diff options
author | Arne Schwabe | 2021-03-24 23:08:53 +0100 |
---|---|---|
committer | Gert Doering | 2021-04-02 14:49:39 +0200 |
commit | 8fa8a17528c001abc7d5f45e9c2ffa3ed2f6af43 (patch) | |
tree | e1a4b0d3ac8b44f84bd86dbb1be689c3398407b7 /tests | |
parent | 72e1ecb5b5d282c591cc32bbd378efbebfb03918 (diff) | |
download | openvpn-8fa8a17528c001abc7d5f45e9c2ffa3ed2f6af43.zip openvpn-8fa8a17528c001abc7d5f45e9c2ffa3ed2f6af43.tar.gz |
Implement '--compress migrate' to migrate to non-compression setup
This option allow migration to a non compression server config while
still retraining compatibility with client that have a compression
setting in their config.
For existing setups that used to have comp-lzo no or another
compression setting in their configs it is a difficult to migrate to
a setup without compression without replacing all client configs at
once especially if OpenVPN 2.3 or earlier clients are in the mix that
do not support pushing stub-v2. Even with OpenVPN 2.4 and later clients
that support pushing this is not a satisfying solution as the clients
log occ mismatches and the "push stub-v2" needs to be in the server
config "forever".
If the new migrate option to compress is set and a client is detected
that indicates that compression is used (via OCC), the server will
automatically add ``--push compress stub-v2`` to the client specific
configuration if stub-v2 is supported by the client and otherwise
switch to ``comp-lzo no`` and add ``--push comp-lzo`` to the client
specific configuration.
Patch v2: better commit message/man page, add USE_COMP ifdefs, various
style fixes
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20210324220853.31246-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21801.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/unit_tests/openvpn/Makefile.am | 13 | ||||
-rw-r--r-- | tests/unit_tests/openvpn/test_misc.c | 83 |
2 files changed, 95 insertions, 1 deletions
diff --git a/tests/unit_tests/openvpn/Makefile.am b/tests/unit_tests/openvpn/Makefile.am index 50f3a02..44b77cc 100644 --- a/tests/unit_tests/openvpn/Makefile.am +++ b/tests/unit_tests/openvpn/Makefile.am @@ -6,7 +6,7 @@ if HAVE_LD_WRAP_SUPPORT test_binaries += argv_testdriver buffer_testdriver endif -test_binaries += crypto_testdriver packet_id_testdriver auth_token_testdriver ncp_testdriver +test_binaries += crypto_testdriver packet_id_testdriver auth_token_testdriver ncp_testdriver misc_testdriver if HAVE_LD_WRAP_SUPPORT test_binaries += tls_crypt_testdriver endif @@ -127,3 +127,14 @@ ncp_testdriver_SOURCES = test_ncp.c mock_msg.c \ $(openvpn_srcdir)/packet_id.c \ $(openvpn_srcdir)/platform.c \ $(openvpn_srcdir)/ssl_util.c + +misc_testdriver_CFLAGS = @TEST_CFLAGS@ \ + -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) + +misc_testdriver_LDFLAGS = @TEST_LDFLAGS@ + +misc_testdriver_SOURCES = test_misc.c mock_msg.c \ + mock_get_random.c \ + $(openvpn_srcdir)/buffer.c \ + $(openvpn_srcdir)/ssl_util.c \ + $(openvpn_srcdir)/platform.c
\ No newline at end of file diff --git a/tests/unit_tests/openvpn/test_misc.c b/tests/unit_tests/openvpn/test_misc.c new file mode 100644 index 0000000..15f6cbf --- /dev/null +++ b/tests/unit_tests/openvpn/test_misc.c @@ -0,0 +1,83 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2021 Arne Schwabe <arne@rfc2549.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif + +#include "syshead.h" + +#include <stdio.h> +#include <unistd.h> +#include <stdlib.h> +#include <stdarg.h> +#include <string.h> +#include <setjmp.h> +#include <cmocka.h> + +#include "ssl_util.h" + +static void +test_compat_lzo_string(void **state) +{ + struct gc_arena gc = gc_new(); + + const char* input = "V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,auth SHA1,keysize 128,key-method 2,tls-server"; + + const char* output = options_string_compat_lzo(input, &gc); + + assert_string_equal(output, "V4,dev-type tun,link-mtu 1458,tun-mtu 1400,proto UDPv4,auth SHA1,keysize 128,key-method 2,tls-server,comp-lzo"); + + /* This string is has a much too small link-mtu so we should fail on it" */ + input = "V4,dev-type tun,link-mtu 2,tun-mtu 1400,proto UDPv4,auth SHA1,keysize 128,key-method 2,tls-server"; + + output = options_string_compat_lzo(input, &gc); + + assert_string_equal(input, output); + + /* not matching at all */ + input = "V4,dev-type tun"; + output = options_string_compat_lzo(input, &gc); + + assert_string_equal(input, output); + + + input = "V4,dev-type tun,link-mtu 999,tun-mtu 1400,proto UDPv4,auth SHA1,keysize 128,key-method 2,tls-server"; + output = options_string_compat_lzo(input, &gc); + + /* 999 -> 1000, 3 to 4 chars */ + assert_string_equal(output, "V4,dev-type tun,link-mtu 1000,tun-mtu 1400,proto UDPv4,auth SHA1,keysize 128,key-method 2,tls-server,comp-lzo"); + +}; + +const struct CMUnitTest misc_tests[] = { + cmocka_unit_test(test_compat_lzo_string), +}; + +int +main(void) +{ + return cmocka_run_group_tests(misc_tests, NULL, NULL); +} |