Merge pull request #69 from keeshux/support-legacy-lzo

Support legacy LZO compression
2019-03-20 09:04:03 +01:00 · 2019-03-20 09:04:03 +01:00 · a06a4fef9b
parent a15fae2993 a238c2c806
commit a06a4fef9b
42 changed files with 11549 additions and 80 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 ## Unreleased
 ### Added
 - Support for legacy `--comp-lzo` compression. [#69](https://github.com/keeshux/tunnelkit/pull/69)
 ## 1.4.3 (2019-03-18)
 ### Fixed
--- a/README.md
+++ b/README.md
@ -32,10 +32,12 @@ The client is known to work with [OpenVPN®][openvpn] 2.3+ servers.
    - Disabled
    - Compress (2.4)
    - LZO (deprecated in 2.4)
 - [x] Compression algorithms
    - LZO (`--comp-lzo` only)
 - [x] Key renegotiation
 - [x] Replay protection (hardcoded window)
-The library therefore supports compression framing, just not compression. Remember to disable server-side compression and match framing, otherwise the client will shut down with an error. E.g. if server has `comp-lzo no`, client must use `compressionFraming = .compLZO`.
+The library therefore supports compression framing, just not newer compression. Remember to match server-side compression and framing, otherwise the client will shut down with an error. E.g. if server has `comp-lzo no`, client must use `compressionFraming = .compLZO`.
 ### Support for .ovpn configuration
@ -45,7 +47,6 @@ Unsupported:
 - UDP fragmentation, i.e. `--fragment`
 - Compression
    - `--comp-lzo` other than `no`
    - `--compress` other than empty
 - Proxy
 - External file references (inline `<block>` only)
@ -147,6 +148,10 @@ The goal of this module is packaging up a black box implementation of a [NEPacke
 Currently, the extension supports VPN over both [UDP][ne-udp] and [TCP][ne-tcp] sockets. A debug log snapshot is optionally maintained and shared to host apps via the App Group container.
 ### LZO
 Due to the restrictive license (GPLv2), LZO support is provided as an optional subspec.
 ## License
 ### Part I
@ -159,6 +164,10 @@ As seen in [libsignal-protocol-c][license-signal]:
 > Additional Permissions For Submission to Apple App Store: Provided that you are otherwise in compliance with the GPLv3 for each covered work you convey (including without limitation making the Corresponding Source available in compliance with Section 6 of the GPLv3), the Author also grants you the additional permission to convey through the Apple App Store non-source executable versions of the Program as incorporated into each applicable covered work as Executable Versions only under the Mozilla Public License version 2.0 (https://www.mozilla.org/en-US/MPL/2.0/).
 ### Part III
 Part I and II do not apply to the LZO library, which remains licensed under the terms of the GPLv2+.
 ### Contributing
 By contributing to this project you are agreeing to the terms stated in the [Contributor License Agreement (CLA)][contrib-cla].
@ -169,6 +178,7 @@ For more details please see [CONTRIBUTING][contrib-readme].
 - [PIATunnel][dep-piatunnel-repo] - Copyright (c) 2018-Present Private Internet Access
 - [SwiftyBeaver][dep-swiftybeaver-repo] - Copyright (c) 2015 Sebastian Kreutzberger
 - [lzo][dep-lzo-website] - Copyright (c) 1996 - 2017 Markus F.X.J. Oberhumer
 This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. ([https://www.openssl.org/][dep-openssl])
@ -202,6 +212,7 @@ Website: [davidederosa.com][about-website]
 [dep-piatunnel-repo]: https://github.com/pia-foss/tunnel-apple
 [dep-swiftybeaver-repo]: https://github.com/SwiftyBeaver/SwiftyBeaver
 [dep-lzo-website]: http://www.oberhumer.com/opensource/lzo/
 [about-twitter]: https://twitter.com/keeshux
 [about-website]: https://davidederosa.com
--- a/TunnelKit.podspec
+++ b/TunnelKit.podspec
@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
    s.name              = "TunnelKit"
-    s.version           = "1.4.3"
+    s.version           = "1.5.0"
    s.summary           = "Non-official OpenVPN client for Apple platforms."
