diff --git a/NEWS b/NEWS index 09baa304..e04cac2a 100644 --- a/NEWS +++ b/NEWS @@ -12,7 +12,8 @@ container. This can be disabled at compile time using --disable-linux-namespaces. - Configuration option 'use-seccomp' was replaced by 'isolate-workers', which in addition to seccomp it enables the Linux namespaces restrictions. -- Added support for stateless compression using LZ4 and LZS. +- Added support for stateless compression using LZ4 and LZS. This + is disabled by default. * Version 0.8.9 (released 2014-12-10) diff --git a/doc/sample.config b/doc/sample.config index 2366dc94..3797a2d9 100644 --- a/doc/sample.config +++ b/doc/sample.config @@ -139,8 +139,8 @@ server-key = ../tests/server-key.pem # The revocation list of the certificates issued by the 'ca-cert' above. #crl = /path/to/crl.pem -# Uncomment this to disable compression negotiation. -#disable-compression = true +# Uncomment this to enable compression negotiation. +#compression = true # Set the minimum size under which a packet will not be compressed. # That is to allow low-latency for VoIP packets. The default size diff --git a/src/config.c b/src/config.c index aaf3011f..a5f53243 100644 --- a/src/config.c +++ b/src/config.c @@ -64,7 +64,7 @@ static struct cfg_options available_options[] = { { .name = "split-dns", .type = OPTION_MULTI_LINE, .mandatory = 0 }, { .name = "listen-host", .type = OPTION_STRING, .mandatory = 0 }, { .name = "listen-host-is-dyndns", .type = OPTION_BOOLEAN, .mandatory = 0 }, - { .name = "disable-compression", .type = OPTION_BOOLEAN, .mandatory = 0 }, + { .name = "compression", .type = OPTION_BOOLEAN, .mandatory = 0 }, { .name = "no-compress-limit", .type = OPTION_NUMERIC, .mandatory = 0 }, { .name = "tcp-port", .type = OPTION_NUMERIC, .mandatory = 0 }, { .name = "udp-port", .type = OPTION_NUMERIC, .mandatory = 0 }, @@ -572,8 +572,10 @@ unsigned force_cert_auth; config->cisco_client_compat = 1; } - READ_TF("disable-compression", config->disable_compression, 0); + READ_TF("compression", config->enable_compression, 0); READ_NUMERIC("no-compress-limit", config->no_compress_limit); + if (config->no_compress_limit == 0) + config->no_compress_limit = DEFAULT_NO_COMPRESS_LIMIT; if (config->no_compress_limit < MIN_NO_COMPRESS_LIMIT) config->no_compress_limit = MIN_NO_COMPRESS_LIMIT; diff --git a/src/ocserv-args.def b/src/ocserv-args.def index 09174de5..040a82d0 100644 --- a/src/ocserv-args.def +++ b/src/ocserv-args.def @@ -226,8 +226,8 @@ server-key = /path/to/key.pem # See the manual to generate an empty CRL initially. #crl = /path/to/crl.pem -# Uncomment this to disable compression negotiation. -#disable-compression = true +# Uncomment this to enable compression negotiation (LZS, LZ4). +#compression = true # Set the minimum size under which a packet will not be compressed. # That is to allow low-latency for VoIP packets. The default size diff --git a/src/vpn.h b/src/vpn.h index 7c83f713..4bb68060 100644 --- a/src/vpn.h +++ b/src/vpn.h @@ -56,7 +56,8 @@ typedef enum { OC_COMP_LZS, } comp_type_t; -#define MIN_NO_COMPRESS_LIMIT 256 +#define MIN_NO_COMPRESS_LIMIT 64 +#define DEFAULT_NO_COMPRESS_LIMIT 256 #define DEBUG_BASIC 1 #define DEBUG_HTTP 2 @@ -220,7 +221,7 @@ struct cfg_st { char *auth_additional; /* the additional string specified in the auth methode */ gnutls_certificate_request_t cert_req; char *priorities; - unsigned disable_compression; + unsigned enable_compression; unsigned no_compress_limit; /* under this size (in bytes) of data there will be no compression */ char *chroot_dir; /* where the xml files are served from */ char *banner; diff --git a/src/worker-extras.c b/src/worker-extras.c index 4dfb2d01..99c9f8e2 100644 --- a/src/worker-extras.c +++ b/src/worker-extras.c @@ -439,7 +439,7 @@ void header_value_check(struct worker_st *ws, struct http_req_st *req) break; case HEADER_DTLS_ENCODING: - if (ws->config->disable_compression) + if (ws->config->enable_compression == 0) break; ws->dtls_selected_comp = NULL; @@ -465,7 +465,7 @@ void header_value_check(struct worker_st *ws, struct http_req_st *req) break; case HEADER_CSTP_ENCODING: - if (ws->config->disable_compression) + if (ws->config->enable_compression == 0) break; ws->cstp_selected_comp = NULL;