Remove CodeQL build artifacts and update .gitignore

Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>
Fix race condition and add named constant for cache TTL
2026-05-02 11:49:33 +03:00 · 2026-02-05 08:31:09 +00:00 · 2026-02-05 08:30:38 +00:00 · 2026-02-05 08:26:13 +00:00 · 2026-02-05 08:21:46 +00:00 · 2026-02-05 08:09:28 +00:00
33 changed files with 658 additions and 1995 deletions
@@ -4,7 +4,6 @@ name: Coverity
 on:
  schedule:
  - cron: "0 0 * * *"
  workflow_dispatch:
 permissions:
  contents: read
@@ -12,7 +11,7 @@ permissions:
 jobs:
  scan:
    runs-on: ubuntu-latest
-    if: ${{ github.repository_owner == 'SoftEtherVPN' || github.event_name == 'workflow_dispatch' }}
+    if: ${{ github.repository_owner == 'SoftEtherVPN' }}
    steps:
    - uses: actions/checkout@v2
      with:
@@ -1,80 +0,0 @@
 name: Sanitizer
 on: [push, pull_request]
 permissions:
  contents: read
 jobs:
  run_sanitizer:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        sanitizer:
          - "address,leak,undefined"
          - "thread,undefined"
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: true
      - name: Install dependencies
        run: |
          sudo apt update
          sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev liblz4-dev libnl-genl-3-dev 
      - name: Build
        run: |
          mkdir build
          cd build
          cmake -G "Ninja" -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_FLAGS="-O1 -fsanitize=${{ matrix.sanitizer }} -fno-omit-frame-pointer" ..
          cmake --build .
      - name: Test
        env:
          ASAN_OPTIONS: halt_on_error=0:exitcode=0
          TSAN_OPTIONS: halt_on_error=0:exitcode=0:suppressions=./tsan_suppressions.txt
          UBSAN_OPTIONS: halt_on_error=0:exitcode=0
          LSAN_OPTIONS: exitcode=0
        run: |
          .ci/vpntools-check.sh 2> sanitizer.log
      - name: Make job summary
        run: |
          echo "### Sanitizer Report (${{ matrix.sanitizer }})" >> $GITHUB_STEP_SUMMARY
          REPORTS=$(grep -E "SUMMARY:|runtime error:" sanitizer.log | sort | uniq)
          REPORT_COUNT=$(echo "$REPORTS" | grep -c . || true)
          echo "Found $REPORT_COUNT issues" >> $GITHUB_STEP_SUMMARY
          echo "<details><summary>View Summary</summary>" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
          echo "$REPORTS" >> $GITHUB_STEP_SUMMARY
          echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "</details>" >> $GITHUB_STEP_SUMMARY
          if [ "$REPORT_COUNT" -ne 0 ]; then
            echo "HAS_ISSUES=true" >> $GITHUB_ENV
            echo "REPORT_COUNT=$REPORT_COUNT" >> $GITHUB_ENV
          fi
      - name: Upload full sanitizer log
        if: env.HAS_ISSUES == 'true'
        uses: actions/upload-artifact@v4
        with:
          name: sanitizer-logs-${{ matrix.sanitizer }}
          path: |
            sanitizer.log
          retention-days: 30
      - name: Fail on sanitizer issues
        if: env.HAS_ISSUES == 'true'
        run: |
          echo "Found ${{ env.REPORT_COUNT }} issues."
          echo "Please check the Job Summary page for a quick overview."
          echo "Full logs are available in the GitHub Artifacts."
          exit 1
@@ -8,11 +8,10 @@ jobs:
    strategy:
      matrix:
        platform: [
-          { ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe",     VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat", RUNNER: "windows-latest", CMAKE_EXTRA_FLAGS: ""},
+          { ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe",     VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat"},
-          { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat", RUNNER: "windows-latest", CMAKE_EXTRA_FLAGS: ""},
+          { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"}
          { ARCHITECTURE: arm64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/ARM64/bin/clang-cl.exe", VCPKG_TRIPLET: "arm64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvarsarm64.bat", RUNNER: "windows-11-arm", CMAKE_EXTRA_FLAGS: "-DOQS_PERMIT_UNSUPPORTED_ARCHITECTURE=ON"}
        ]
-    runs-on: ${{ matrix.platform.RUNNER }}
+    runs-on: windows-latest
    name: ${{ matrix.platform.ARCHITECTURE }}
    steps:
    - uses: actions/checkout@v4
@@ -34,13 +33,12 @@ jobs:
        COMPILER_PATH: ${{ matrix.platform.COMPILER_PATH }}
        VCPKG_TRIPLET: ${{ matrix.platform.VCPKG_TRIPLET }}
        VCVARS_PATH: ${{ matrix.platform.VCVARS_PATH }}
        CMAKE_EXTRA_FLAGS: ${{ matrix.platform.CMAKE_EXTRA_FLAGS }}
      run: |
        set BUILD_NUMBER=0
        mkdir build
        cd build
        call "%VCVARS_PATH%"
-        cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% %CMAKE_EXTRA_FLAGS% ..