    s.homepage          = "https://github.com/keeshux/tunnelkit"
@ -12,6 +12,8 @@ Pod::Spec.new do |s|
    s.ios.deployment_target = "11.0"
    s.osx.deployment_target = "10.11"
    s.default_subspecs = "Core", "AppExtension"
    s.subspec "Core" do |p|
        p.source_files          = "TunnelKit/Sources/Core/**/*.{h,m,swift}"
        p.private_header_files  = "TunnelKit/Sources/Core/**/*.h"
@ -31,4 +33,13 @@ Pod::Spec.new do |s|
        p.dependency "TunnelKit/Core"
        p.dependency "SwiftyBeaver"
    end
    s.subspec "LZO" do |p|
        p.source_files          = "TunnelKit/Sources/Core/LZO.h",
                                  "TunnelKit/Sources/Core/Errors.{h,m}",
                                  "TunnelKit/Sources/LZO/**/*.{h,m,c}"
        p.private_header_files  = "TunnelKit/Sources/Core/LZO.h",
                                  "TunnelKit/Sources/LZO/lib/*.h"
        p.pod_target_xcconfig   = { "APPLICATION_EXTENSION_API_ONLY" => "YES" }
    end
 end
--- a/TunnelKit.xcodeproj/project.pbxproj
+++ b/TunnelKit.xcodeproj/project.pbxproj
@ -64,6 +64,26 @@
 		0E3E0F212108A8CC00B371C1 /* SessionProxy+PushReply.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E3E0F202108A8CC00B371C1 /* SessionProxy+PushReply.swift */; };
 		0E3E0F222108A8CC00B371C1 /* SessionProxy+PushReply.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E3E0F202108A8CC00B371C1 /* SessionProxy+PushReply.swift */; };
 		0E50D57521634E0A00FC87A8 /* ControlChannelTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E50D57421634E0A00FC87A8 /* ControlChannelTests.swift */; };
 		0E58BF3322405410006FB157 /* lzoconf.h in Headers */ = {isa = PBXBuildFile; fileRef = 0E58BF2F22405410006FB157 /* lzoconf.h */; };
 		0E58BF3422405410006FB157 /* lzoconf.h in Headers */ = {isa = PBXBuildFile; fileRef = 0E58BF2F22405410006FB157 /* lzoconf.h */; };
 		0E58BF3522405410006FB157 /* lzodefs.h in Headers */ = {isa = PBXBuildFile; fileRef = 0E58BF3022405410006FB157 /* lzodefs.h */; };
 		0E58BF3622405410006FB157 /* lzodefs.h in Headers */ = {isa = PBXBuildFile; fileRef = 0E58BF3022405410006FB157 /* lzodefs.h */; };
 		0E58BF3722405410006FB157 /* minilzo.h in Headers */ = {isa = PBXBuildFile; fileRef = 0E58BF3122405410006FB157 /* minilzo.h */; };
 		0E58BF3822405410006FB157 /* minilzo.h in Headers */ = {isa = PBXBuildFile; fileRef = 0E58BF3122405410006FB157 /* minilzo.h */; };
 		0E58BF3922405410006FB157 /* minilzo.c in Sources */ = {isa = PBXBuildFile; fileRef = 0E58BF3222405410006FB157 /* minilzo.c */; };
 		0E58BF3A22405410006FB157 /* minilzo.c in Sources */ = {isa = PBXBuildFile; fileRef = 0E58BF3222405410006FB157 /* minilzo.c */; };
 		0E58BF3C2240547F006FB157 /* CompressionTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E58BF3B2240547F006FB157 /* CompressionTests.swift */; };
 		0E58BF3D2240547F006FB157 /* CompressionTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E58BF3B2240547F006FB157 /* CompressionTests.swift */; };
 		0E58BF4C22405C2F006FB157 /* StandardLZO.m in Sources */ = {isa = PBXBuildFile; fileRef = 0E58BF4922405C2F006FB157 /* StandardLZO.m */; };
 		0E58BF4D22405C2F006FB157 /* StandardLZO.m in Sources */ = {isa = PBXBuildFile; fileRef = 0E58BF4922405C2F006FB157 /* StandardLZO.m */; };
 		0E58BF5622411F3D006FB157 /* LZO.h in Headers */ = {isa = PBXBuildFile; fileRef = 0E58BF5522411F37006FB157 /* LZO.h */; };
 		0E58BF5722411F3E006FB157 /* LZO.h in Headers */ = {isa = PBXBuildFile; fileRef = 0E58BF5522411F37006FB157 /* LZO.h */; };
 		0E58BF5922411FEF006FB157 /* LZO.m in Sources */ = {isa = PBXBuildFile; fileRef = 0E58BF5822411FEF006FB157 /* LZO.m */; };
