Merge pull request #2267 from SoftEtherVPN/dependabot/npm_and_yarn/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/fast-uri-3.1.2

Bump fast-uri from 3.1.0 to 3.1.2 in /developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package

.cirrus.yml

@@ -1,25 +0,0 @@
-FreeBSD_task:
-  matrix:
-    env:
-      SSL: openssl
-      OPENSSL_ROOT_DIR: /usr/local
-    env:
-      SSL: openssl36
-      OPENSSL_ROOT_DIR: /usr/local
-    env:
-      # base openssl
-      SSL:
-  matrix:
-    freebsd_instance:
-      image_family: freebsd-14-3
-  prepare_script:
-    - pkg install -y pkgconf cmake git libsodium cpu_features $SSL
-    - git submodule update --init --recursive
-  configure_script:
-    - CMAKE_FLAGS="-DUSE_SYSTEM_CPU_FEATURES=1" CFLAGS="-I/usr/local/include/cpu_features" ./configure
-  build_script:
-    - make -j $(sysctl -n hw.ncpu || echo 4) -C build
-  test_script:
-    - ldd build/vpnserver
-    - .ci/memory-leak-test.sh
-    - .ci/vpntools-check.sh

.github/workflows/coverity.yml

@@ -4,6 +4,7 @@ name: Coverity
 on:
   schedule:
   - cron: "0 0 * * *"
+  workflow_dispatch:
 
 permissions:
   contents: read
@@ -11,7 +12,7 @@ permissions:
 jobs:
   scan:
     runs-on: ubuntu-latest
-    if: ${{ github.repository_owner == 'SoftEtherVPN' }}
+    if: ${{ github.repository_owner == 'SoftEtherVPN' || github.event_name == 'workflow_dispatch' }}
     steps:
     - uses: actions/checkout@v2
       with:

.github/workflows/freebsd.yml

@@ -0,0 +1,39 @@
+name: FreeBSD
+
+on: [push, pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  build_and_test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - ssl: openssl # currently 3.0
+            openssl_root_dir: /usr/local
+          - ssl: openssl36
+            openssl_root_dir: /usr/local
+          - ssl: # base openssl
+            openssl_root_dir:
+    name: FreeBSD with ${{ matrix.ssl || 'base openssl' }}
+    env:
+      SSL: ${{ matrix.ssl }}
+      OPENSSL_ROOT_DIR: ${{ matrix.openssl_root_dir }}
+    steps:
+    - uses: actions/checkout@v6
+      with:
+        submodules: true
+    - uses: vmactions/freebsd-vm@v1
+      with:
+        envs: 'OPENSSL_ROOT_DIR SSL'
+        prepare: |
+          pkg install -y $SSL pkgconf cmake git libsodium cpu_features
+        run: |
+          CMAKE_FLAGS="-DUSE_SYSTEM_CPU_FEATURES=1" CFLAGS="-I/usr/local/include/cpu_features" ./configure
+          make -j $(nproc || echo 4) -C build
+          ldd build/vpnserver
+          .ci/memory-leak-test.sh
+          .ci/vpntools-check.sh

.github/workflows/sanitizer.yml

@@ -0,0 +1,80 @@
+name: Sanitizer
+
+on: [push, pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  run_sanitizer:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer:
+          - "address,leak,undefined"
+          - "thread,undefined"
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+
+      - name: Install dependencies
+        run: |
+          sudo apt update
+          sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev liblz4-dev libnl-genl-3-dev 
+
+      - name: Build
+        run: |
+          mkdir build
+          cd build
+          cmake -G "Ninja" -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_FLAGS="-O1 -fsanitize=${{ matrix.sanitizer }} -fno-omit-frame-pointer" ..
+          cmake --build .
+
+      - name: Test
+        env:
+          ASAN_OPTIONS: halt_on_error=0:exitcode=0
+          TSAN_OPTIONS: halt_on_error=0:exitcode=0:suppressions=./tsan_suppressions.txt
+          UBSAN_OPTIONS: halt_on_error=0:exitcode=0
+          LSAN_OPTIONS: exitcode=0
+        run: |
+          .ci/vpntools-check.sh 2> sanitizer.log
+
+      - name: Make job summary
+        run: |
+          echo "### Sanitizer Report (${{ matrix.sanitizer }})" >> $GITHUB_STEP_SUMMARY
+
+          REPORTS=$(grep -E "SUMMARY:|runtime error:" sanitizer.log | sort | uniq)
+          REPORT_COUNT=$(echo "$REPORTS" | grep -c . || true)
+          echo "Found $REPORT_COUNT issues" >> $GITHUB_STEP_SUMMARY
+
+          echo "<details><summary>View Summary</summary>" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+          echo "$REPORTS" >> $GITHUB_STEP_SUMMARY
+          echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "</details>" >> $GITHUB_STEP_SUMMARY
+
+          if [ "$REPORT_COUNT" -ne 0 ]; then
+            echo "HAS_ISSUES=true" >> $GITHUB_ENV
+            echo "REPORT_COUNT=$REPORT_COUNT" >> $GITHUB_ENV
+          fi
+
+      - name: Upload full sanitizer log
+        if: env.HAS_ISSUES == 'true'
+        uses: actions/upload-artifact@v4
+        with:
+          name: sanitizer-logs-${{ matrix.sanitizer }}
+          path: |
+            sanitizer.log
+          retention-days: 30
+
+      - name: Fail on sanitizer issues
+        if: env.HAS_ISSUES == 'true'
+        run: |
+          echo "Found ${{ env.REPORT_COUNT }} issues."
+          echo "Please check the Job Summary page for a quick overview."
+          echo "Full logs are available in the GitHub Artifacts."
+          exit 1

.github/workflows/windows.yml

@@ -8,10 +8,11 @@ jobs:
     strategy:
       matrix:
         platform: [
-          { ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe",     VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat"},
+          { ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe",     VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat", RUNNER: "windows-latest", CMAKE_EXTRA_FLAGS: ""},
-          { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"}
+          { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat", RUNNER: "windows-latest", CMAKE_EXTRA_FLAGS: ""},
+          { ARCHITECTURE: arm64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/ARM64/bin/clang-cl.exe", VCPKG_TRIPLET: "arm64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvarsarm64.bat", RUNNER: "windows-11-arm", CMAKE_EXTRA_FLAGS: "-DOQS_PERMIT_UNSUPPORTED_ARCHITECTURE=ON"}
         ]
-    runs-on: windows-latest
+    runs-on: ${{ matrix.platform.RUNNER }}
     name: ${{ matrix.platform.ARCHITECTURE }}
     steps:
     - uses: actions/checkout@v4
@@ -33,12 +34,13 @@ jobs:
         COMPILER_PATH: ${{ matrix.platform.COMPILER_PATH }}
         VCPKG_TRIPLET: ${{ matrix.platform.VCPKG_TRIPLET }}
         VCVARS_PATH: ${{ matrix.platform.VCVARS_PATH }}
+        CMAKE_EXTRA_FLAGS: ${{ matrix.platform.CMAKE_EXTRA_FLAGS }}
       run: |
         set BUILD_NUMBER=0
         mkdir build
         cd build
         call "%VCVARS_PATH%"
-        cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% ..
+        cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% %CMAKE_EXTRA_FLAGS% ..
         cmake --build .
         mkdir installers
         vpnsetup /SFXMODE:vpnclient /SFXOUT:"installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"

.github/workflows/windows_release.yml

@@ -26,13 +26,14 @@ jobs:
         uses: softprops/action-gh-release@v1
   build-windows:
     name: ${{ matrix.platform.ARCHITECTURE }}
-    runs-on: windows-latest
+    runs-on: ${{ matrix.platform.RUNNER }}
     needs: ["release"]
     strategy:
       matrix:
         platform: [
-          { ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe",     VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat"},
+          { ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe",     VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat", RUNNER: "windows-latest", CMAKE_EXTRA_FLAGS: ""},
-          { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"}
+          { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat", RUNNER: "windows-latest", CMAKE_EXTRA_FLAGS: ""},
+          { ARCHITECTURE: arm64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/ARM64/bin/clang-cl.exe", VCPKG_TRIPLET: "arm64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvarsarm64.bat", RUNNER: "windows-11-arm", CMAKE_EXTRA_FLAGS: "-DOQS_PERMIT_UNSUPPORTED_ARCHITECTURE=ON"}
         ]
     steps:
       - name: "Checkout repository"
@@ -57,11 +58,12 @@ jobs:
           COMPILER_PATH: ${{ matrix.platform.COMPILER_PATH }}
           VCPKG_TRIPLET: ${{ matrix.platform.VCPKG_TRIPLET }}
           VCVARS_PATH: ${{ matrix.platform.VCVARS_PATH }}
+          CMAKE_EXTRA_FLAGS: ${{ matrix.platform.CMAKE_EXTRA_FLAGS }}
         run: |
           mkdir build
           cd build
           call "%VCVARS_PATH%"
-          cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% ..
+          cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% %CMAKE_EXTRA_FLAGS% ..
           cmake --build .
           mkdir installers
           vpnsetup /SFXMODE:vpnclient /SFXOUT:"installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"