+        cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% ..
        cmake --build .
        mkdir installers
        vpnsetup /SFXMODE:vpnclient /SFXOUT:"installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
@@ -26,14 +26,13 @@ jobs:
        uses: softprops/action-gh-release@v1
  build-windows:
    name: ${{ matrix.platform.ARCHITECTURE }}
-    runs-on: ${{ matrix.platform.RUNNER }}
+    runs-on: windows-latest
    needs: ["release"]
    strategy:
      matrix:
        platform: [
-          { ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe",     VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat", RUNNER: "windows-latest", CMAKE_EXTRA_FLAGS: ""},
+          { ARCHITECTURE: x86, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/bin/clang-cl.exe",     VCPKG_TRIPLET: "x86-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars32.bat"},
-          { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat", RUNNER: "windows-latest", CMAKE_EXTRA_FLAGS: ""},
+          { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"}
          { ARCHITECTURE: arm64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/ARM64/bin/clang-cl.exe", VCPKG_TRIPLET: "arm64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvarsarm64.bat", RUNNER: "windows-11-arm", CMAKE_EXTRA_FLAGS: "-DOQS_PERMIT_UNSUPPORTED_ARCHITECTURE=ON"}
        ]
    steps:
      - name: "Checkout repository"
@@ -58,12 +57,11 @@ jobs:
          COMPILER_PATH: ${{ matrix.platform.COMPILER_PATH }}
          VCPKG_TRIPLET: ${{ matrix.platform.VCPKG_TRIPLET }}
          VCVARS_PATH: ${{ matrix.platform.VCVARS_PATH }}
          CMAKE_EXTRA_FLAGS: ${{ matrix.platform.CMAKE_EXTRA_FLAGS }}
        run: |
          mkdir build
          cd build
          call "%VCVARS_PATH%"
-          cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% %CMAKE_EXTRA_FLAGS% ..
+          cmake -G "Ninja" -DCMAKE_TOOLCHAIN_FILE="C:\vcpkg\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=%VCPKG_TRIPLET% -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER="%COMPILER_PATH%" -DCMAKE_CXX_COMPILER="%COMPILER_PATH%" -DBUILD_NUMBER=%BUILD_NUMBER% ..
          cmake --build .
          mkdir installers
          vpnsetup /SFXMODE:vpnclient /SFXOUT:"installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
@@ -210,3 +210,5 @@ developer_tools/stbchecker/**/*.binlog
 developer_tools/stbchecker/**/*.nvuser
 developer_tools/stbchecker/**/.mfractor/
 /vcpkg_installed
 _codeql_build_dir/
 _codeql_detected_source_root
@@ -87,10 +87,6 @@ into it. So that is what will be described below.
   - x86-on-x64
     Cross compile x86 executables with 64-bit compiler
    - arm64-on-x64
     Cross compile arm64 executables with x64t compiler
   On 64-bit Windows, all four configurations can be used. 32-bit platforms can only use 32-bit compiler.
@@ -1,52 +0,0 @@
 # How to build and install SoftEther VPN on Windows ARM64
 This document describes how to build SoftEther VPN for Windows ARM64 and how to install the VPN Client and Neo6 virtual network adapter on Windows on ARM devices.
 ## Requirements
 - Build host: Windows x64
 - Target device: Windows 10 / Windows 11 ARM64
 ## Building 
    **Notes before building**: ARM64 builds are cross-compiled from an x64 Windows host. An existing x64-native build is required to generate hamcore.se2.
 1. Follow [BUILD_WINDOWS.md](BUILD_WINDOWS.md##Building)
 1. Build x64 (Native): From the build menu, select x64-on-x64. Complete the build successfully. This build is required to generate shared resources
 1. Build ARM64 (Cross-Compiled): From the same build menu, select arm64-on-x64. 
 Build the ARM64 version of SoftEther VPN.
 1. Building the Neo6 Virtual Network Adapter (ARM64)
    Open the following project in Visual Studio:
    ```
    .\src\Neo6\Neo6.vcxproj 
    ```
    SoftEther VPN Client uses the Neo6 virtual network adapter.
    Driver Output Files
    The ARM64 driver package includes:
    ```
    Neo6_arm64_VPN.sys
    Neo6_arm64_VPN.inf
    ```
    Driver Signing and Installation (Windows ARM64)
    ```
    Enable test-signing mode: bcdedit /set testsigning on
    Reboot the system.
    Testing signing:
    Install the Neo6 ARM64 driver.
