *lzowork, unsigned int flags);

+

 void lzo_compress (struct buffer *buf, struct buffer work,

 		   struct lzo_compress_workspace *lzowork,

 		   const struct frame* frame);

@@ -114,4 +125,12 @@ void lzo_decompress (struct buffer *buf, struct buffer work,

 void lzo_print_stats (const struct lzo_compress_workspace *lzo_compwork, struct status_output *so);

+static inline bool

+lzo_defined (const struct lzo_compress_workspace *lzowork)

+{

+  return lzowork->defined;

+}

+

+

 #endif /* USE_LZO */

+#endif

@@ -1284,7 +1284,8 @@ multi_connection_established (struct multi_context *m, struct multi_instance *mi

     {

       struct gc_arena gc = gc_new ();

       unsigned int option_types_found = 0;

-      const unsigned int option_permissions_mask = OPT_P_INSTANCE|OPT_P_INHERIT|OPT_P_PUSH|OPT_P_TIMER|OPT_P_CONFIG|OPT_P_ECHO;

+      const unsigned int option_permissions_mask =

+	OPT_P_INSTANCE|OPT_P_INHERIT|OPT_P_PUSH|OPT_P_TIMER|OPT_P_CONFIG|OPT_P_ECHO|OPT_P_COMP;

       int cc_succeeded = true; /* client connect script status */

       int cc_succeeded_count = 0;

@@ -560,9 +560,6 @@ init_options (struct options *o)

   o->rcvbuf = 65536;

   o->sndbuf = 65536;

 #endif

-#ifdef USE_LZO

-  o->comp_lzo_adaptive = true;

-#endif

 #ifdef TARGET_LINUX

   o->tuntap_options.txqueuelen = 100;

 #endif

@@ -1062,8 +1059,7 @@ show_settings (const struct options *o)

   SHOW_BOOL (fast_io);

 #ifdef USE_LZO

-  SHOW_BOOL (comp_lzo);

-  SHOW_BOOL (comp_lzo_adaptive);

+  SHOW_INT (lzo);

 #endif

   SHOW_STR (route_script);

@@ -1833,7 +1829,7 @@ options_string (const struct options *o,

     }

 #ifdef USE_LZO

-  if (o->comp_lzo)

+  if (o->lzo & LZO_SELECTED)

     buf_printf (&out, ",comp-lzo");

 #endif

@@ -4318,12 +4314,28 @@ add_option (struct options *options,

   else if (streq (p[0], "comp-lzo"))

     {

       VERIFY_PERMISSION (OPT_P_COMP);

-      options->comp_lzo = true;

+      if (p[1])

+	{

+	  ++i;

+	  if (streq (p[1], "yes"))

+	    options->lzo = LZO_SELECTED|LZO_ON;

+	  else if (streq (p[1], "no"))

+	    options->lzo = LZO_SELECTED;

+	  else if (streq (p[1], "adaptive"))

+	    options->lzo = LZO_SELECTED|LZO_ON|LZO_ADAPTIVE;

+	  else

+	    {

+	      msg (msglevel, "bad comp-lzo option: %s -- must be 'yes', 'no', or 'adaptive'", p[1]);

+	      goto err;

+	    }

+	}

+      else

+	options->lzo = LZO_SELECTED|LZO_ON|LZO_ADAPTIVE;

     }

   else if (streq (p[0], "comp-noadapt"))

     {

       VERIFY_PERMISSION (OPT_P_COMP);

-      options->comp_lzo_adaptive = false;

+      options->lzo &= ~LZO_ADAPTIVE;

     }

 #endif /* USE_LZO */

 #ifdef USE_CRYPTO

@@ -39,6 +39,7 @@

 #include "plugin.h"

 #include "manage.h"

 #include "proxy.h"

+#include "lzo.h"

 /*

  * Maximum number of parameters associated with an option,

@@ -224,8 +225,8 @@ struct options

   bool fast_io;

 #ifdef USE_LZO

-  bool comp_lzo;

-  bool comp_lzo_adaptive;

+  /* LZO_x flags from lzo.h */

+  unsigned int lzo;

 #endif

   /* buffer sizes */

@@ -239,7 +239,7 @@ print_status (const struct context *c, struct status_output *so)

   status_printf (so, "TCP/UDP write bytes," counter_format, c->c2.link_write_bytes);

   status_printf (so, "Auth read bytes," counter_format, c->c2.link_read_bytes_auth);

 #ifdef USE_LZO

-  if (c->options.comp_lzo)

+  if (lzo_defined (&c->c2.lzo_compwork))

     lzo_print_stats (&c->c2.lzo_compwork, so);

 #endif

 #ifdef PACKET_TRUNCATION_CHECK