CMakeSettings.json

@@ -136,6 +136,78 @@
           "type": "STRING"
         }
       ]
+    },
+    {
+      "name": "arm64-on-x64",
+      "description": "Cross compile Windows ARM64 on x64",
+      "generator": "Ninja",
+      "configurationType": "RelWithDebInfo",
+      "inheritEnvironments": ["msvc_arm64_x64"],
+      "buildRoot": "${projectDir}\\out\\build\\${name}",
+      "installRoot": "${projectDir}\\out\\install\\${name}",
+      "variables": [
+        {
+          "name": "BUILD_NUMBER",
+          "value": "${env.BuildNumber}",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_SYSTEM_NAME",
+          "value": "Windows",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_SYSTEM_PROCESSOR",
+          "value": "arm64",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_C_COMPILER",
+          "value": "${env.VCINSTALLDIR}Tools/Llvm/bin/clang-cl.exe",
+          "type": "FILEPATH"
+        },
+        {
+          "name": "CMAKE_CXX_COMPILER",
+          "value": "${env.VCINSTALLDIR}Tools/Llvm/bin/clang-cl.exe",
+          "type": "FILEPATH"
+        },
+        {
+          "name": "CMAKE_C_COMPILER_TARGET",
+          "value": "arm64-windows-msvc",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_CXX_COMPILER_TARGET",
+          "value": "arm64-windows-msvc",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_EXE_LINKER_FLAGS",
+          "value": "/machine:ARM64",
+          "type": "STRING"
+        },
+        {
+          "name": "VCPKG_TARGET_TRIPLET",
+          "value": "arm64-windows-static",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_STATIC_LINKER_FLAGS",
+          "value": "/machine:ARM64",
+          "type": "STRING"
+        },
+        {
+          "name": "CMAKE_SHARED_LINKER_FLAGS",
+          "value": "/machine:ARM64",
+          "type": "STRING"
+        },
+        {
+          "name": "IS_CROSS_COMPILATION",
+          "value": "arm64-on-x64",
+          "type": "STRING"
+
+        }
+      ]
     }
   ]
 }

src/BUILD_WINDOWS.md

@@ -87,6 +87,10 @@ into it. So that is what will be described below.
    - x86-on-x64
 
      Cross compile x86 executables with 64-bit compiler
+    
+    - arm64-on-x64
+
+     Cross compile arm64 executables with x64t compiler
 
    On 64-bit Windows, all four configurations can be used. 32-bit platforms can only use 32-bit compiler.
 

src/BUILD_WinArm64.md

@@ -0,0 +1,52 @@
+# How to build and install SoftEther VPN on Windows ARM64
+
+This document describes how to build SoftEther VPN for Windows ARM64 and how to install the VPN Client and Neo6 virtual network adapter on Windows on ARM devices.
+
+
+## Requirements
+
+
+- Build host: Windows x64
+
+- Target device: Windows 10 / Windows 11 ARM64
+
+
+## Building 
+ 
+    **Notes before building**: ARM64 builds are cross-compiled from an x64 Windows host. An existing x64-native build is required to generate hamcore.se2.
+1. Follow [BUILD_WINDOWS.md](BUILD_WINDOWS.md##Building)
+
+1. Build x64 (Native): From the build menu, select x64-on-x64. Complete the build successfully. This build is required to generate shared resources
+
+1. Build ARM64 (Cross-Compiled): From the same build menu, select arm64-on-x64. 
+Build the ARM64 version of SoftEther VPN.
+
+1. Building the Neo6 Virtual Network Adapter (ARM64)
+
+    Open the following project in Visual Studio:
+    ```
+    .\src\Neo6\Neo6.vcxproj 
+    ```
+   
+    SoftEther VPN Client uses the Neo6 virtual network adapter.
+
+
+    Driver Output Files
+    The ARM64 driver package includes:
+    ```
+    Neo6_arm64_VPN.sys
+    Neo6_arm64_VPN.inf
+    ```
+    Driver Signing and Installation (Windows ARM64)
+    ```
+    Enable test-signing mode: bcdedit /set testsigning on
+    Reboot the system.
+    Testing signing:
+    Install the Neo6 ARM64 driver.
+    ```
+# Summary
+
+SoftEther VPN can be cross-compiled for Windows ARM64 on an x64 host
+VPN Client works natively on Windows on ARM
+Neo6 ARM64 driver requires Microsoft signing for production use
+Test-signing is suitable for local development only

src/CMakeLists.txt

@@ -1,4 +1,4 @@
-if(UNIX)
+if(UNIX)
   # Creates wrapper scripts and installs them in the user's binaries directory, which is usually "/usr/local/bin".
   # This is required because symlinks use the folder they are in as working directory.
   #
@@ -59,6 +59,12 @@ add_definitions(-D_REENTRANT -DREENTRANT -D_THREAD_SAFE -D_THREADSAFE -DTHREAD_S
 include_directories(.)
 
 if(WIN32)
+  if(IS_CROSS_COMPILATION MATCHES "arm64-on-x64")
+    set(CMAKE_SYSTEM_PROCESSOR "arm64")
+  else()
+    message("Setting QSPECTRE")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /Qspectre")
+  endif()
   add_definitions(-DWIN32 -D_WINDOWS -DOS_WIN32 -D_CRT_SECURE_NO_WARNINGS)
 
   #
@@ -69,9 +75,6 @@ if(WIN32)
   set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /guard:cf")
   set(CMAKE_EXE_LINKER_FLAGS  "${CMAKE_EXE_LINKER_FLAGS} /guard:cf /DYNAMICBASE")
 
-  message("Setting QSPECTRE")
-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /Qspectre")
-
   message("Setting CETCOMPAT")
   set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /CETCOMPAT")
 
@@ -164,15 +167,45 @@ add_custom_target(hamcore-archive-build
   ALL
   DEPENDS "${BUILD_DIRECTORY}/hamcore.se2"
 )
+if(IS_CROSS_COMPILATION MATCHES "arm64-on-x64")
+    file(TO_CMAKE_PATH "${TOP_DIRECTORY}" TOP_DIRECTORY_NORM)
+    set(X64_HAMCORE_BUILDER
+      "${TOP_DIRECTORY_NORM}/out/build/x64-native/src/hamcorebuilder/hamcorebuilder.exe"
+    )
+    if(EXISTS "${X64_HAMCORE_BUILDER}")
+      message(STATUS "file exist (from TOP_DIRECTORY)")
+    endif()
 