    ```
 # Summary
 SoftEther VPN can be cross-compiled for Windows ARM64 on an x64 host
 VPN Client works natively on Windows on ARM
 Neo6 ARM64 driver requires Microsoft signing for production use
 Test-signing is suitable for local development only
@@ -8739,7 +8739,7 @@ UINT StSetHubRadius(ADMIN *a, RPC_RADIUS *t)
 	}
 	//SetRadiusServer(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret);
-	SetRadiusServerEx2(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret, t->RadiusRetryInterval, t->RadiusRetryTimeout);
+	SetRadiusServerEx(h, t->RadiusServerName, t->RadiusPort, t->RadiusSecret, t->RadiusRetryInterval);
 	ALog(a, h, "LA_SET_HUB_RADIUS");
@@ -8778,8 +8778,8 @@ UINT StGetHubRadius(ADMIN *a, RPC_RADIUS *t)
 	Zero(t, sizeof(RPC_RADIUS));
 	//GetRadiusServer(h, t->RadiusServerName, sizeof(t->RadiusServerName),
 	//	&t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret));
-	GetRadiusServerEx2(h, t->RadiusServerName, sizeof(t->RadiusServerName),
+	GetRadiusServerEx(h, t->RadiusServerName, sizeof(t->RadiusServerName),
-		&t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret), &t->RadiusRetryInterval, &t->RadiusRetryTimeout);
+		&t->RadiusPort, t->RadiusSecret, sizeof(t->RadiusSecret), &t->RadiusRetryInterval);
 	ReleaseHub(h);
@@ -13031,7 +13031,6 @@ void InRpcRadius(RPC_RADIUS *t, PACK *p)
 	PackGetStr(p, "HubName", t->HubName, sizeof(t->HubName));
 	PackGetStr(p, "RadiusSecret", t->RadiusSecret, sizeof(t->RadiusSecret));
 	t->RadiusRetryInterval = PackGetInt(p, "RadiusRetryInterval");
 	t->RadiusRetryTimeout = PackGetInt(p, "RadiusRetryTimeout");
 }
 void OutRpcRadius(PACK *p, RPC_RADIUS *t)
 {
@@ -13046,7 +13045,6 @@ void OutRpcRadius(PACK *p, RPC_RADIUS *t)
 	PackAddStr(p, "HubName", t->HubName);
 	PackAddStr(p, "RadiusSecret", t->RadiusSecret);
 	PackAddInt(p, "RadiusRetryInterval", t->RadiusRetryInterval);
 	PackAddInt(p, "RadiusRetryTimeout", t->RadiusRetryTimeout);
 }
 // RPC_HUB
@@ -259,7 +259,6 @@ struct RPC_RADIUS
 	UINT RadiusPort;					// Radius port number
 	char RadiusSecret[MAX_PASSWORD_LEN + 1];	// Secret key
 	UINT RadiusRetryInterval;			// Radius retry interval
 	UINT RadiusRetryTimeout;			// Radius retry timeout
 };
 // Specify the HUB
@@ -11791,9 +11791,6 @@ UINT PsRadiusServerSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
 		{"[server_name:port]", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_Host"), CmdEvalNotEmpty, NULL},
 		{"SECRET", CmdPromptChoosePassword, _UU("CMD_RadiusServerSet_Prompt_Secret"), NULL, NULL},
 		{"RETRY_INTERVAL", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_RetryInterval"), CmdEvalMinMax, &minmax},
 		// Support for setting timeout through commandline not added
 		// {"RETRY_TIMEOUT", CmdPrompt, _UU("CMD_RadiusServerSet_Prompt_RetryTimeout"), CmdEvalMinMax, &minmax},
 	};
 	// If virtual HUB is not selected, it's an error
@@ -11818,7 +11815,6 @@ UINT PsRadiusServerSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
 		StrCpy(t.RadiusServerName, sizeof(t.RadiusServerName), host);
 		StrCpy(t.RadiusSecret, sizeof(t.RadiusSecret), GetParamStr(o, "SECRET"));
 		t.RadiusRetryInterval = GetParamInt(o, "RETRY_INTERVAL");
 		// t.RadiusRetryTimeout = GetParamInt(o, "RETRY_TIMEOUT");
 		Free(host);
@@ -11942,9 +11938,6 @@ UINT PsRadiusServerGet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
 			UniToStri(tmp, t.RadiusRetryInterval);
 			CtInsert(ct, _UU("CMD_RadiusServerGet_RetryInterval"), tmp);
 			UniToStri(tmp, t.RadiusRetryTimeout);
 			CtInsert(ct, _UU("CMD_RadiusServerGet_RetryTimeout"), tmp);
 		}
 		CtFree(ct, c);
@@ -99,7 +99,6 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch
 	char radius_servers[MAX_PATH] = {0};
 	UINT radius_port = 0;
 	UINT radius_retry_interval = 0;
 	UINT radius_retry_timeout = 0;
 	char radius_secret[MAX_PATH] = {0};
 	char radius_suffix_filter[MAX_PATH] = {0};
 	if (cedar == NULL || hubname == NULL || client_ip_str == NULL || username == NULL)
@@ -116,8 +115,8 @@ EAP_CLIENT *HubNewEapClient(CEDAR *cedar, char *hubname, char *client_ip_str, ch
 	if (hub != NULL)
 	{
-		if (GetRadiusServerEx3(hub, radius_servers, sizeof(radius_servers), &radius_port, radius_secret,
+		if (GetRadiusServerEx2(hub, radius_servers, sizeof(radius_servers), &radius_port, radius_secret,
-			sizeof(radius_secret), &radius_retry_interval, &radius_retry_timeout, radius_suffix_filter, sizeof(radius_suffix_filter)))
+			sizeof(radius_secret), &radius_retry_interval, radius_suffix_filter, sizeof(radius_suffix_filter)))
 		{
 			bool use_peap = hub->RadiusUsePeapInsteadOfEap;
@@ -6416,23 +6415,17 @@ void ReleaseHub(HUB *h)
 bool GetRadiusServer(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size)
 {
 	UINT interval;
