[NetworkManager-openvpn: 3/8] service: support compress option



commit 88c55b9c93290fd00f8fb679030d8794c2e5c81a
Author: Lubomir Rintel <lkundrak v3 sk>
Date:   Thu Jul 12 21:44:51 2018 +0200

    service: support compress option
    
    It's replacing --comp-lzo in from 2.4 on.
    
    Co-authored-by: Beniamino Galvani <bgalvani redhat com>

 shared/nm-service-defines.h |  2 ++
 shared/utils.c              | 49 ++++++++++++++++++++++++++++++++++++++++
 shared/utils.h              | 15 +++++++++++++
 src/nm-openvpn-service.c    | 55 ++++++++++++++++++++++++++++++++++++---------
 4 files changed, 111 insertions(+), 10 deletions(-)
---
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index 8e4b513..b66523c 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -33,6 +33,7 @@
 #define NM_OPENVPN_KEY_CA                        "ca"
 #define NM_OPENVPN_KEY_CERT                      "cert"
 #define NM_OPENVPN_KEY_CIPHER                    "cipher"
+#define NM_OPENVPN_KEY_COMPRESS                  "compress"
 #define NM_OPENVPN_KEY_COMP_LZO                  "comp-lzo"
 #define NM_OPENVPN_KEY_CONNECTION_TYPE           "connection-type"
 #define NM_OPENVPN_KEY_CONNECT_TIMEOUT           "connect-timeout"
@@ -89,6 +90,7 @@
 #define NM_OPENVPN_KEY_CERTPASS_FLAGS            "cert-pass-flags"
 #define NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD_FLAGS "http-proxy-password-flags"
 
+
 /* Internal auth-dialog -> service token indicating that no secrets are
  * required for the connection.
  */
diff --git a/shared/utils.c b/shared/utils.c
index 8d8b718..10c1f38 100644
--- a/shared/utils.c
+++ b/shared/utils.c
@@ -113,6 +113,55 @@ _is_inet6_addr (const char *str, gboolean with_square_brackets)
        return inet_pton (AF_INET6, str, &a) == 1;
 }
 
+NMOvpnComp
+nmovpn_compression_from_options (const char *comp_lzo, const char *compress)
+{
+       if (nm_streq0 (compress, "lzo"))
+               return NMOVPN_COMP_LZO;
+       if (nm_streq0 (compress, "lz4"))
+               return NMOVPN_COMP_LZ4;
+       if (nm_streq0 (compress, "yes"))
+               return NMOVPN_COMP_AUTO;
+
+       if (nm_streq0 (comp_lzo, "yes"))
+               return NMOVPN_COMP_LZO;
+       if (nm_streq0 (comp_lzo, "no-by-default"))
+               return NMOVPN_COMP_LEGACY_LZO_DISABLED;
+       if (nm_streq0 (comp_lzo, "adaptive"))
+               return NMOVPN_COMP_LEGACY_LZO_ADAPTIVE;
+
+       return NMOVPN_COMP_DISABLED;
+}
+
+void
+nmovpn_compression_to_options (NMOvpnComp comp,
+                               const char **comp_lzo,
+                               const char **compress)
+{
+       NM_SET_OUT (comp_lzo, NULL);
+       NM_SET_OUT (compress, NULL);
+
+       switch (comp) {
+       case NMOVPN_COMP_DISABLED:
+               break;
+       case NMOVPN_COMP_LZO:
+               NM_SET_OUT (compress, "lzo");
+               break;
+       case NMOVPN_COMP_LZ4:
+               NM_SET_OUT (compress, "lz4");
+               break;
+       case NMOVPN_COMP_AUTO:
+               NM_SET_OUT (compress, "yes");
+               break;
+       case NMOVPN_COMP_LEGACY_LZO_DISABLED:
+               NM_SET_OUT (comp_lzo, "no-by-default");
+               break;
+       case NMOVPN_COMP_LEGACY_LZO_ADAPTIVE:
+               NM_SET_OUT (comp_lzo, "adaptive");
+               break;
+       }
+}
+
 /**
  * nmovpn_remote_parse:
  * @str: the input string to be split. It is modified inplace.
diff --git a/shared/utils.h b/shared/utils.h
index 662ca27..3373658 100644
--- a/shared/utils.h
+++ b/shared/utils.h
@@ -84,6 +84,15 @@
 #define NMV_OVPN_TAG_USER               "user"
 #define NMV_OVPN_TAG_VERIFY_X509_NAME   "verify-x509-name"
 
+typedef enum {
+       NMOVPN_COMP_DISABLED,             /* no option */
+       NMOVPN_COMP_LZO,                  /* "--compress lzo" or "--comp-lzo yes" */
+       NMOVPN_COMP_LZ4,                  /* "--compress lz4" */
+       NMOVPN_COMP_AUTO,                 /* "--compress" */
+       NMOVPN_COMP_LEGACY_LZO_DISABLED,  /* "--comp-lzo no" */
+       NMOVPN_COMP_LEGACY_LZO_ADAPTIVE,  /* "--comp-lzo [adaptive]" */
+} NMOvpnComp;
+
 gboolean is_pkcs12 (const char *filepath);
 
 gboolean is_encrypted (const char *filename);
@@ -112,4 +121,10 @@ nmovpn_arg_is_set (const char *value)
        return (value && value[0]) ? value : NULL;
 }
 