 		0E58BF5A22411FEF006FB157 /* LZO.m in Sources */ = {isa = PBXBuildFile; fileRef = 0E58BF5822411FEF006FB157 /* LZO.m */; };
 		0E58BF502240F98F006FB157 /* CompressionAlgorithmNative.h in Headers */ = {isa = PBXBuildFile; fileRef = 0E58BF4F2240F98E006FB157 /* CompressionAlgorithmNative.h */; };
 		0E58BF512240F98F006FB157 /* CompressionAlgorithmNative.h in Headers */ = {isa = PBXBuildFile; fileRef = 0E58BF4F2240F98E006FB157 /* CompressionAlgorithmNative.h */; };
 		0E58BF532240FAA6006FB157 /* SessionProxy+CompressionAlgorithm.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E58BF522240FAA6006FB157 /* SessionProxy+CompressionAlgorithm.swift */; };
 		0E58BF542240FAA6006FB157 /* SessionProxy+CompressionAlgorithm.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E58BF522240FAA6006FB157 /* SessionProxy+CompressionAlgorithm.swift */; };
 		0E58F1302138AC2F00A49F27 /* DNSTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E58F12F2138AC2F00A49F27 /* DNSTests.swift */; };
 		0E749F5F2178885500BB2701 /* SessionProxy+PIA.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E749F5E2178885500BB2701 /* SessionProxy+PIA.swift */; };
 		0E749F602178885500BB2701 /* SessionProxy+PIA.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E749F5E2178885500BB2701 /* SessionProxy+PIA.swift */; };
@ -272,6 +292,16 @@
 		0E3B15C62152B05E00984B17 /* CryptoCTR.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = CryptoCTR.m; sourceTree = "<group>"; };
 		0E3E0F202108A8CC00B371C1 /* SessionProxy+PushReply.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SessionProxy+PushReply.swift"; sourceTree = "<group>"; };
 		0E50D57421634E0A00FC87A8 /* ControlChannelTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ControlChannelTests.swift; sourceTree = "<group>"; };
 		0E58BF2F22405410006FB157 /* lzoconf.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = lzoconf.h; sourceTree = "<group>"; };
 		0E58BF3022405410006FB157 /* lzodefs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = lzodefs.h; sourceTree = "<group>"; };
 		0E58BF3122405410006FB157 /* minilzo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = minilzo.h; sourceTree = "<group>"; };
 		0E58BF3222405410006FB157 /* minilzo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = minilzo.c; sourceTree = "<group>"; };
 		0E58BF3B2240547F006FB157 /* CompressionTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CompressionTests.swift; sourceTree = "<group>"; };
 		0E58BF4922405C2F006FB157 /* StandardLZO.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = StandardLZO.m; sourceTree = "<group>"; };
 		0E58BF5522411F37006FB157 /* LZO.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = LZO.h; sourceTree = "<group>"; };
 		0E58BF5822411FEF006FB157 /* LZO.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = LZO.m; sourceTree = "<group>"; };
 		0E58BF4F2240F98E006FB157 /* CompressionAlgorithmNative.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CompressionAlgorithmNative.h; sourceTree = "<group>"; };
 		0E58BF522240FAA6006FB157 /* SessionProxy+CompressionAlgorithm.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SessionProxy+CompressionAlgorithm.swift"; sourceTree = "<group>"; };
 		0E58F12F2138AC2F00A49F27 /* DNSTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DNSTests.swift; sourceTree = "<group>"; };
 		0E6479DD212EAC96008E6888 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
 		0E6479E0212EACD6008E6888 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
@ -406,6 +436,7 @@
 			isa = PBXGroup;
 			children = (
 				0E85A259202CC5AE0059E9F9 /* AppExtensionTests.swift */,
 				0E58BF3B2240547F006FB157 /* CompressionTests.swift */,