 	return GetRadiusServerEx(hub, name, size, port, secret, secret_size, &interval);
 }
-bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval) {
+bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval)
 	UINT timeout;
 	return GetRadiusServerEx2(hub, name, size, port, secret, secret_size, interval, &timeout);
 }
 bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout)
 {
-	return GetRadiusServerEx3(hub, name, size, port, secret, secret_size, interval, timeout, NULL, 0);
+	return GetRadiusServerEx2(hub, name, size, port, secret, secret_size, interval, NULL, 0);
 }
-bool GetRadiusServerEx3(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size)
+bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, char *suffix_filter, UINT suffix_filter_size)
 {
 	bool ret = false;
 	// Validate arguments
-	if (hub == NULL || name == NULL || port == NULL || secret == NULL || interval == NULL || timeout == NULL)
+	if (hub == NULL || name == NULL || port == NULL || secret == NULL || interval == NULL)
 	{
 		return false;
 	}
@@ -6446,7 +6439,6 @@ bool GetRadiusServerEx3(HUB *hub, char *name, UINT size, UINT *port, char *secre
 			StrCpy(name, size, hub->RadiusServerName);
 			*port = hub->RadiusServerPort;
 			*interval = hub->RadiusRetryInterval;
 			*timeout = hub->RadiusRetryTimeout;
 			tmp_size = hub->RadiusSecret->Size + 1;
 			tmp = ZeroMalloc(tmp_size);
@@ -6473,10 +6465,6 @@ void SetRadiusServer(HUB *hub, char *name, UINT port, char *secret)
 	SetRadiusServerEx(hub, name, port, secret, RADIUS_RETRY_INTERVAL);
 }
 void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval)
 {
 	SetRadiusServerEx2(hub, name, port, secret, interval, RADIUS_RETRY_TIMEOUT);
 }
 void SetRadiusServerEx2(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout)
 {
 	// Validate arguments
 	if (hub == NULL)
@@ -6496,28 +6484,19 @@ void SetRadiusServerEx2(HUB *hub, char *name, UINT port, char *secret, UINT inte
 			hub->RadiusServerName = NULL;
 			hub->RadiusServerPort = 0;
 			hub->RadiusRetryInterval = RADIUS_RETRY_INTERVAL;
 			hub->RadiusRetryTimeout = RADIUS_RETRY_TIMEOUT;
 			FreeBuf(hub->RadiusSecret);
 		}
 		else
 		{
 			hub->RadiusServerName = CopyStr(name);
 			hub->RadiusServerPort = port;
 			if (timeout == 0) {
 				timeout = RADIUS_RETRY_TIMEOUT;
 			}
 			hub->RadiusRetryTimeout = timeout;
 			if (interval == 0)
 			{
-				hub->RadiusRetryInterval = RADIUS_RETRY_INTERVAL; ///What happens here is that RADIUS_RETRY_TIMEOUT is not configurable, and RADIUS_RETRY_INTERVAL is set to the timeout if it's larger.
+				hub->RadiusRetryInterval = RADIUS_RETRY_INTERVAL;
 			}
-			
+			else if (interval > RADIUS_RETRY_TIMEOUT)
 			if (interval > timeout)
 			{
-				hub->RadiusRetryInterval = timeout;
+				hub->RadiusRetryInterval = RADIUS_RETRY_TIMEOUT;
 			}
 			else
 			{
@@ -341,7 +341,6 @@ struct HUB
 	char *RadiusServerName;				// Radius server name
 	UINT RadiusServerPort;				// Radius server port number
 	UINT RadiusRetryInterval;			// Radius retry interval
 	UINT RadiusRetryTimeout;			// Radius timeout, it will no longer retry
 	BUF *RadiusSecret;					// Radius shared key
 	char RadiusSuffixFilter[MAX_SIZE];	// Radius suffix filter
 	char RadiusRealm[MAX_SIZE];			// Radius realm (optional)
@@ -483,11 +482,9 @@ void GetAccessListStr(char *str, UINT size, ACCESS *a);
 void DeleteOldIpTableEntry(LIST *o);
 void SetRadiusServer(HUB *hub, char *name, UINT port, char *secret);
 void SetRadiusServerEx(HUB *hub, char *name, UINT port, char *secret, UINT interval);
 void SetRadiusServerEx2(HUB *hub, char *name, UINT port, char *secret, UINT interval, UINT timeout);
 bool GetRadiusServer(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size);
 bool GetRadiusServerEx(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval);
-bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout);
+bool GetRadiusServerEx2(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, char *suffix_filter, UINT suffix_filter_size);
 bool GetRadiusServerEx3(HUB *hub, char *name, UINT size, UINT *port, char *secret, UINT secret_size, UINT *interval, UINT *timeout, char *suffix_filter, UINT suffix_filter_size);
 int CompareCert(void *p1, void *p2);
 void GetHubLogSetting(HUB *h, HUB_LOG *setting);
 void SetHubLogSetting(HUB *h, HUB_LOG *setting);
@@ -2562,16 +2562,9 @@ void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol)
 								Debug("OpenVPN Channel %u Failed.\n", j);
 								OvsLog(s, se, c, "LO_CHANNEL_FAILED");
-								if ((se->IpcAsync->ErrorCode == ERR_AUTHTYPE_NOT_SUPPORTED) ||
+								// Return the AUTH_FAILED
-									(se->IpcAsync->ErrorCode == ERR_AUTH_FAILED) ||
+								str = "AUTH_FAILED";
-									(se->IpcAsync->ErrorCode == ERR_PROXY_AUTH_FAILED) ||