-add_custom_command(
+  # support cross compile, when you compile ARM64 version on X64 Platform
-  COMMENT "Building hamcore.se2 archive file..."
+  if(EXISTS "${X64_HAMCORE_BUILDER}")
-  COMMAND hamcorebuilder "hamcore.se2" "${TOP_DIRECTORY}/src/bin/hamcore"
+    message("X64_HAMCORE_BUILDER found: ${X64_HAMCORE_BUILDER}")
-  DEPENDS hamcorebuilder "${TOP_DIRECTORY}/src/bin/hamcore/"
+  elseif(EXISTS("${TOP_DIRECTORY}/out/build/x64-native/src/hamcorebuilder/hamcorebuilder.exe"))
-  OUTPUT "${BUILD_DIRECTORY}/hamcore.se2"
+    set(X64_HAMCORE_BUILDER "${TOP_DIRECTORY}/out/build/x64-native/src/hamcorebuilder/hamcorebuilder.exe")
-  WORKING_DIRECTORY "${BUILD_DIRECTORY}"
+  else()
-  VERBATIM
+	message("${TOP_DIRECTORY}/out/build/x64-native/src/hamcorebuilder/hamcorebuilder.exe")
-)
+    message(FATAL_ERROR "X64_HAMCORE_BUILDER not found: ${X64_HAMCORE_BUILDER}, pls build x64-native version first")
+  endif()
+  message(STATUS "X64_HAMCORE_BUILDER = ${X64_HAMCORE_BUILDER}")
+
+  add_custom_command(
+    COMMENT "Building hamcore.se2 archive file..."
+    COMMAND ${X64_HAMCORE_BUILDER} "hamcore.se2" "${TOP_DIRECTORY}/src/bin/hamcore"
+    DEPENDS ${X64_HAMCORE_BUILDER} "${TOP_DIRECTORY}/src/bin/hamcore/"
+    OUTPUT "${BUILD_DIRECTORY}/hamcore.se2"
+    WORKING_DIRECTORY "${BUILD_DIRECTORY}"
+    VERBATIM
+  )
+
+else()
+  add_custom_command(
+      COMMENT "Building hamcore.se2 archive file..."
+      COMMAND hamcorebuilder "hamcore.se2" "${TOP_DIRECTORY}/src/bin/hamcore"
+      DEPENDS hamcorebuilder "${TOP_DIRECTORY}/src/bin/hamcore/"
+      OUTPUT "${BUILD_DIRECTORY}/hamcore.se2"
+      WORKING_DIRECTORY "${BUILD_DIRECTORY}"
+      VERBATIM
+  )
+endif()
 
 if(WIN32)
   # PenCore

src/Cedar/Admin.c

@@ -8739,7 +8739,7 @@ UINT StSetHubRadius(ADMIN *a, RPC_RADIUS *t)
 	}
 
 	//SetRadiusServer(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret);
-	SetRadiusServerEx(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret, t->RadiusRetryInterval);
+	SetRadiusServerEx2(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret, t->RadiusRetryInterval, t->RadiusRetryTimeout);
 
 	ALog(a, h, "LA_SET_HUB_RADIUS");
 
@@ -8778,8 +8778,8 @@ UINT StGetHubRadius(ADMIN *a, RPC_RADIUS *t)
 	Zero(t, sizeof(RPC_RADIUS));
 	//GetRadiusServer(h, t->RadiusServerName, sizeof(t->RadiusServerName),
 	//	&t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret));
-	GetRadiusServerEx(h, t->RadiusServerName, sizeof(t->RadiusServerName),
+	GetRadiusServerEx2(h, t->RadiusServerName, sizeof(t->RadiusServerName),
-		&t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret), &t->RadiusRetryInterval);
+		&t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret), &t->RadiusRetryInterval, &t->RadiusRetryTimeout);
 
 	ReleaseHub(h);
 
@@ -13031,6 +13031,7 @@ void InRpcRadius(RPC_RADIUS *t, PACK *p)
 	PackGetStr(p, "HubName", t->HubName, sizeof(t->HubName));
 	PackGetStr(p, "RadiusSecret", t->RadiusSecret, sizeof(t->RadiusSecret));
 	t->RadiusRetryInterval = PackGetInt(p, "RadiusRetryInterval");
+	t->RadiusRetryTimeout = PackGetInt(p, "RadiusRetryTimeout");
 }
 void OutRpcRadius(PACK *p, RPC_RADIUS *t)
 {
@@ -13045,6 +13046,7 @@ void OutRpcRadius(PACK *p, RPC_RADIUS *t)
 	PackAddStr(p, "HubName", t->HubName);
 	PackAddStr(p, "RadiusSecret", t->RadiusSecret);
 	PackAddInt(p, "RadiusRetryInterval", t->RadiusRetryInterval);
+	PackAddInt(p, "RadiusRetryTimeout", t->RadiusRetryTimeout);
 }
 
 // RPC_HUB

src/Cedar/Admin.h

@@ -259,6 +259,7 @@ struct RPC_RADIUS
 	UINT RadiusPort;					// Radius port number
 	char RadiusSecret[MAX_PASSWORD_LEN + 1];	// Secret key
 	UINT RadiusRetryInterval;			// Radius retry interval
+	UINT RadiusRetryTimeout;			// Radius retry timeout
 };
 
 // Specify the HUB

src/Cedar/CMakeLists.txt

@@ -12,6 +12,15 @@ else()
   add_library(cedar SHARED ${SOURCES_CEDAR} ${SOURCES_CEDAR_CPP} ${HEADERS_CEDAR})
 endif()
 
+if(MSVC)
+  target_compile_options(cedar PRIVATE /EHsc)
+elseif(CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
+  if(CMAKE_CXX_COMPILER_FRONTEND_VARIANT STREQUAL "MSVC")
+    target_compile_options(cedar PRIVATE /EHsc)
+  else()
+    target_compile_options(cedar PRIVATE -fexceptions)
+  endif()
+endif()
 set_target_properties(cedar
   PROPERTIES
   ARCHIVE_OUTPUT_DIRECTORY "${BUILD_DIRECTORY}"
@@ -22,19 +31,22 @@ set_target_properties(cedar
 target_link_libraries(cedar PUBLIC mayaqua)
 
 cmake_host_system_information(RESULT HAS_SSE2 QUERY HAS_SSE2)
-
+if(CMAKE_SYSTEM_PROCESSOR MATCHES "arm64|aarch64|arm64v8|ARM64")
-set(BLAKE2_SRC_PATH $<IF:$<BOOL:${HAS_SSE2}>,${TOP_DIRECTORY}/3rdparty/BLAKE2/sse,${TOP_DIRECTORY}/3rdparty/BLAKE2/ref>)
+  message(STATUS "Target architecture is ARM64")
-set(BLAKE2_SRC $<IF:$<BOOL:${HAS_SSE2}>,${BLAKE2_SRC_PATH}/blake2s.c,${BLAKE2_SRC_PATH}/blake2s-ref.c>)
+  set(BLAKE2_SRC_PATH "${TOP_DIRECTORY}/3rdparty/BLAKE2/neon")
-
+  set(BLAKE2_SRC "${BLAKE2_SRC_PATH}/blake2s-neon.c")
+else()
+  set(BLAKE2_SRC_PATH $<IF:$<BOOL:${HAS_SSE2}>,${TOP_DIRECTORY}/3rdparty/BLAKE2/sse,${TOP_DIRECTORY}/3rdparty/BLAKE2/ref>)
+  set(BLAKE2_SRC $<IF:$<BOOL:${HAS_SSE2}>,${BLAKE2_SRC_PATH}/blake2s.c,${BLAKE2_SRC_PATH}/blake2s-ref.c>)
+  if(HAS_SSE2)
+    # If SSE2 is enabled, a build failure occurs with MSVC because it doesn't define "__SSE2__".
+    # The fix consists in defining "HAVE_SSE2" manually, effectively overriding the check.
+    set_property(SOURCE ${BLAKE2_SRC} PROPERTY COMPILE_DEFINITIONS "HAVE_SSE2")
+  endif()
+endif()
 target_include_directories(cedar PUBLIC ${BLAKE2_SRC_PATH})
 target_sources(cedar PRIVATE ${BLAKE2_SRC})
 
-if(HAS_SSE2)
-  # If SSE2 is enabled, a build failure occurs with MSVC because it doesn't define "__SSE2__".
-  # The fix consists in defining "HAVE_SSE2" manually, effectively overriding the check.
-  set_property(SOURCE ${BLAKE2_SRC} PROPERTY COMPILE_DEFINITIONS "HAVE_SSE2")
-endif()
-
 if(VCPKG_TARGET_TRIPLET)
   find_package(unofficial-sodium CONFIG REQUIRED)
   target_link_libraries(cedar PUBLIC unofficial-sodium::sodium)

src/Cedar/Command.c

@@ -11791,6 +11791,9 @@ UINT PsRadiusServerSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
 		{"[server_name:port]", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_Host"), CmdEvalNotEmpty, NULL},
 		{"SECRET", CmdPromptChoosePassword, _UU("CMD_RadiusServerSet_Prompt_Secret"), NULL, NULL},
 		{"RETRY_INTERVAL", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_RetryInterval"), CmdEvalMinMax, &minmax},
+		
+		// Support for setting timeout through commandline not added
+		// {"RETRY_TIMEOUT", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_RetryTimeout"), CmdEvalMinMax, &minmax},
 	};
 