 				0E011F7F2196E20300BA59EE /* ConfigurationParserTests.swift */,
 				0E50D57421634E0A00FC87A8 /* ControlChannelTests.swift */,
 				0EB2B45420F0BB53004233D7 /* DataManipulationTests.swift */,
@ -482,10 +513,31 @@
 			children = (
 				0EFEB44D2006D3C800F81029 /* AppExtension */,
 				0EFEB4292006D3C800F81029 /* Core */,
 				0E58BEDC2240521F006FB157 /* LZO */,
 			);
 			path = Sources;
 			sourceTree = "<group>";
 		};
 		0E58BEDC2240521F006FB157 /* LZO */ = {
 			isa = PBXGroup;
 			children = (
 				0E58BF4722405734006FB157 /* lib */,
 				0E58BF4922405C2F006FB157 /* StandardLZO.m */,
 			);
 			path = LZO;
 			sourceTree = "<group>";
 		};
 		0E58BF4722405734006FB157 /* lib */ = {
 			isa = PBXGroup;
 			children = (
 				0E58BF2F22405410006FB157 /* lzoconf.h */,
 				0E58BF3022405410006FB157 /* lzodefs.h */,
 				0E58BF3222405410006FB157 /* minilzo.c */,
 				0E58BF3122405410006FB157 /* minilzo.h */,
 			);
 			path = lib;
 			sourceTree = "<group>";
 		};
 		0E6479DC212EAC96008E6888 /* TunnelKit-iOS */ = {
 			isa = PBXGroup;
 			children = (
@ -536,6 +588,7 @@
 				0EFEB42E2006D3C800F81029 /* Allocation.h */,
 				0EFEB4462006D3C800F81029 /* Allocation.m */,
 				0E12B2A421454F7F00B4BAE9 /* BidirectionalState.swift */,
 				0E58BF4F2240F98E006FB157 /* CompressionAlgorithmNative.h */,
 				0E245D6B2137F73600B012A2 /* CompressionFramingNative.h */,
 				0E011F872196E2AB00BA59EE /* ConfigurationParser.swift */,
 				0E39BCE6214B2AB60035E9DE /* ControlPacket.h */,
@ -563,6 +616,8 @@
 				0EFEB44B2006D3C800F81029 /* Errors.m */,
 				0EFEB4452006D3C800F81029 /* IOInterface.swift */,
 				0EFEB4492006D3C800F81029 /* LinkInterface.swift */,
 				0E58BF5522411F37006FB157 /* LZO.h */,
 				0E58BF5822411FEF006FB157 /* LZO.m */,
 				0EFEB4422006D3C800F81029 /* module.modulemap */,
 				0EFEB42D2006D3C800F81029 /* MSS.h */,
 				0EFEB43D2006D3C800F81029 /* MSS.m */,
@ -577,6 +632,7 @@
 				0E0C2123212ED29D008AB282 /* SessionError.swift */,
 				0EFEB43C2006D3C800F81029 /* SessionProxy.swift */,
 				0EFEB43A2006D3C800F81029 /* SessionProxy+Authenticator.swift */,
 				0E58BF522240FAA6006FB157 /* SessionProxy+CompressionAlgorithm.swift */,
 				0ED9C8632138139000621BA3 /* SessionProxy+CompressionFraming.swift */,
 				0E0C2124212ED29D008AB282 /* SessionProxy+Configuration.swift */,
 				0EFEB42A2006D3C800F81029 /* SessionProxy+EncryptionBridge.swift */,
@ -648,16 +704,21 @@
 			isa = PBXHeadersBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
 				0E58BF5622411F3D006FB157 /* LZO.h in Headers */,
 				0EF5CF262141E142004FF1BD /* PacketMacros.h in Headers */,
 				0EFEB4642006D3C800F81029 /* ReplayProtector.h in Headers */,
 				0EFEB4612006D3C800F81029 /* Errors.h in Headers */,
 				0E58BF3722405410006FB157 /* minilzo.h in Headers */,
 				0E07596E20EF79B400F38FD8 /* CryptoCBC.h in Headers */,
 				0E58BF3522405410006FB157 /* lzodefs.h in Headers */,
 				0E58BF502240F98F006FB157 /* CompressionAlgorithmNative.h in Headers */,
 				0E07596320EF733F00F38FD8 /* CryptoMacros.h in Headers */,
 				0EFEB46E2006D3C800F81029 /* TLSBox.h in Headers */,
 				0E07596B20EF79AB00F38FD8 /* Crypto.h in Headers */,
 				0EFEB46B2006D3C800F81029 /* CryptoBox.h in Headers */,
 				0EFEB4592006D3C800F81029 /* Allocation.h in Headers */,
 				0EFEB4582006D3C800F81029 /* MSS.h in Headers */,
 				0E58BF3322405410006FB157 /* lzoconf.h in Headers */,
 				0E245D6C2137F73600B012A2 /* CompressionFramingNative.h in Headers */,
 				0E3B15C72152B05E00984B17 /* CryptoCTR.h in Headers */,
 				0EFEB4602006D3C800F81029 /* DataPath.h in Headers */,
@ -671,16 +732,21 @@
 			isa = PBXHeadersBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