+								WriteFifo(c->SslPipe->SslInOut->SendFifo, str, StrSize(str));
 									(se->IpcAsync->ErrorCode == ERR_USER_AUTHTYPE_NOT_PASSWORD) ||
 									(se->IpcAsync->ErrorCode == ERR_NOT_SUPPORTED_AUTH_ON_OPENSOURCE))
 								{
 									// Return the AUTH_FAILED
 									str = "AUTH_FAILED";
 									WriteFifo(c->SslPipe->SslInOut->SendFifo, str, StrSize(str));
 								}
 								s->SessionEstablishedCount++;
@@ -5429,7 +5429,7 @@ void ClientUploadNoop(CONNECTION *c)
 	}
 	p = PackError(0);
-	PackAddInt(p, "noop", NOOP);
+	PackAddInt(p, "noop", 1);
 	(void)HttpClientSend(c->FirstSock, p);
 	FreePack(p);
@@ -5440,24 +5440,6 @@ void ClientUploadNoop(CONNECTION *c)
 	}
 }
 void ServerUploadNoop(CONNECTION *c)
 {
 	PACK *p;
 	// Validate arguments
 	if (c == NULL)
 	{
 		return;
 	}
 	p = PackError(0);
 	PackAddInt(p, "noop", NOOP_IGNORE);
 	(void)HttpServerSend(c->FirstSock, p);
 	FreePack(p);
 	// Client can't re-respond to an HTTP "response" 
 	// so we don't wait for it on the server side
 }
 // Add client version information to the PACK
 void PackAddClientVersion(PACK *p, CONNECTION *c)
 {
@@ -169,7 +169,6 @@ bool GetSessionKeyFromPack(PACK *p, UCHAR *session_key, UINT *session_key_32);
 void CreateNodeInfo(NODE_INFO *info, CONNECTION *c);
 UINT SecureSign(SECURE_SIGN *sign, UINT device_id, char *pin);
 void ClientUploadNoop(CONNECTION *c);
 void ServerUploadNoop(CONNECTION *c);
 bool ClientCheckServerCert(CONNECTION *c, bool *expired);
 void ClientCheckServerCertThread(THREAD *thread, void *param);
 bool ClientSecureSign(CONNECTION *c, UCHAR *sign, UCHAR *random, X **x);
@@ -7,7 +7,6 @@
 #include "Radius.h"
 #include "Protocol.h"
 #include "Connection.h"
 #include "IPC.h"
 #include "Server.h"
@@ -1768,7 +1767,7 @@ LABEL_ERROR:
 ////////// Classical implementation
 // Attempts Radius authentication (with specifying retry interval and multiple server)
-bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UINT timeout, UCHAR *mschap_v2_server_response_20,
+bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
 				 RADIUS_LOGIN_OPTION *opt, char *hubname)
 {
 	UCHAR random[MD5_SIZE];
@@ -2073,22 +2072,14 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec
 			// Transmission process start
 			start = Tick64();
 			// Limit timeout to be larger than hardcoded timeout
 			// Limit interval to be larger than the hardcoded interval and less than timeout
 			if (timeout < RADIUS_RETRY_TIMEOUT) {
 				timeout = RADIUS_RETRY_TIMEOUT;
 			}
 			if(interval < RADIUS_RETRY_INTERVAL)
 			{
 				interval = RADIUS_RETRY_INTERVAL;
 			}
-			else if(interval > timeout)
+			else if(interval > RADIUS_RETRY_TIMEOUT)
 			{
-				interval = timeout;
+				interval = RADIUS_RETRY_TIMEOUT;
 			}
 			next_send_time = start + (UINT64)interval;
 			while (true)
@@ -2108,8 +2099,6 @@ SEND_RETRY:
 				next_send_time = Tick64() + (UINT64)interval;
 RECV_RETRY:
 				ServerUploadNoop(c);				
 				now = Tick64();
 				if (next_send_time <= now)
 				{
@@ -2120,7 +2109,7 @@ RECV_RETRY:
 					goto SEND_RETRY;
 				}
-				if ((start + timeout) < now)
+				if ((start + RADIUS_RETRY_TIMEOUT) < now)
 				{
 					// Time-out
 					break;
@@ -283,7 +283,7 @@ struct RADIUS_LOGIN_OPTION
 };
 // Function prototype
-bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UINT timeout, UCHAR *mschap_v2_server_response_20,
+bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
 				 RADIUS_LOGIN_OPTION *opt, char *hubname);
 BUF *RadiusEncryptPassword(char *password, UCHAR *random, UCHAR *secret, UINT secret_size);
 BUF *RadiusCreateUserName(wchar_t *username);
@@ -516,7 +516,6 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
 			char suffix_filter[MAX_SIZE];
 			wchar_t suffix_filter_w[MAX_SIZE];
 			UINT interval;
 			UINT timeout;
 			EAP_CLIENT *eap = NULL;
 			char password1[MAX_SIZE];
 			UCHAR client_challenge[16];
@@ -587,7 +586,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
 			}
 			// Get the Radius server information
-			if (GetRadiusServerEx3(hub, radius_server_addr, sizeof(radius_server_addr), &radius_server_port, radius_secret, sizeof(radius_secret), &interval, &timeout, suffix_filter, sizeof(suffix_filter)))
+			if (GetRadiusServerEx2(hub, radius_server_addr, sizeof(radius_server_addr), &radius_server_port, radius_secret, sizeof(radius_secret), &interval, suffix_filter, sizeof(suffix_filter)))
 			{
 				Unlock(hub->lock);
@@ -598,7 +597,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
 					// Attempt to login
 					b = RadiusLogin(c, radius_server_addr, radius_server_port,
 						radius_secret, StrLen(radius_secret),
-						name, password, interval, timeout, mschap_v2_server_response_20, opt, hub->Name);
+						name, password, interval, mschap_v2_server_response_20, opt, hub->Name);