 	// If virtual HUB is not selected, it's an error
@@ -11815,6 +11818,7 @@ UINT PsRadiusServerSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
 		StrCpy(t.RadiusServerName, sizeof(t.RadiusServerName), host);
 		StrCpy(t.RadiusSecret, sizeof(t.RadiusSecret), GetParamStr(o, "SECRET"));
 		t.RadiusRetryInterval = GetParamInt(o, "RETRY_INTERVAL");
+		// t.RadiusRetryTimeout = GetParamInt(o, "RETRY_TIMEOUT");
 
 		Free(host);
 
@@ -11938,6 +11942,9 @@ UINT PsRadiusServerGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
 
 			UniToStri(tmp, t.RadiusRetryInterval);
 			CtInsert(ct, _UU("CMD_RadiusServerGet_RetryInterval"), tmp);
+
+			UniToStri(tmp, t.RadiusRetryTimeout);
+			CtInsert(ct, _UU("CMD_RadiusServerGet_RetryTimeout"), tmp);
 		}
 
 		CtFree(ct, c);

src/Cedar/Console.c

@@ -1938,6 +1938,7 @@ bool PasswordPrompt(char *password, UINT size)
 		c = _getch();
 #else	// OS_WIN32
 		c = getc(stdin);
+PROCESS_CH:
 #endif	// OS_WIN32
 
 		if (c >= 0x20 && c <= 0x7E)
@@ -1952,6 +1953,7 @@ bool PasswordPrompt(char *password, UINT size)
 		else if (c == 0x03)
 		{
 			// Break
+			RestoreConsole(console);
 			exit(0);
 		}
 		else if (c == 0x04 || c == 0x1a || c == 0x0D || c==0x0A)
@@ -1977,7 +1979,47 @@ bool PasswordPrompt(char *password, UINT size)
 				goto BACKSPACE;
 			}
 		}
-		else if (c == 0x08)
+#ifdef OS_UNIX	// OS_UNIX
+		else if (c == 0x1B)
+		{
+			c = getc(stdin);
+			if (c != 0x5B && c != 0x4F)
+			{
+				// ESC key
+				goto PROCESS_CH;
+			}
+
+			c = getc(stdin);
+			if (c == 0x44)
+			{
+				// Left arrow key
+				goto BACKSPACE;
+			}
+			else if (c == 0x33)
+			{
+				c = getc(stdin);
+				if (c == 0x7E)
+				{
+					// Delete key
+					goto BACKSPACE;
+				}
+			}
+
+			// Drain remaining sequence bytes (most are <= 6)
+			for (int i = 0; i < 6; i++)
+			{
+				if (c >= 0x40 && c <= 0x7E)
+				{
+					// End of sequence
+					break;
+				}
+				c = getc(stdin);
+			}
+
+			continue;
+		}
+#endif	// OS_UNIX
+		else if (c == 0x08 || c == 0x7F)
 		{
 BACKSPACE:
 			// Backspace

src/Cedar/Hub.c

@@ -99,6 +99,7 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch
 	char radius_servers[MAX_PATH] = {0};
 	UINT radius_port = 0;
 	UINT radius_retry_interval = 0;
+	UINT radius_retry_timeout = 0;
 	char radius_secret[MAX_PATH] = {0};
 	char radius_suffix_filter[MAX_PATH] = {0};
 	if (cedar == NULL || hubname == NULL || client_ip_str == NULL || username == NULL)
@@ -115,8 +116,8 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch
 
 	if (hub != NULL)
 	{
-		if (GetRadiusServerEx2(hub, radius_servers, sizeof(radius_servers), &radius_port, radius_secret,
+		if (GetRadiusServerEx3(hub, radius_servers, sizeof(radius_servers), &radius_port, radius_secret,
-			sizeof(radius_secret), &radius_retry_interval, radius_suffix_filter, sizeof(radius_suffix_filter)))
+			sizeof(radius_secret), &radius_retry_interval, &radius_retry_timeout, radius_suffix_filter, sizeof(radius_suffix_filter)))
 		{
 			bool use_peap = hub->RadiusUsePeapInsteadOfEap;
 
@@ -6415,17 +6416,23 @@ void ReleaseHub(HUB *h)
 bool GetRadiusServer(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size)
 {
 	UINT interval;
+	
 	return GetRadiusServerEx(hub, name, size, port, secret, secret_size, &interval);
 }
-bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval)
+bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval) {
-{
+	UINT timeout;
-	return GetRadiusServerEx2(hub, name, size, port, secret, secret_size, interval, NULL, 0);
+
+	return GetRadiusServerEx2(hub, name, size, port, secret, secret_size, interval, &timeout);
 }
-bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, char *suffix_filter, UINT suffix_filter_size)
+bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout)
+{
+	return GetRadiusServerEx3(hub, name, size, port, secret, secret_size, interval, timeout, NULL, 0);
+}
+bool GetRadiusServerEx3(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size)
 {
 	bool ret = false;
 	// Validate arguments
-	if (hub == NULL || name == NULL || port == NULL || secret == NULL || interval == NULL)
+	if (hub == NULL || name == NULL || port == NULL || secret == NULL || interval == NULL || timeout == NULL)
 	{
 		return false;
 	}
@@ -6439,6 +6446,7 @@ bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secre
 			StrCpy(name, size, hub->RadiusServerName);
 			*port = hub->RadiusServerPort;
 			*interval = hub->RadiusRetryInterval;
+			*timeout = hub->RadiusRetryTimeout;
 
 			tmp_size = hub->RadiusSecret->Size + 1;
 			tmp = ZeroMalloc(tmp_size);
@@ -6465,6 +6473,10 @@ void SetRadiusServer(HUB *hub, char *name, UINT port, char *secret)
 	SetRadiusServerEx(hub, name, port, secret, RADIUS_RETRY_INTERVAL);
 }
 void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval)
+{
+	SetRadiusServerEx2(hub, name, port, secret, interval, RADIUS_RETRY_TIMEOUT);
+}
+void SetRadiusServerEx2(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout)
 {
 	// Validate arguments
 	if (hub == NULL)
@@ -6484,19 +6496,28 @@ void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT inter
 			hub->RadiusServerName = NULL;
 			hub->RadiusServerPort = 0;
 			hub->RadiusRetryInterval = RADIUS_RETRY_INTERVAL;
+			hub->RadiusRetryTimeout = RADIUS_RETRY_TIMEOUT;
+
 			FreeBuf(hub->RadiusSecret);
 		}
 		else
 		{
 			hub->RadiusServerName = CopyStr(name);
 			hub->RadiusServerPort = port;
+
+			if (timeout == 0) {
+				timeout = RADIUS_RETRY_TIMEOUT;
+			}
+			hub->RadiusRetryTimeout = timeout;
+
 			if (interval == 0)
 			{
-				hub->RadiusRetryInterval = RADIUS_RETRY_INTERVAL;
+				hub->RadiusRetryInterval = RADIUS_RETRY_INTERVAL; ///What happens here is that RADIUS_RETRY_TIMEOUT is not configurable, and RADIUS_RETRY_INTERVAL is set to the timeout if it's larger.
 			}
-			else if (interval > RADIUS_RETRY_TIMEOUT)
+			
+			if (interval > timeout)
 			{
-				hub->RadiusRetryInterval = RADIUS_RETRY_TIMEOUT;
+				hub->RadiusRetryInterval = timeout;
 			}
 			else
 			{

src/Cedar/Hub.h

@@ -341,6 +341,7 @@ struct HUB
 	char *RadiusServerName;				// Radius server name
 	UINT RadiusServerPort;				// Radius server port number
 	UINT RadiusRetryInterval;			// Radius retry interval
+	UINT RadiusRetryTimeout;			// Radius timeout, it will no longer retry
 	BUF *RadiusSecret;					// Radius shared key
 	char RadiusSuffixFilter[MAX_SIZE];	// Radius suffix filter
 	char RadiusRealm[MAX_SIZE];			// Radius realm (optional)
@@ -482,9 +483,11 @@ void GetAccessListStr(char *str, UINT size, ACCESS *a);
 void DeleteOldIpTableEntry(LIST *o);
 void SetRadiusServer(HUB *hub, char *name, UINT port, char *secret);
 void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval);
+void SetRadiusServerEx2(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout);
 bool GetRadiusServer(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size);
 bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval);
-bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, char *suffix_filter, UINT suffix_filter_size);
+bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout);
+bool GetRadiusServerEx3(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size);
 int CompareCert(void *p1, void *p2);
 void GetHubLogSetting(HUB *h, HUB_LOG *setting);
 void SetHubLogSetting(HUB *h, HUB_LOG *setting);

src/Cedar/Proto_OpenVPN.c

@@ -2562,9 +2562,16 @@ void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol)
 								Debug("OpenVPN Channel %u Failed.\n", j);
 								OvsLog(s, se, c, "LO_CHANNEL_FAILED");
 