+NMOvpnComp nmovpn_compression_from_options (const char *comp_lzo,
+                                            const char *compress);
+void nmovpn_compression_to_options (NMOvpnComp comp,
+                                    const char **comp_lzo,
+                                    const char **compress);
+
 #endif  /* UTILS_H */
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 85249e7..10c3a61 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -143,6 +143,7 @@ static const ValidProperty valid_properties[] = {
        { NM_OPENVPN_KEY_CERT,                      G_TYPE_STRING, 0, 0, FALSE },
        { NM_OPENVPN_KEY_CIPHER,                    G_TYPE_STRING, 0, 0, FALSE },
        { NM_OPENVPN_KEY_KEYSIZE,                   G_TYPE_INT, 1, 65535, FALSE },
+       { NM_OPENVPN_KEY_COMPRESS,                  G_TYPE_STRING, 0, 0, FALSE },
        { NM_OPENVPN_KEY_COMP_LZO,                  G_TYPE_STRING, 0, 0, FALSE },
        { NM_OPENVPN_KEY_CONNECT_TIMEOUT,           G_TYPE_INT, 0, G_MAXINT, FALSE },
        { NM_OPENVPN_KEY_CONNECTION_TYPE,           G_TYPE_STRING, 0, 0, FALSE },
@@ -1319,6 +1320,7 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
        GPid pid;
        gboolean dev_type_is_tap;
        const char *defport, *proto_tcp;
+       const char *compress;
        const char *tls_remote = NULL;
        const char *nm_openvpn_user, *nm_openvpn_group, *nm_openvpn_chroot;
        gs_free char *bus_name = NULL;
@@ -1328,6 +1330,7 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
        OpenvpnBinaryVersion openvpn_binary_version = OPENVPN_BINARY_VERSION_INVALID;
        guint num_remotes = 0;
        gs_free char *cmd_log = NULL;
+       NMOvpnComp comp;
 
        s_vpn = nm_connection_get_setting_vpn (connection);
        if (!s_vpn) {
@@ -1474,8 +1477,6 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
                }
        }
 
-       tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_COMP_LZO);
-
        /* openvpn understands 4 different modes for --comp-lzo, which have
         * different meaning:
         *  1) no --comp-lzo option
@@ -1493,14 +1494,48 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
         *
         * See bgo#769177
         */
-       if (NM_IN_STRSET (tmp, "no")) {
-               /* means no --comp-lzo option. */
-               tmp = NULL;
-       } else if (NM_IN_STRSET (tmp, "no-by-default"))
-               tmp = "no";
-
-       if (NM_IN_STRSET (tmp, "yes", "no", "adaptive"))
-               args_add_strv (args, "--comp-lzo", tmp);
+
+       /* New (2.4+) compress option ("lz4", "lzo", ...) */
+       compress = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_COMPRESS);
+       /* Legacy option ("yes", "adaptive", "no", ...) */
+       tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_COMP_LZO);
+
+       if (compress && tmp)
+               _LOGW ("'compress' option overrides 'comp-lzo'");
+
+       comp = nmovpn_compression_from_options (tmp, compress);
+       openvpn_binary_detect_version_cached (openvpn_binary, &openvpn_binary_version);
+
+       switch (comp) {
+       case NMOVPN_COMP_DISABLED:
+               break;
+       case NMOVPN_COMP_LZO:
+               if (openvpn_binary_version == OPENVPN_BINARY_VERSION_2_4_OR_NEWER)
+                       args_add_strv (args, "--compress", "lzo");
+               else
+                       args_add_strv (args, "--comp-lzo", "yes");
+               break;
+       case NMOVPN_COMP_LZ4:
+       case NMOVPN_COMP_AUTO:
+               if (openvpn_binary_version != OPENVPN_BINARY_VERSION_2_4_OR_NEWER)
+                       _LOGW ("\"compress\" option supported only by OpenVPN >= 2.4");
+
+               if (comp == NMOVPN_COMP_LZ4)
+                       args_add_strv (args, "--compress", "lz4");
+               else
+                       args_add_strv (args, "--compress");
+               break;
+       case NMOVPN_COMP_LEGACY_LZO_DISABLED:
+       case NMOVPN_COMP_LEGACY_LZO_ADAPTIVE:
+               if (openvpn_binary_version == OPENVPN_BINARY_VERSION_2_4_OR_NEWER)
+                       _LOGW ("\"comp-lzo\" is deprecated and will be removed in future OpenVPN releases");
+
+               args_add_strv (args, "--comp-lzo",
+                                 comp == NMOVPN_COMP_LEGACY_LZO_DISABLED
+                              ? "no"
+                              : "adaptive");
+               break;
+       }
 
        tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_FLOAT);
        if (nm_streq0 (tmp, "yes"))


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]