 					if (b)
 					{
@@ -4855,7 +4855,6 @@ void SiWriteHubCfg(FOLDER *f, HUB *h)
 		}
 		CfgAddInt(f, "RadiusServerPort", h->RadiusServerPort);
 		CfgAddInt(f, "RadiusRetryInterval", h->RadiusRetryInterval);
 		CfgAddInt(f, "RadiusRetryTimeout", h->RadiusRetryTimeout);
 		CfgAddStr(f, "RadiusSuffixFilter", h->RadiusSuffixFilter);
 		CfgAddStr(f, "RadiusRealm", h->RadiusRealm);
@@ -5021,11 +5020,9 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name)
 			BUF *secret;
 			UINT port;
 			UINT interval;
 			UINT timeout;
 			port = CfgGetInt(f, "RadiusServerPort");
 			interval = CfgGetInt(f, "RadiusRetryInterval");
 			timeout = CfgGetInt(f, "RadiusRetryTimeout");
 			CfgGetStr(f, "RadiusSuffixFilter", h->RadiusSuffixFilter, sizeof(h->RadiusSuffixFilter));
 			CfgGetStr(f, "RadiusRealm", h->RadiusRealm, sizeof(h->RadiusRealm));
@@ -5038,10 +5035,6 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name)
 				interval = RADIUS_RETRY_INTERVAL;
 			}
 			if (timeout == 0) {
 				timeout = RADIUS_RETRY_TIMEOUT;
 			}
 			if (port != 0 && CfgGetStr(f, "RadiusServerName", name, sizeof(name)))
 			{
 				secret = CfgGetBuf(f, "RadiusSecret");
@@ -5055,7 +5048,7 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name)
 					}
 					secret_str[sizeof(secret_str) - 1] = 0;
 					//SetRadiusServer(h, name, port, secret_str);
-					SetRadiusServerEx2(h, name, port, secret_str, interval, timeout);
+					SetRadiusServerEx(h, name, port, secret_str, interval);
 					FreeBuf(secret);
 				}
 			}
@@ -1190,6 +1190,67 @@ void NnIpSendForInternet(NATIVE_NAT *t, UCHAR ip_protocol, UCHAR ttl, UINT src_i
 	}
 }
 // Host IP address cache TTL in milliseconds (60 seconds)
 #define HOST_IP_CACHE_TTL_MS		60000
 // Check if destination IP is one of the host's own IP addresses
 // Uses caching to avoid frequent system calls
 // Returns true if dest_ip matches any of the host's IPs
 bool IsDestinationHostOwnIP(VH *v, UINT dest_ip)
 {
 	bool is_host_ip = false;
 	UINT64 now;
 	LIST *new_list = NULL;
 	// Validate arguments
 	if (v == NULL)
 	{
 		return false;
 	}
 	now = Tick64();
 	Lock(v->HostIPCacheLock);
 	{
 		// Check if cache needs refresh (every 60 seconds or if not initialized)
 		if (v->HostIPAddressCache == NULL || now >= v->HostIPCacheExpires)
 		{
 			// Get new list while holding the lock to prevent multiple threads from refreshing
 			new_list = GetHostIPAddressList();
 			// Free old cache
 			if (v->HostIPAddressCache != NULL)
 			{
 				FreeHostIPAddressList(v->HostIPAddressCache);
 			}
 			// Set new cache with TTL
 			v->HostIPAddressCache = new_list;
 			v->HostIPCacheExpires = now + HOST_IP_CACHE_TTL_MS;
 		}
 		// Check if dest_ip matches any cached host IP
 		if (v->HostIPAddressCache != NULL)
 		{
 			UINT i;
 			IP dest_ip_obj;
 			UINTToIP(&dest_ip_obj, dest_ip);
 			for (i = 0; i < LIST_NUM(v->HostIPAddressCache); i++)
 			{
 				IP *host_ip = LIST_DATA(v->HostIPAddressCache, i);
 				if (IsIP4(host_ip) && CmpIpAddr(&dest_ip_obj, host_ip) == 0)
 				{
 					is_host_ip = true;
 					break;
 				}
 			}
 		}
 	}
 	Unlock(v->HostIPCacheLock);
 	return is_host_ip;
 }
 // Communication of ICMP towards the Internet
 void NnIcmpEchoRecvForInternet(VH *v, UINT src_ip, UINT dest_ip, void *data, UINT size, UCHAR ttl, void *icmp_data, UINT icmp_size, UCHAR *ip_header, UINT ip_header_size, UINT max_l3_size)
 {
@@ -1209,6 +1270,15 @@ void NnIcmpEchoRecvForInternet(VH *v, UINT src_ip, UINT dest_ip, void *data, UIN
 		return;
 	}
 	// Check if destination is the host's own IP address
 	// When Native NAT tries to send packets to the host's own IP, the OS routing
 	// may fail or behave unexpectedly. Drop such packets to avoid issues.
 	if (IsDestinationHostOwnIP(v, dest_ip))
 	{
 		// Destination is the host's own IP - drop the packet
 		return;
 	}
 	t = v->NativeNat;
 	old_icmp_header = (ICMP_HEADER *)icmp_data;
@@ -1351,6 +1421,15 @@ void NnUdpRecvForInternet(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT
 		return;
 	}
 	// Check if destination is the host's own IP address
 	// When Native NAT tries to send packets to the host's own IP, the OS routing
 	// may fail or behave unexpectedly. Drop such packets to avoid issues.
 	if (IsDestinationHostOwnIP(v, dest_ip))
 	{
 		// Destination is the host's own IP - drop the packet
 		return;
 	}
 	t = v->NativeNat;
 	// Search whether there is an existing session
@@ -1449,6 +1528,15 @@ void NnTcpRecvForInternet(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT
 		return;
 	}
 	// Check if destination is the host's own IP address
 	// When Native NAT tries to send packets to the host's own IP, the OS routing
 	// may fail or behave unexpectedly. Drop such packets to avoid issues.