-								// Return the AUTH_FAILED
+								if ((se->IpcAsync->ErrorCode == ERR_AUTHTYPE_NOT_SUPPORTED) ||
-								str = "AUTH_FAILED";
+									(se->IpcAsync->ErrorCode == ERR_AUTH_FAILED) ||
-								WriteFifo(c->SslPipe->SslInOut->SendFifo, str, StrSize(str));
+									(se->IpcAsync->ErrorCode == ERR_PROXY_AUTH_FAILED) ||
+									(se->IpcAsync->ErrorCode == ERR_USER_AUTHTYPE_NOT_PASSWORD) ||
+									(se->IpcAsync->ErrorCode == ERR_NOT_SUPPORTED_AUTH_ON_OPENSOURCE))
+								{
+									// Return the AUTH_FAILED
+									str = "AUTH_FAILED";
+									WriteFifo(c->SslPipe->SslInOut->SendFifo, str, StrSize(str));
+								}
 
 								s->SessionEstablishedCount++;
 

src/Cedar/Proto_PPP.c

@@ -3615,6 +3615,8 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION *p, PPP_EAP *eap_packet, UINT eapSize)
 		dataBuffer = eap_packet->Tls.TlsDataWithLength.Data;
 		dataSize -= 4;
 		tlsLength = Endian32(eap_packet->Tls.TlsDataWithLength.TlsLength);
+		// Let's just clamp it to a safe size to avoid DoS (GHSA-q5g3-qhc6-pr3h)
+		tlsLength = MIN(tlsLength, PPP_MRU_MAX * 10);
 	}
 	/*Debug("=======RECV EAP-TLS PACKET DUMP=======\n");
 	for (i = 0; i < dataSize; i++)
@@ -3659,9 +3661,12 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION *p, PPP_EAP *eap_packet, UINT eapSize)
 			sizeLeft = GetMemSize(p->Eap_TlsCtx.CachedBufferRecv);
 			sizeLeft -= (UINT)(p->Eap_TlsCtx.CachedBufferRecvPntr - p->Eap_TlsCtx.CachedBufferRecv);
 
-			Copy(p->Eap_TlsCtx.CachedBufferRecvPntr, dataBuffer, MIN(sizeLeft, dataSize));
+			if (sizeLeft > 0)
+			{
+				Copy(p->Eap_TlsCtx.CachedBufferRecvPntr, dataBuffer, MIN(sizeLeft, dataSize));
 
-			p->Eap_TlsCtx.CachedBufferRecvPntr += MIN(sizeLeft, dataSize);
+				p->Eap_TlsCtx.CachedBufferRecvPntr += MIN(sizeLeft, dataSize);
+			}
 		}
 
 		// If we got a cached buffer, we should feed the FIFOs via it
@@ -3783,6 +3788,8 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION *p, PPP_EAP *eap_packet, UINT eapSize)
 						}
 						AcUnlock(hub);
 						ReleaseHub(hub);
+						// Making sure the stale pntr is cleared and can't be reused (GHSA-7437-282p-7465)
+						hub = NULL;
 					}
 
 					if (found == false)
@@ -3790,8 +3797,6 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION *p, PPP_EAP *eap_packet, UINT eapSize)
 						PPP_PACKET* pack;
 						UINT identificator = p->Eap_PacketId;
 
-						ReleaseHub(hub);
-
 						PPPSetStatus(p, PPP_STATUS_AUTH_FAIL);
 
 						pack = ZeroMalloc(sizeof(PPP_PACKET));

src/Cedar/Protocol.c

@@ -5429,7 +5429,7 @@ void ClientUploadNoop(CONNECTION *c)
 	}
 
 	p = PackError(0);
-	PackAddInt(p, "noop", 1);
+	PackAddInt(p, "noop", NOOP);
 	(void)HttpClientSend(c->FirstSock, p);
 	FreePack(p);
 
@@ -5440,6 +5440,24 @@ void ClientUploadNoop(CONNECTION *c)
 	}
 }
 
+void ServerUploadNoop(CONNECTION *c)
+{
+	PACK *p;
+	// Validate arguments
+	if (c == NULL)
+	{
+		return;
+	}
+
+	p = PackError(0);
+	PackAddInt(p, "noop", NOOP_IGNORE);
+	(void)HttpServerSend(c->FirstSock, p);
+	FreePack(p);
+
+	// Client can't re-respond to an HTTP "response" 
+	// so we don't wait for it on the server side
+}
+
 // Add client version information to the PACK
 void PackAddClientVersion(PACK *p, CONNECTION *c)
 {

src/Cedar/Protocol.h

@@ -169,6 +169,7 @@ bool GetSessionKeyFromPack(PACK *p, UCHAR *session_key, UINT *session_key_32);
 void CreateNodeInfo(NODE_INFO *info, CONNECTION *c);
 UINT SecureSign(SECURE_SIGN *sign, UINT device_id, char *pin);
 void ClientUploadNoop(CONNECTION *c);
+void ServerUploadNoop(CONNECTION *c);
 bool ClientCheckServerCert(CONNECTION *c, bool *expired);
 void ClientCheckServerCertThread(THREAD *thread, void *param);
 bool ClientSecureSign(CONNECTION *c, UCHAR *sign, UCHAR *random, X **x);

src/Cedar/Radius.c

@@ -7,6 +7,7 @@
 
 #include "Radius.h"
 
+#include "Protocol.h"
 #include "Connection.h"
 #include "IPC.h"
 #include "Server.h"
@@ -1767,7 +1768,7 @@ LABEL_ERROR:
 ////////// Classical implementation
 
 // Attempts Radius authentication (with specifying retry interval and multiple server)
-bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
+bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UINT timeout, UCHAR *mschap_v2_server_response_20,
 				 RADIUS_LOGIN_OPTION *opt, char *hubname)
 {
 	UCHAR random[MD5_SIZE];
@@ -2072,14 +2073,22 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec
 
 			// Transmission process start
 			start = Tick64();
+
+			// Limit timeout to be larger than hardcoded timeout
+			// Limit interval to be larger than the hardcoded interval and less than timeout
+			if (timeout < RADIUS_RETRY_TIMEOUT) {
+				timeout = RADIUS_RETRY_TIMEOUT;
+			}
+			
 			if(interval < RADIUS_RETRY_INTERVAL)
 			{
 				interval = RADIUS_RETRY_INTERVAL;
 			}
-			else if(interval > RADIUS_RETRY_TIMEOUT)
+			else if(interval > timeout)
 			{
-				interval = RADIUS_RETRY_TIMEOUT;
+				interval = timeout;
 			}
+
 			next_send_time = start + (UINT64)interval;
 
 			while (true)
@@ -2099,6 +2108,8 @@ SEND_RETRY:
 				next_send_time = Tick64() + (UINT64)interval;
 
 RECV_RETRY:
+				ServerUploadNoop(c);				
+				
 				now = Tick64();
 				if (next_send_time <= now)
 				{
@@ -2109,7 +2120,7 @@ RECV_RETRY:
 					goto SEND_RETRY;
 				}
 
-				if ((start + RADIUS_RETRY_TIMEOUT) < now)
+				if ((start + timeout) < now)
 				{
 					// Time-out
 					break;

src/Cedar/Radius.h

@@ -283,7 +283,7 @@ struct RADIUS_LOGIN_OPTION
 };
 
 // Function prototype
-bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
+bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UINT timeout, UCHAR *mschap_v2_server_response_20,
 				 RADIUS_LOGIN_OPTION *opt, char *hubname);
 BUF *RadiusEncryptPassword(char *password, UCHAR *random, UCHAR *secret, UINT secret_size);
 BUF *RadiusCreateUserName(wchar_t *username);

src/Cedar/Sam.c

@@ -516,6 +516,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
 			char suffix_filter[MAX_SIZE];
 			wchar_t suffix_filter_w[MAX_SIZE];
 			UINT interval;
+			UINT timeout;
 			EAP_CLIENT *eap = NULL;
 			char password1[MAX_SIZE];
 			UCHAR client_challenge[16];
@@ -586,7 +587,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
 			}
 
