[NetworkManager-openvpn: 3/8] service: support compress option
- From: Beniamino Galvani <bgalvani src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [NetworkManager-openvpn: 3/8] service: support compress option
- Date: Thu, 27 Feb 2020 21:26:06 +0000 (UTC)
commit 88c55b9c93290fd00f8fb679030d8794c2e5c81a
Author: Lubomir Rintel <lkundrak v3 sk>
Date: Thu Jul 12 21:44:51 2018 +0200
service: support compress option
It's replacing --comp-lzo in from 2.4 on.
Co-authored-by: Beniamino Galvani <bgalvani redhat com>
shared/nm-service-defines.h | 2 ++
shared/utils.c | 49 ++++++++++++++++++++++++++++++++++++++++
shared/utils.h | 15 +++++++++++++
src/nm-openvpn-service.c | 55 ++++++++++++++++++++++++++++++++++++---------
4 files changed, 111 insertions(+), 10 deletions(-)
---
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index 8e4b513..b66523c 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -33,6 +33,7 @@
#define NM_OPENVPN_KEY_CA "ca"
#define NM_OPENVPN_KEY_CERT "cert"
#define NM_OPENVPN_KEY_CIPHER "cipher"
+#define NM_OPENVPN_KEY_COMPRESS "compress"
#define NM_OPENVPN_KEY_COMP_LZO "comp-lzo"
#define NM_OPENVPN_KEY_CONNECTION_TYPE "connection-type"
#define NM_OPENVPN_KEY_CONNECT_TIMEOUT "connect-timeout"
@@ -89,6 +90,7 @@
#define NM_OPENVPN_KEY_CERTPASS_FLAGS "cert-pass-flags"
#define NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD_FLAGS "http-proxy-password-flags"
+
/* Internal auth-dialog -> service token indicating that no secrets are
* required for the connection.
*/
diff --git a/shared/utils.c b/shared/utils.c
index 8d8b718..10c1f38 100644
--- a/shared/utils.c
+++ b/shared/utils.c
@@ -113,6 +113,55 @@ _is_inet6_addr (const char *str, gboolean with_square_brackets)
return inet_pton (AF_INET6, str, &a) == 1;
}
+NMOvpnComp
+nmovpn_compression_from_options (const char *comp_lzo, const char *compress)
+{
+ if (nm_streq0 (compress, "lzo"))
+ return NMOVPN_COMP_LZO;
+ if (nm_streq0 (compress, "lz4"))
+ return NMOVPN_COMP_LZ4;
+ if (nm_streq0 (compress, "yes"))
+ return NMOVPN_COMP_AUTO;
+
+ if (nm_streq0 (comp_lzo, "yes"))
+ return NMOVPN_COMP_LZO;
+ if (nm_streq0 (comp_lzo, "no-by-default"))
+ return NMOVPN_COMP_LEGACY_LZO_DISABLED;
+ if (nm_streq0 (comp_lzo, "adaptive"))
+ return NMOVPN_COMP_LEGACY_LZO_ADAPTIVE;
+
+ return NMOVPN_COMP_DISABLED;
+}
+
+void
+nmovpn_compression_to_options (NMOvpnComp comp,
+ const char **comp_lzo,
+ const char **compress)
+{
+ NM_SET_OUT (comp_lzo, NULL);
+ NM_SET_OUT (compress, NULL);
+
+ switch (comp) {
+ case NMOVPN_COMP_DISABLED:
+ break;
+ case NMOVPN_COMP_LZO:
+ NM_SET_OUT (compress, "lzo");
+ break;
+ case NMOVPN_COMP_LZ4:
+ NM_SET_OUT (compress, "lz4");
+ break;
+ case NMOVPN_COMP_AUTO:
+ NM_SET_OUT (compress, "yes");
+ break;
+ case NMOVPN_COMP_LEGACY_LZO_DISABLED:
+ NM_SET_OUT (comp_lzo, "no-by-default");
+ break;
+ case NMOVPN_COMP_LEGACY_LZO_ADAPTIVE:
+ NM_SET_OUT (comp_lzo, "adaptive");
+ break;
+ }
+}
+
/**
* nmovpn_remote_parse:
* @str: the input string to be split. It is modified inplace.