 	if (IsDestinationHostOwnIP(v, dest_ip))
 	{
 		// Destination is the host's own IP - drop the packet
 		return;
 	}
 	t = v->NativeNat;
 	// Search whether there is an existing session
@@ -10193,6 +10281,13 @@ void Virtual_Free(VH *v)
 	LockVirtual(v);
 	{
 		// Free host IP cache
 		if (v->HostIPAddressCache != NULL)
 		{
 			FreeHostIPAddressList(v->HostIPAddressCache);
 			v->HostIPAddressCache = NULL;
 		}
 		// Release the IP combining list
 		FreeIpCombineList(v);
@@ -10227,6 +10322,9 @@ void Virtual_Free(VH *v)
 	}
 	UnlockVirtual(v);
 	// Release the host IP cache lock
 	DeleteLock(v->HostIPCacheLock);
 	// Release the logger
 	FreeLog(v->Logger);
 }
@@ -10357,6 +10455,11 @@ VH *NewVirtualHostEx(CEDAR *cedar, CLIENT_OPTION *option, CLIENT_AUTH *auth, VH_
 	v->nat = nat;
 	// Initialize host IP cache for Native NAT
 	v->HostIPAddressCache = NULL;
 	v->HostIPCacheExpires = 0;
 	v->HostIPCacheLock = NewLock();
 	// Examine whether ICMP Raw Socket can be created
 	s = NewUDP4(MAKE_SPECIAL_PORT(IP_PROTO_ICMPV4), NULL);
 	if (s != NULL)
@@ -313,6 +313,11 @@ struct VH
 	HUB_OPTION *HubOption;			// Pointer to the Virtual HUB options
 	NATIVE_NAT *NativeNat;			// Native NAT
 	// Host IP cache for Native NAT packet filtering
 	LIST *HostIPAddressCache;		// Cached list of host IP addresses
 	UINT64 HostIPCacheExpires;		// When the cache expires (tick64)
 	LOCK *HostIPCacheLock;			// Lock for cache access
 };
 // Virtual host option
@@ -4761,7 +4761,7 @@ static void MY_SHA0_Transform(MY_SHA0_CTX* ctx) {
 	UCHAR* p = ctx->buf;
 	int t;
 	for(t = 0; t < 16; ++t) {
-		UINT tmp =  (UINT)*p++ << 24;
+		UINT tmp =  *p++ << 24;
 		tmp |= *p++ << 16;
 		tmp |= *p++ << 8;
 		tmp |= *p++;
@@ -1207,14 +1207,12 @@ PACK *HttpClientRecv(SOCK *s)
 	UINT size;
 	UCHAR *tmp;
 	HTTP_VALUE *v;
 	UINT num_noop = 0;
 	// Validate arguments
 	if (s == NULL)
 	{
 		return NULL;
 	}
 START:
 	h = RecvHttpHeader(s);
 	if (h == NULL)
 	{
@@ -1259,22 +1257,6 @@ START:
 	p = BufToPack(b);
 	FreeBuf(b);
 	// Client shouldn't receive a noop other than NOOP_IGNORE
 	// because it can't respond without a full new HTTP request
 	UINT noop = PackGetInt(p, "noop");
 	if (noop == NOOP_IGNORE) {
 		Debug("recv: noop ignore\n");
 		FreePack(p);
 		num_noop++;
 		if (num_noop > MAX_NOOP_PER_SESSION)
 		{
 			return NULL;
 		}
 		goto START;
 	}
 	return p;
 }
@@ -1383,14 +1365,13 @@ START:
 	FreeBuf(b);
 	// Determine whether it's a NOOP
-	UINT noop = PackGetInt(p, "noop");
+	if (PackGetInt(p, "noop") != 0)
 	if (noop == NOOP)
 	{
 		Debug("recv: noop\n");
 		FreePack(p);
 		p = PackError(0);
-		PackAddInt(p, "noop", NOOP_IGNORE);
+		PackAddInt(p, "noop", 1);
 		if (HttpServerSend(s, p) == false)
 		{
 			FreePack(p);
@@ -1406,11 +1387,6 @@ START:
 			return NULL;
 		}
 		goto START;
 	} else if (noop == NOOP_IGNORE) {
 		Debug("recv: noop ignore\n");
 		FreePack(p);
 		goto START;
 	}
@@ -63,7 +63,7 @@ static int ydays[] =
 	0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 365
 };
-static COUNTER *current_num_thread = NULL;
+static UINT current_num_thread = 0;
 static UINT cached_number_of_cpus = 0;
@@ -776,7 +776,6 @@ void InitThreading()
 {
 	thread_pool = NewSk();
 	thread_count = NewCounter();
 	current_num_thread = NewCounter();
 }
 // Release of thread pool
@@ -822,9 +821,6 @@ void FreeThreading()
 	DeleteCounter(thread_count);
 	thread_count = NULL;
 	DeleteCounter(current_num_thread);
 	current_num_thread = NULL;
 }
 // Thread pool procedure
@@ -1032,9 +1028,9 @@ THREAD *NewThreadNamed(THREAD_PROC *thread_proc, void *param, char *name)
 	Wait(pd->InitFinishEvent, INFINITE);
-	Inc(current_num_thread);
+	current_num_thread++;
-//	Debug("current_num_thread = %u\n", Count(current_num_thread));
+//	Debug("current_num_thread = %u\n", current_num_thread);
 	return ret;
 }
@@ -1059,8 +1055,8 @@ void CleanupThread(THREAD *t)
 	Free(t);
-	Dec(current_num_thread);
+	current_num_thread--;
-	//Debug("current_num_thread = %u\n", Count(current_num_thread));
+	//Debug("current_num_thread = %u\n", current_num_thread);
 }
 // Release thread (pool)
@@ -72,26 +72,11 @@ int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow)
 // Compiler dependent
 #ifndef	OS_WIN32
-// GCC or Clang compiler
+// Gcc compiler
 #define	GCC_PACKED		__attribute__ ((__packed__))
 // Clang compiler
 #if defined(__has_feature)
 #if __has_feature(thread_sanitizer)
 #define ATTRIBUTE_NO_TSAN			__attribute__((no_sanitize("thread")))