 			// Get the Radius server information
-			if (GetRadiusServerEx2(hub, radius_server_addr, sizeof(radius_server_addr), &radius_server_port, radius_secret, sizeof(radius_secret), &interval, suffix_filter, sizeof(suffix_filter)))
+			if (GetRadiusServerEx3(hub, radius_server_addr, sizeof(radius_server_addr), &radius_server_port, radius_secret, sizeof(radius_secret), &interval, &timeout, suffix_filter, sizeof(suffix_filter)))
 			{
 				Unlock(hub->lock);
 
@@ -597,7 +598,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
 					// Attempt to login
 					b = RadiusLogin(c, radius_server_addr, radius_server_port,
 						radius_secret, StrLen(radius_secret),
-						name, password, interval, mschap_v2_server_response_20, opt, hub->Name);
+						name, password, interval, timeout, mschap_v2_server_response_20, opt, hub->Name);
 
 					if (b)
 					{

src/Cedar/Server.c

@@ -4855,6 +4855,7 @@ void SiWriteHubCfg(FOLDER *f, HUB *h)
 		}
 		CfgAddInt(f, "RadiusServerPort", h->RadiusServerPort);
 		CfgAddInt(f, "RadiusRetryInterval", h->RadiusRetryInterval);
+		CfgAddInt(f, "RadiusRetryTimeout", h->RadiusRetryTimeout);
 		CfgAddStr(f, "RadiusSuffixFilter", h->RadiusSuffixFilter);
 		CfgAddStr(f, "RadiusRealm", h->RadiusRealm);
 
@@ -5020,9 +5021,11 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name)
 			BUF *secret;
 			UINT port;
 			UINT interval;
+			UINT timeout;
 
 			port = CfgGetInt(f, "RadiusServerPort");
 			interval = CfgGetInt(f, "RadiusRetryInterval");
+			timeout = CfgGetInt(f, "RadiusRetryTimeout");
 
 			CfgGetStr(f, "RadiusSuffixFilter", h->RadiusSuffixFilter, sizeof(h->RadiusSuffixFilter));
 			CfgGetStr(f, "RadiusRealm", h->RadiusRealm, sizeof(h->RadiusRealm));
@@ -5035,6 +5038,10 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name)
 				interval = RADIUS_RETRY_INTERVAL;
 			}
 
+			if (timeout == 0) {
+				timeout = RADIUS_RETRY_TIMEOUT;
+			}
+
 			if (port != 0 && CfgGetStr(f, "RadiusServerName", name, sizeof(name)))
 			{
 				secret = CfgGetBuf(f, "RadiusSecret");
@@ -5048,7 +5055,7 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name)
 					}
 					secret_str[sizeof(secret_str) - 1] = 0;
 					//SetRadiusServer(h, name, port, secret_str);
-					SetRadiusServerEx(h, name, port, secret_str, interval);
+					SetRadiusServerEx2(h, name, port, secret_str, interval, timeout);
 					FreeBuf(secret);
 				}
 			}

src/Mayaqua/Encrypt.c

@@ -4462,9 +4462,13 @@ bool IsAesNiSupported()
 
 	// Unfortunately OpenSSL doesn't provide a function to do it
 #ifdef _MSC_VER
-	int regs[4]; // EAX, EBX, ECX, EDX
+  #if defined(_M_X64) || defined(_M_IX86)
-	__cpuid(regs, 1);
+    int regs[4]; // EAX, EBX, ECX, EDX
-	supported = (regs[2] >> 25) & 1;
+    __cpuid(regs, 1);
+    supported = (regs[2] >> 25) & 1;
+  #elif defined(_M_ARM64)
+	return IsProcessorFeaturePresent(PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE);
+  #endif
 #else // _MSC_VER
 	#if defined(CPU_FEATURES_ARCH_X86)
 		const X86Features features = GetX86Info().features;
@@ -4757,7 +4761,7 @@ static void MY_SHA0_Transform(MY_SHA0_CTX* ctx) {
 	UCHAR* p = ctx->buf;
 	int t;
 	for(t = 0; t < 16; ++t) {
-		UINT tmp =  *p++ << 24;
+		UINT tmp =  (UINT)*p++ << 24;
 		tmp |= *p++ << 16;
 		tmp |= *p++ << 8;
 		tmp |= *p++;

src/Mayaqua/HTTP.c

@@ -1207,12 +1207,14 @@ PACK *HttpClientRecv(SOCK *s)
 	UINT size;
 	UCHAR *tmp;
 	HTTP_VALUE *v;
+	UINT num_noop = 0;
 	// Validate arguments
 	if (s == NULL)
 	{
 		return NULL;
 	}
 
+START:
 	h = RecvHttpHeader(s);
 	if (h == NULL)
 	{
@@ -1257,6 +1259,22 @@ PACK *HttpClientRecv(SOCK *s)
 	p = BufToPack(b);
 	FreeBuf(b);
 
+	// Client shouldn't receive a noop other than NOOP_IGNORE
+	// because it can't respond without a full new HTTP request
+	UINT noop = PackGetInt(p, "noop");
+	if (noop == NOOP_IGNORE) {
+		Debug("recv: noop ignore\n");
+		FreePack(p);
+
+		num_noop++;
+
+		if (num_noop > MAX_NOOP_PER_SESSION)
+		{
+			return NULL;
+		}
+
+		goto START;
+	}
 	return p;
 }
 
@@ -1365,13 +1383,14 @@ START:
 	FreeBuf(b);
 
 	// Determine whether it's a NOOP
-	if (PackGetInt(p, "noop") != 0)
+	UINT noop = PackGetInt(p, "noop");
+	if (noop == NOOP)
 	{
 		Debug("recv: noop\n");
 		FreePack(p);
 
 		p = PackError(0);
-		PackAddInt(p, "noop", 1);
+		PackAddInt(p, "noop", NOOP_IGNORE);
 		if (HttpServerSend(s, p) == false)
 		{
 			FreePack(p);
@@ -1387,6 +1406,11 @@ START:
 			return NULL;
 		}
 
+		goto START;
+	} else if (noop == NOOP_IGNORE) {
+		Debug("recv: noop ignore\n");
+		FreePack(p);
+
 		goto START;
 	}
 

src/Mayaqua/Kernel.c

@@ -63,7 +63,7 @@ static int ydays[] =
 	0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 365
 };
 
-static UINT current_num_thread = 0;
+static COUNTER *current_num_thread = NULL;
 static UINT cached_number_of_cpus = 0;
 
 
@@ -776,6 +776,7 @@ void InitThreading()
 {
 	thread_pool = NewSk();
 	thread_count = NewCounter();
+	current_num_thread = NewCounter();
 }
 
 // Release of thread pool
@@ -821,6 +822,9 @@ void FreeThreading()
 
 	DeleteCounter(thread_count);
 	thread_count = NULL;
+
+	DeleteCounter(current_num_thread);
+	current_num_thread = NULL;
 }
 
 // Thread pool procedure
@@ -1028,9 +1032,9 @@ THREAD *NewThreadNamed(THREAD_PROC *thread_proc, void *param, char *name)
 
 	Wait(pd->InitFinishEvent, INFINITE);
 
-	current_num_thread++;
+	Inc(current_num_thread);
 
-//	Debug("current_num_thread = %u\n", current_num_thread);
+//	Debug("current_num_thread = %u\n", Count(current_num_thread));
 
 	return ret;
 }
@@ -1055,8 +1059,8 @@ void CleanupThread(THREAD *t)
 
 	Free(t);
 
-	current_num_thread--;
+	Dec(current_num_thread);
-	//Debug("current_num_thread = %u\n", current_num_thread);
+	//Debug("current_num_thread = %u\n", Count(current_num_thread));
 }
 
 // Release thread (pool)

src/Mayaqua/Mayaqua.h

@@ -72,11 +72,26 @@ int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow)
 