diff --git a/shared/utils.h b/shared/utils.h
index 662ca27..3373658 100644
--- a/shared/utils.h
+++ b/shared/utils.h
@@ -84,6 +84,15 @@
#define NMV_OVPN_TAG_USER "user"
#define NMV_OVPN_TAG_VERIFY_X509_NAME "verify-x509-name"
+typedef enum {
+ NMOVPN_COMP_DISABLED, /* no option */
+ NMOVPN_COMP_LZO, /* "--compress lzo" or "--comp-lzo yes" */
+ NMOVPN_COMP_LZ4, /* "--compress lz4" */
+ NMOVPN_COMP_AUTO, /* "--compress" */
+ NMOVPN_COMP_LEGACY_LZO_DISABLED, /* "--comp-lzo no" */
+ NMOVPN_COMP_LEGACY_LZO_ADAPTIVE, /* "--comp-lzo [adaptive]" */
+} NMOvpnComp;
+
gboolean is_pkcs12 (const char *filepath);
gboolean is_encrypted (const char *filename);
@@ -112,4 +121,10 @@ nmovpn_arg_is_set (const char *value)
return (value && value[0]) ? value : NULL;
}
+NMOvpnComp nmovpn_compression_from_options (const char *comp_lzo,
+ const char *compress);
+void nmovpn_compression_to_options (NMOvpnComp comp,
+ const char **comp_lzo,
+ const char **compress);
+
#endif /* UTILS_H */
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 85249e7..10c3a61 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -143,6 +143,7 @@ static const ValidProperty valid_properties[] = {
{ NM_OPENVPN_KEY_CERT, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_CIPHER, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_KEYSIZE, G_TYPE_INT, 1, 65535, FALSE },
+ { NM_OPENVPN_KEY_COMPRESS, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_COMP_LZO, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_CONNECT_TIMEOUT, G_TYPE_INT, 0, G_MAXINT, FALSE },
{ NM_OPENVPN_KEY_CONNECTION_TYPE, G_TYPE_STRING, 0, 0, FALSE },
@@ -1319,6 +1320,7 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
GPid pid;
gboolean dev_type_is_tap;
const char *defport, *proto_tcp;
+ const char *compress;
const char *tls_remote = NULL;
const char *nm_openvpn_user, *nm_openvpn_group, *nm_openvpn_chroot;
gs_free char *bus_name = NULL;
@@ -1328,6 +1330,7 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
OpenvpnBinaryVersion openvpn_binary_version = OPENVPN_BINARY_VERSION_INVALID;
guint num_remotes = 0;
gs_free char *cmd_log = NULL;
+ NMOvpnComp comp;
s_vpn = nm_connection_get_setting_vpn (connection);
if (!s_vpn) {
@@ -1474,8 +1477,6 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
}
}
- tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_COMP_LZO);
-
/* openvpn understands 4 different modes for --comp-lzo, which have
* different meaning:
* 1) no --comp-lzo option
@@ -1493,14 +1494,48 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
*
* See bgo#769177
*/
- if (NM_IN_STRSET (tmp, "no")) {
- /* means no --comp-lzo option. */
- tmp = NULL;
- } else if (NM_IN_STRSET (tmp, "no-by-default"))
- tmp = "no";
-
- if (NM_IN_STRSET (tmp, "yes", "no", "adaptive"))
- args_add_strv (args, "--comp-lzo", tmp);
+
+ /* New (2.4+) compress option ("lz4", "lzo", ...) */
+ compress = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_COMPRESS);
+ /* Legacy option ("yes", "adaptive", "no", ...) */
+ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_COMP_LZO);
+
+ if (compress && tmp)
+ _LOGW ("'compress' option overrides 'comp-lzo'");
+
+ comp = nmovpn_compression_from_options (tmp, compress);
+ openvpn_binary_detect_version_cached (openvpn_binary, &openvpn_binary_version);
+
+ switch (comp) {
+ case NMOVPN_COMP_DISABLED:
+ break;
+ case NMOVPN_COMP_LZO:
+ if (openvpn_binary_version == OPENVPN_BINARY_VERSION_2_4_OR_NEWER)
+ args_add_strv (args, "--compress", "lzo");
+ else
+ args_add_strv (args, "--comp-lzo", "yes");
+ break;
+ case NMOVPN_COMP_LZ4:
+ case NMOVPN_COMP_AUTO:
+ if (openvpn_binary_version != OPENVPN_BINARY_VERSION_2_4_OR_NEWER)
+ _LOGW ("\"compress\" option supported only by OpenVPN >= 2.4");
+
+ if (comp == NMOVPN_COMP_LZ4)
+ args_add_strv (args, "--compress", "lz4");
+ else
+ args_add_strv (args, "--compress");
+ break;
+ case NMOVPN_COMP_LEGACY_LZO_DISABLED:
+ case NMOVPN_COMP_LEGACY_LZO_ADAPTIVE:
+ if (openvpn_binary_version == OPENVPN_BINARY_VERSION_2_4_OR_NEWER)
+ _LOGW ("\"comp-lzo\" is deprecated and will be removed in future OpenVPN releases");
+
+ args_add_strv (args, "--comp-lzo",
+ comp == NMOVPN_COMP_LEGACY_LZO_DISABLED
+ ? "no"
+ : "adaptive");
+ break;
+ }
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_FLOAT);
if (nm_streq0 (tmp, "yes"))
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