 #endif	// __has_feature(thread_sanitizer)
 #endif	// __has_feature
 // GCC compiler
 #if defined(__SANITIZE_THREAD__) && !defined(ATTRIBUTE_NO_TSAN)
 #define ATTRIBUTE_NO_TSAN			__attribute__((no_sanitize("thread")))
 #endif	// __SANITIZE_THREAD__
 // Other or older Clang/GCC compiler
 #ifndef ATTRIBUTE_NO_TSAN
 #define ATTRIBUTE_NO_TSAN
 #endif	// ATTRIBUTE_NO_TSAN
 #else	// OS_WIN32
 // VC++ compiler
 #define	GCC_PACKED
 #define ATTRIBUTE_NO_TSAN
 #endif	// OS_WIN32
 // Macro that displays the current file name and line number
@@ -881,6 +881,8 @@ struct SSL_VERIFY_OPTION
 	X *SavedCert;					// Saved server certificate
 };
 #define	SSL_DEFAULT_CONNECT_TIMEOUT		(15 * 1000)		// SSL default timeout
 // Header for TCP Pair
 struct TCP_PAIR_HEADER
 {
@@ -38,8 +38,6 @@
 // The number of allowable NOOP
 #define	MAX_NOOP_PER_SESSION	30
 #define NOOP 1
 #define NOOP_IGNORE 2 // A noop, but don't send a response noop
 // VALUE object
 struct VALUE
@@ -470,7 +470,6 @@ LIST *LoadLangList()
 	b = ReadDump(filename);
 	if (b == NULL)
 	{
 		FreeLangList(o);
 		return NULL;
 	}
@@ -1849,8 +1849,6 @@ void UnixUnlockEx(LOCK *lock, bool inner)
 }
 // Lock
 // Recursive locking is implemented manually instead of using PTHREAD_MUTEX_RECURSIVE.
 // See: https://github.com/SoftEtherVPN/SoftEtherVPN/pull/2219
 bool UnixLock(LOCK *lock)
 {
 	pthread_mutex_t *mutex;
@@ -2142,13 +2140,9 @@ void UnixMemoryFree(void *addr)
 // SIGCHLD handler
 void UnixSigChldHandler(int sig)
 {
 	int old_errno = errno;
 	// Recall the zombie processes
 	while (waitpid(-1, NULL, WNOHANG) > 0);
 	signal(SIGCHLD, UnixSigChldHandler);
 	errno = old_errno;
 }
 // Disable core dump
@@ -1,42 +0,0 @@
 # This file contains suppressions for Thread Sanitizer.
 # For the specification, refer to: https://github.com/google/sanitizers/wiki/threadsanitizersuppressions
 ## Set/Wait
 # This provides synchronization equivalent to a lock, but Thread Sanitizer cannot recognize it.
 # Thread Sanitizer reports data race on Halt in TK64.
 # https://github.com/SoftEtherVPN/SoftEtherVPN/pull/2221
 race_top:FreeTick64
 # Thread Sanitizer reports data races on Finished and NoDelayFlag in CONNECT_SERIAL_PARAM,
 # shared between BindConnectThreadForIPv4, BindConnectThreadForIPv6, and BindConnectEx5.
 # https://github.com/SoftEtherVPN/SoftEtherVPN/pull/2222
 race_top:BindConnectThreadForIPv4
 race_top:BindConnectThreadForIPv6
 race_top:BindConnectEx5
 # Thread Sanitizer reports data races on PoolHalting in THREAD, shared between ThreadPoolProc and WaitThread.
 # But if WaitThread reads false, synchronization is ensured by Wait from the PoolWaitList. If it reads true,
 # WaitThread simply returns.
 race_top:ThreadPoolProc
 ## Accept/Disconnect cancellation
 # Thread Sanitizer reports two data races on CancelAccept and CallingThread in SOCK, shared between
 # Accept(Accept6) and Disconnect. These are used when interrupting an Accept operation from a Disconnect.
 # They are race-safe because they work correctly even if both fields have old values.
 race_top:^Accept$
 race_top:^Accept6$
 race_top:^Disconnect$
 ## Manual PTHREAD_MUTEX_RECURSIVE
 # The Lock/Unlock mechanism on Unix is a manual, hand-coded implementation of PTHREAD_MUTEX_RECURSIVE.
 # We avoid using the PTHREAD_MUTEX_RECURSIVE directly because it exhibits critical bugs, such as deadlocks
 # on certain older systems(Linux, Solaris, or macOS). While Thread Sanitizer will report data races,
 # these warnings should be ignored as the logic has been carefully implemented to ensure thread safety.
 # https://github.com/SoftEtherVPN/SoftEtherVPN/pull/2219
 race_top:UnixLock
 race_top:UnixUnlockEx
Author	SHA1	Message	Date
copilot-swe-agent[bot]	4a21c9496a	Remove CodeQL build artifacts and update .gitignore Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>	2026-02-05 08:31:09 +00:00
copilot-swe-agent[bot]	bb7bd8d945	Fix race condition and add named constant for cache TTL Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>	2026-02-05 08:30:38 +00:00
copilot-swe-agent[bot]	1e36ff0f77	Refactor host IP checking with caching and helper function Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>	2026-02-05 08:26:13 +00:00
copilot-swe-agent[bot]	55bfcb9a94	Add check to prevent Native NAT packets to host's own IP addresses Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>	2026-02-05 08:21:46 +00:00
copilot-swe-agent[bot]	2963142d2e	Initial plan	2026-02-05 08:09:28 +00:00