 // Compiler dependent
 #ifndef	OS_WIN32
-// Gcc compiler
+// GCC or Clang compiler
 #define	GCC_PACKED		__attribute__ ((__packed__))
+// Clang compiler
+#if defined(__has_feature)
+#if __has_feature(thread_sanitizer)
+#define ATTRIBUTE_NO_TSAN			__attribute__((no_sanitize("thread")))
+#endif	// __has_feature(thread_sanitizer)
+#endif	// __has_feature
+// GCC compiler
+#if defined(__SANITIZE_THREAD__) && !defined(ATTRIBUTE_NO_TSAN)
+#define ATTRIBUTE_NO_TSAN			__attribute__((no_sanitize("thread")))
+#endif	// __SANITIZE_THREAD__
+// Other or older Clang/GCC compiler
+#ifndef ATTRIBUTE_NO_TSAN
+#define ATTRIBUTE_NO_TSAN
+#endif	// ATTRIBUTE_NO_TSAN
 #else	// OS_WIN32
 // VC++ compiler
 #define	GCC_PACKED
+#define ATTRIBUTE_NO_TSAN
 #endif	// OS_WIN32
 
 // Macro that displays the current file name and line number

src/Mayaqua/Network.h

@@ -881,8 +881,6 @@ struct SSL_VERIFY_OPTION
 	X *SavedCert;					// Saved server certificate
 };
 
-#define	SSL_DEFAULT_CONNECT_TIMEOUT		(15 * 1000)		// SSL default timeout
-
 // Header for TCP Pair
 struct TCP_PAIR_HEADER
 {

src/Mayaqua/Pack.h

@@ -38,6 +38,8 @@
 
 // The number of allowable NOOP
 #define	MAX_NOOP_PER_SESSION	30
+#define NOOP 1
+#define NOOP_IGNORE 2 // A noop, but don't send a response noop
 
 // VALUE object
 struct VALUE

src/Mayaqua/Table.c

@@ -470,6 +470,7 @@ LIST *LoadLangList()
 	b = ReadDump(filename);
 	if (b == NULL)
 	{
+		FreeLangList(o);
 		return NULL;
 	}
 

src/Mayaqua/Unix.c

@@ -1849,6 +1849,8 @@ void UnixUnlockEx(LOCK *lock, bool inner)
 }
 
 // Lock
+// Recursive locking is implemented manually instead of using PTHREAD_MUTEX_RECURSIVE.
+// See: https://github.com/SoftEtherVPN/SoftEtherVPN/pull/2219
 bool UnixLock(LOCK *lock)
 {
 	pthread_mutex_t *mutex;
@@ -2140,9 +2142,13 @@ void UnixMemoryFree(void *addr)
 // SIGCHLD handler
 void UnixSigChldHandler(int sig)
 {
+	int old_errno = errno;
+
 	// Recall the zombie processes
 	while (waitpid(-1, NULL, WNOHANG) > 0);
 	signal(SIGCHLD, UnixSigChldHandler);
+
+	errno = old_errno;
 }
 
 // Disable core dump

src/Neo6/NDIS6.c

@@ -5,7 +5,8 @@
 // NDIS6.c
 // Windows NDIS 6.2 Routine
 
-#include <GlobalConst.h>
+//#include <GlobalConst.h>
+#include "GlobalConst.h"
 
 #define	NEO_DEVICE_DRIVER
 

src/Neo6/NDIS6.h

@@ -9,25 +9,37 @@
 #define	NDIS5_H
 
 // Win32 DDK related
-#ifndef	CPU_64
+#ifndef CPU_64
-#define	_X86_
+#define _X86_
-#else	// CPU_64
+#else // CPU_64
-#ifndef	NEO_IA64
+#ifdef CPU_ARM64
-#define	_AMD64_
+//#define _ARM64_
-#define	AMD64
+//#define ARM64
-#else	// NEO_IA64
+#elif defined(NEO_IA64)
-#define	_IA64_
+#define _IA64_
-#define	IA64
+#define IA64
-#endif	// NEO_IA64
+#else
-#endif	// CPU_64
+#define _AMD64_
+#define AMD64
+#endif
+#endif // CPU_64
 #define	NDIS_MINIPORT_DRIVER
-// NDIS 6.2
+#ifdef CPU_ARM64
-#define	NDIS620_MINIPORT
+	#define NDIS640_MINIPORT 
-#define	NDIS_SUPPORT_NDIS61			1
+	#define NDIS_MINIPORT_MINIMUM_MAJOR_VERSION 6
-#define	NDIS_SUPPORT_NDIS620		1
+	#define NDIS_MINIPORT_MINIMUM_MINOR_VERSION 40
-#define NEO_NDIS_MAJOR_VERSION		6
+	#define NEO_NDIS_MAJOR_VERSION 6
-#define NEO_NDIS_MINOR_VERSION		20
+	#define NEO_NDIS_MINOR_VERSION 40
-#define	NDIS_WDM					1
+#else
+	// NDIS 6.2
+	#define	NDIS620_MINIPORT
+	#define	NDIS_SUPPORT_NDIS61			1
+	#define	NDIS_SUPPORT_NDIS620		1
+	#define NEO_NDIS_MAJOR_VERSION		6
+	#define NEO_NDIS_MINOR_VERSION		20
+	#define	NDIS_WDM					1
+#endif
+
 
 #include <wdm.h>
 #include <ndis.h>

src/Neo6/Neo6.vcxproj

@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>17.0</VCProjectVersion>
+    <ProjectGuid>{F7679B65-2FEC-469A-8BAC-B07BF4439422}</ProjectGuid>
+    <RootNamespace>Neo6</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+      <TargetVersion>Windows10</TargetVersion>
+      <UseDebugLibraries>false</UseDebugLibraries>
+      <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+      <ConfigurationType>Driver</ConfigurationType>
+      <DriverType>KMDF</DriverType>
+      <DriverTargetPlatform>Universal</DriverTargetPlatform>
+      <TargetName>Neo6_arm64_unsigned</TargetName>
+      <TargetExt>.sys</TargetExt>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>17.0.36310.24</_ProjectFileVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <IntDir>$(Platform)_$(Configuration)\</IntDir>
+    <IgnoreImportLibrary>true</IgnoreImportLibrary>
+    <LinkIncremental>false</LinkIncremental>
+    <GenerateManifest>false</GenerateManifest>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <Midl />
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>Default</InlineFunctionExpansion>
+      <IntrinsicFunctions>false</IntrinsicFunctions>
+      <FavorSizeOrSpeed>Neither</FavorSizeOrSpeed>
+      <TreatWarningAsError>false</TreatWarningAsError>
+      <AdditionalIncludeDirectories>$(ProjectDir)\..\;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ARM64;_ARM64_;CPU_64;WIN32;CPU_ARM64;NDEBUG;_WINDOWS;_USRDLL;NEO_EXPORTS;VPN_SPEED;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>false</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <StructMemberAlignment>8Bytes</StructMemberAlignment>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>false</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+
+      <CompileAs>CompileAsC</CompileAs>
+      <DisableSpecificWarnings>4996;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <!-- <PreLinkEvent>
+      <Command>$(SolutionDir)bin\BuildUtil.exe /CMD:GenerateVersionResource "$(TargetPath)" /OUT:"$(SolutionDir)tmp\VersionResources\$(ProjectName)_$(Platform).res" /PRODUCT:"SoftEther VPN"</Command>
+    </PreLinkEvent> -->
+    <ProjectReference>
+      <LinkLibraryDependencies>false</LinkLibraryDependencies>
+    </ProjectReference>
+    <Link>
+      <OutputFile>$(OutDir)Neo6_arm64_unsigned.sys</OutputFile>
+      <AdditionalLibraryDirectories>%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>ntoskrnl.lib;wdm.lib;hal.lib;;ucrt.lib;ndis.lib;wdmsec.lib;ntdll.lib;Kernel32.lib;fwpkclnt.lib;libcntpr.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <!-- <ImportLibrary>$(SolutionDir)tmp\lib\$(Platform)_$(Configuration)\$(ProjectName).lib</ImportLibrary> -->
+      <TargetMachine>MachineARM64</TargetMachine>
+    </Link>
+    <!-- <PostBuildEvent>
+      <Command>$(SolutionDir)bin\BuildUtil.exe /CMD:SignCode "$(TargetPath)" /DEST:"$(TargetDir)Neo6_ARM64.sys" /COMMENT:"VPN Software" /KERNEL:yes /CERTID:0 /SHAMODE:0
+      $(SolutionDir)bin\BuildUtil.exe /CMD:SignCode "$(TargetPath)" /DEST:"$(TargetDir)Neo6_ARM64_win10.sys" /COMMENT:"VPN Software" /KERNEL:yes /CERTID:0 /SHAMODE:2
+      </Command>
+    </PostBuildEvent> -->
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="NDIS6.c" />
+    <ClCompile Include="Neo6.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="NDIS6.h" />
+    <ClInclude Include="Neo6.h" />
+    <ClInclude Include="resource.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="Neo6.rc" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

