@@ -7,9 +7,12 @@ $Id$

 * Allow blank passwords to be passed via the management

   interface.

+* Fixed bug where "make check" inside a FreeBSD "jail"

+  would never complete (Matthias Andree).

 * Fixed bug where --server directive in --dev tap mode

   claimed that it would support subnets of /30 or less

   but actually would only accept /29 or less.

+* Extend byte counters to 64 bits (M. van Cuijk).

 * Fixed bug in Linux get_default_gateway function

   introduced in 2.0.4, which would cause redirect-gateway

   on Linux clients to fail.

@@ -28,7 +28,7 @@

 /*

  * Statistics counters.

  */

-typedef unsigned long counter_type;

+typedef unsigned long long int counter_type;

 /*

  * Time intervals

@@ -43,7 +43,7 @@ typedef int interval_t;

 /*

  * Printf formats for special types

  */

-#define counter_format          "%lu"

+#define counter_format          "%llu"

 #define ptr_format              "0x%08lx"

 #define time_format             "%lu"

 #define fragment_header_format  "0x%08x"

@@ -25,7 +25,7 @@ dnl Process this file with autoconf to produce a configure script.

 AC_PREREQ(2.50)

-AC_INIT([OpenVPN], [2.1_beta6], [openvpn-users@lists.sourceforge.net], [openvpn])

+AC_INIT([OpenVPN], [2.1_beta5], [openvpn-users@lists.sourceforge.net], [openvpn])

 AM_CONFIG_HEADER(config.h)

 AC_CONFIG_SRCDIR(syshead.h)

@@ -843,6 +843,14 @@ manage_env (char *str)

 /* add/modify/delete environmental strings */

 void

+setenv_counter (struct env_set *es, const char *name, counter_type value)

+{

+  char buf[64];

+  openvpn_snprintf (buf, sizeof(buf), counter_format, value);

+  setenv_str (es, name, buf);

+}

+

+void

 setenv_int (struct env_set *es, const char *name, int value)

 {

   char buf[64];

@@ -158,6 +158,7 @@ void setenv_str_ex (struct env_set *es,

 		    const unsigned int value_exclude,

 		    const char value_replace);

+void setenv_counter (struct env_set *es, const char *name, counter_type value);

 void setenv_int (struct env_set *es, const char *name, int value);

 void setenv_str (struct env_set *es, const char *name, const char *value);

 void setenv_del (struct env_set *es, const char *name);

@@ -404,8 +404,8 @@ multi_client_disconnect_setenv (struct multi_context *m,

   setenv_trusted (mi->context.c2.es, get_link_socket_info (&mi->context));

   /* setenv stats */

-  setenv_int (mi->context.c2.es, "bytes_received", mi->context.c2.link_read_bytes);

-  setenv_int (mi->context.c2.es, "bytes_sent", mi->context.c2.link_write_bytes);

+  setenv_counter (mi->context.c2.es, "bytes_received", mi->context.c2.link_read_bytes);

+  setenv_counter (mi->context.c2.es, "bytes_sent", mi->context.c2.link_write_bytes);

 }

@@ -161,13 +161,16 @@ check_send_occ_req_dowork (struct context *c)

 	 * Give up.

 	 */

 	msg (D_SHOW_OCC,

-	     "NOTE: failed to obtain options consistency info from peer -- this could occur if the remote peer is running a version of "

+	     "NOTE: failed to obtain options consistency info from peer -- "

+	     "this could occur if the remote peer is running a version of "

 	     PACKAGE_NAME

 	     " before 1.5-beta8 or if there is a network connectivity problem, and will not necessarily prevent "

 	     PACKAGE_NAME

-	     " from running (%u bytes received from peer, %u bytes authenticated data channel traffic) -- you can disable the options consistency check with --disable-occ.",

-	     (unsigned int) c->c2.link_read_bytes,

-	     (unsigned int) c->c2.link_read_bytes_auth);

+             " from running (" counter_format " bytes received from peer, " counter_format

+	     " bytes authenticated data channel traffic) -- you can disable the options consistency "

+	     "check with --disable-occ.",

+             c->c2.link_read_bytes,

+             c->c2.link_read_bytes_auth);

       event_timeout_clear (&c->c2.occ_interval);

     }

   else

@@ -587,6 +587,15 @@ socket_do_accept (socket_descriptor_t sd,

       new_sd = accept (sd, (struct sockaddr *) &act->dest.sa, &remote_len);

     }

+#if 0 /* For debugging only, test the effect of accept() failures */

+ {

+   static int foo = 0;

+   ++foo;

+   if (foo & 1)

+     new_sd = -1;

+ }

+#endif

+

   if (!socket_defined (new_sd))

     {

       msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: accept(%d) failed", sd);

@@ -20,19 +20,33 @@

 set -e

 echo "the following test will run about two minutes..." >&2

-trap "rm -f log.$$ ; false" 1 2 3 15

+trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15

+trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3

+addopts=

+case `uname -s` in

+    FreeBSD)

+    # FreeBSD jails map the outgoing IP to the jail IP - we need to

+    # allow the real IP unless we want the test to run forever.

+    if test `sysctl -n security.jail.jailed` != 0 ; then

+	addopts="--float"

+    fi

+    ;;

+esac

 set +e

 (

-./openvpn --cd "${srcdir}" --config sample-config-files/loopback-server &

-./openvpn --cd "${srcdir}" --config sample-config-files/loopback-client

-) >log.$$ 2>&1

+./openvpn --cd "${srcdir}" ${addopts} --down 'echo "srv:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-server &

+./openvpn --cd "${srcdir}" ${addopts} --down 'echo "clt:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-client

+) 3>log.$$.signal >log.$$ 2>&1

 e1=$?

 wait $!

 e2=$?

+grep -v ":inactive$" log.$$.signal >/dev/null && { cat log.$$.signal ; echo ; cat log.$$ ; exit 1 ; }

+

 set -e

 if [ $e1 != 0 ] || [ $e2 != 0 ] ; then

     cat log.$$

     exit 1

 fi

-rm log.$$

+rm log.$$ log.$$.signal

+trap 0

@@ -19,11 +19,13 @@

 # 02110-1301, USA.

 set -e

-trap "rm -f key.$$ log.$$ ; false" 1 2 3 15

+trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15

+trap "rm -f key.$$ log.$$ ; exit 1" 0 3

 ./openvpn --genkey --secret key.$$

 set +e

 ( ./openvpn --test-crypto --secret key.$$ ) >log.$$ 2>&1

 e=$?

 if [ $e != 0 ] ; then cat log.$$ ; fi

-rm key.$$

+rm key.$$ log.$$

+trap 0

 exit $e