src/bin/hamcore/DriverPackages/Neo6_Win10/arm64/Neo6_arm64_VPN.inf

@@ -0,0 +1,114 @@
+; VPN Client Device Driver for Windows 2000 and Greater
+; 
+; Copyright (c) SoftEther Corporation. All Rights Reserved.
+; http://www.softether.co.jp/
+; 
+; BUILD 9658
+
+[Version]
+Signature					= "$Windows NT$"
+Class						= Net
+ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
+Provider					= %CompanyName%
+DriverVer					= 02/04/2018, 4.25.0.9658
+CatalogFile.NT				= Neo6_arm64_VPN.cat
+
+[Manufacturer]
+%CompanyName% 				= SoftEther, NTarm64
+
+[SourceDisksNames]
+1=%DiskDescription%, "", , 
+
+[SourceDisksFiles]
+Neo6_arm64_VPN.sys	= 1
+
+[DestinationDirs]
+DefaultDestDir				= 12
+Neo.CopyFiles.Sys			= 12
+
+[Neo.CopyFiles.Sys]
+Neo6_arm64_VPN.sys, , , 2
+
+[SoftEther.NTarm64]
+%NeoAdapter.DeviceDesc%	= NeoAdapter.Install, NeoAdapter_VPN
+
+[NeoAdapter.Install]
+Characteristics				= 0x1
+AddReg						= Neo.Reg, NeoAdapter.Ndi
+CopyFiles					= Neo.CopyFiles.Sys
+*IfType						= 53
+*MediaType					= 0
+*PhysicalMediaType			= 0
+
+[NeoAdapter.Install.Services]
+AddService					= %Neo.Service.Name%, 2, Neo.Service, Neo.EventLog, , %Neo, EventLog.Name%
+
+[NeoAdapter.Ndi]
+HKR, , NetworkAddress, 0, %DefaultAddress%
+HKR, Ndi, DeviceID, , "NeoAdapter_VPN"
+HKR, , DevLoader, , ndis
+HKR, , DeviceVxDs, , Neo6_arm64_VPN.sys
+HKR, NDIS, LogDriverName, , "Neo_VPN"
+HKR, NDIS, MajorNdisVersion, 1, 5
+HKR, NDIS, MinorNdisVersion, 1, 0
+HKR, Ndi\Interfaces, DefUpper, , "ndis5"
+HKR, Ndi\Interfaces, UpperRange, , "ndis5"
+HKR, Ndi\Interfaces, LowerRange, , "ethernet"
+HKR, Ndi\Interfaces, DefLower, , "ethernet"
+HKR, Ndi\Install, ndis5, , "Neo.CopyFiles.Sys"
+HKR, Ndi\Params\NetworkAddress, ParamDesc, 0, %NetworkAddress%
+HKR, Ndi\Params\NetworkAddress, type, 0, "edit"
+HKR, Ndi\Params\NetworkAddress, LimitText, 0, "12"
+HKR, Ndi\Params\NetworkAddress, UpperCase, 0, "1"
+HKR, Ndi\Params\NetworkAddress, default, 0, %DefaultAddress%
+HKR, Ndi\Params\NetworkAddress, optional, 0, "0"
+HKR, Ndi\Params\MaxSpeed, ParamDesc, 0, %MaxSpeed%
+HKR, Ndi\Params\MaxSpeed, type, 0, "int"
+HKR, Ndi\Params\MaxSpeed, default, 0, "100"
+HKR, Ndi\Params\MaxSpeed, min, 0, "0"
+HKR, Ndi\Params\MaxSpeed, max, 0, "2000"
+HKR, Ndi\Params\MaxSpeed, step, 0, "1"
+HKR, Ndi\Params\MaxSpeed, Base, 0, "10"
+HKR, Ndi\Params\KeepLink, ParamDesc, 0, %KeepLink%
+HKR, Ndi\Params\KeepLink, type, 0, "enum"
+HKR, Ndi\Params\KeepLink\enum, "1", 0, %On%
+HKR, Ndi\Params\KeepLink\enum, "0", 0, %Off%
+HKR, Ndi\Params\KeepLink, default, 0, "0"
+
+
+[Neo.Service]
+DisplayName					= %Neo.Service.DispName%
+Description					= %Neo.Service.Desc%
+ServiceType					= 1
+StartType					= 3
+ErrorControl				= 1
+ServiceBinary				= %12%\Neo6_arm64_VPN.sys
+LoadOrderGroup				= NDIS
+
+[Neo.Reg]
+HKR, Ndi, Service, 0, Neo.Service.Name
+HKR, Ndi\Interfaces, LowerRange, 0, "ethernet"
+HKR, Ndi\Interfaces, UpperRange, 0, "ndis5"
+
+[Neo.EventLog]
+HKR, , EventMessageFile, 0x00020000, "%11%\IoLogMsg.dll;%12%\Neo6_arm64_VPN.sys"
+HKR, , TypesSupported, 0x00010001, 7
+
+[Strings]
+CompanyName					= "SoftEther Corporation"
+DiskDescription				= "VPN Client Device Driver Install Disk"
+Neo.Service.Name			= "Neo_VPN"
+Neo.Service.DispName		= "VPN Client Device Driver - VPN"
+Neo.Service.Desc			= "VPN Client Adapter - VPN"
+NeoAdapter.DeviceDesc		= "VPN Client Adapter - VPN"
+Neo.EventLog.Name			= "Neo"
+NetworkAddress				= "MAC Address"
+DefaultAddress				= "000001000001"
+MaxSpeed					= "Indicate Speed (Mbps)"
+KeepLink					= "Keep Link"
+On							= "On"
+Off							= "Off"
+
+
+; Auto Generated 20180205_163621.454
+

tsan_suppressions.txt

@@ -0,0 +1,42 @@
+# This file contains suppressions for Thread Sanitizer.
+# For the specification, refer to: https://github.com/google/sanitizers/wiki/threadsanitizersuppressions
+
+
+
+## Set/Wait
+# This provides synchronization equivalent to a lock, but Thread Sanitizer cannot recognize it.
+
+# Thread Sanitizer reports data race on Halt in TK64.
+# https://github.com/SoftEtherVPN/SoftEtherVPN/pull/2221
+race_top:FreeTick64
+
+# Thread Sanitizer reports data races on Finished and NoDelayFlag in CONNECT_SERIAL_PARAM,
+# shared between BindConnectThreadForIPv4, BindConnectThreadForIPv6, and BindConnectEx5.
+# https://github.com/SoftEtherVPN/SoftEtherVPN/pull/2222
+race_top:BindConnectThreadForIPv4
+race_top:BindConnectThreadForIPv6
+race_top:BindConnectEx5
+
+# Thread Sanitizer reports data races on PoolHalting in THREAD, shared between ThreadPoolProc and WaitThread.
+# But if WaitThread reads false, synchronization is ensured by Wait from the PoolWaitList. If it reads true,
+# WaitThread simply returns.
+race_top:ThreadPoolProc
+
+
+## Accept/Disconnect cancellation
+# Thread Sanitizer reports two data races on CancelAccept and CallingThread in SOCK, shared between
+# Accept(Accept6) and Disconnect. These are used when interrupting an Accept operation from a Disconnect.
+# They are race-safe because they work correctly even if both fields have old values.
+race_top:^Accept$
+race_top:^Accept6$
+race_top:^Disconnect$
+
+
+## Manual PTHREAD_MUTEX_RECURSIVE
+# The Lock/Unlock mechanism on Unix is a manual, hand-coded implementation of PTHREAD_MUTEX_RECURSIVE.
+# We avoid using the PTHREAD_MUTEX_RECURSIVE directly because it exhibits critical bugs, such as deadlocks
+# on certain older systems(Linux, Solaris, or macOS). While Thread Sanitizer will report data races,
+# these warnings should be ignored as the logic has been carefully implemented to ensure thread safety.
+# https://github.com/SoftEtherVPN/SoftEtherVPN/pull/2219
+race_top:UnixLock
+race_top:UnixUnlockEx