 				0E58BF5722411F3E006FB157 /* LZO.h in Headers */,
 				0EF5CF272141E15B004FF1BD /* PacketMacros.h in Headers */,
 				0EEC49E620B5F7F6008FEB91 /* MSS.h in Headers */,
 				0EEC49E520B5F7F6008FEB91 /* Errors.h in Headers */,
 				0E58BF3822405410006FB157 /* minilzo.h in Headers */,
 				0E07596F20EF79B400F38FD8 /* CryptoCBC.h in Headers */,
 				0E58BF3622405410006FB157 /* lzodefs.h in Headers */,
 				0E58BF512240F98F006FB157 /* CompressionAlgorithmNative.h in Headers */,
 				0E07596420EF733F00F38FD8 /* CryptoMacros.h in Headers */,
 				0EEC49EA20B5F7F6008FEB91 /* ZeroingData.h in Headers */,
 				0E07596C20EF79AB00F38FD8 /* Crypto.h in Headers */,
 				0EEC49E120B5F7EA008FEB91 /* Allocation.h in Headers */,
 				0EEC49E320B5F7F6008FEB91 /* DataPath.h in Headers */,
 				0EF5CF282141E183004FF1BD /* CompressionFramingNative.h in Headers */,
 				0E58BF3422405410006FB157 /* lzoconf.h in Headers */,
 				0EEC49E820B5F7F6008FEB91 /* ReplayProtector.h in Headers */,
 				0E3B15C82152B05E00984B17 /* CryptoCTR.h in Headers */,
 				0EEC49E920B5F7F6008FEB91 /* TLSBox.h in Headers */,
@ -1053,6 +1119,7 @@
 				0EE7A7A120F664AC00B42E6A /* DataPathEncryptionTests.swift in Sources */,
 				0EB2B45D20F0BF41004233D7 /* RawPerformanceTests.swift in Sources */,
 				0E85A25A202CC5AF0059E9F9 /* AppExtensionTests.swift in Sources */,
 				0E58BF3C2240547F006FB157 /* CompressionTests.swift in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@ -1070,6 +1137,7 @@
 			buildActionMask = 2147483647;
 			files = (
 				0EBBF2F5208505D700E36B40 /* NETunnelInterface.swift in Sources */,
 				0E58BF4C22405C2F006FB157 /* StandardLZO.m in Sources */,
 				0EFEB4732006D3C800F81029 /* LinkInterface.swift in Sources */,
 				0EBBF2F8208505DD00E36B40 /* NWUDPSessionState+Description.swift in Sources */,
 				0EFEB4652006D3C800F81029 /* SessionProxy+Authenticator.swift in Sources */,
@ -1077,6 +1145,7 @@
 				0EEC49DC20B5E732008FEB91 /* Utils.swift in Sources */,
 				0EFEB4562006D3C800F81029 /* SessionProxy+SessionKey.swift in Sources */,
 				0EC1BBA520D71190007C4C7B /* DNSResolver.swift in Sources */,
 				0E58BF5922411FEF006FB157 /* LZO.m in Sources */,
 				0EFEB4AB200760EC00F81029 /* MemoryDestination.swift in Sources */,
 				0E12B29E21449ADB00B4BAE9 /* NSRegularExpression+Shortcuts.swift in Sources */,
 				0EFEB4AE2007625E00F81029 /* Keychain.swift in Sources */,
@ -1110,6 +1179,7 @@
 				0EFEB4682006D3C800F81029 /* MSS.m in Sources */,
 				0EFEB45B2006D3C800F81029 /* TLSBox.m in Sources */,
 				0EFEB4792006D3C800F81029 /* TunnelKitProvider+Interaction.swift in Sources */,
 				0E58BF3922405410006FB157 /* minilzo.c in Sources */,
 				0EFEB4702006D3C800F81029 /* Allocation.m in Sources */,
 				0E041D092152E6FE0025FE3C /* SessionProxy+TLSWrap.swift in Sources */,
 				0EFEB4672006D3C800F81029 /* SessionProxy.swift in Sources */,
@ -1118,6 +1188,7 @@
 				0EFEB4782006D3C800F81029 /* TunnelKitProvider+Configuration.swift in Sources */,
 				0E3E0F212108A8CC00B371C1 /* SessionProxy+PushReply.swift in Sources */,
 				0EFEB4752006D3C800F81029 /* Errors.m in Sources */,
 				0E58BF532240FAA6006FB157 /* SessionProxy+CompressionAlgorithm.swift in Sources */,
 				0E12B2A521454F7F00B4BAE9 /* BidirectionalState.swift in Sources */,
 				0EBBF2E52084FE6F00E36B40 /* GenericSocket.swift in Sources */,
 				0EFEB4762006D3C800F81029 /* DataPath.m in Sources */,
@ -1133,6 +1204,7 @@
 			buildActionMask = 2147483647;
 			files = (
 				0EBBF2F6208505D700E36B40 /* NETunnelInterface.swift in Sources */,
 				0E58BF4D22405C2F006FB157 /* StandardLZO.m in Sources */,
 				0EFEB4A12006D7F300F81029 /* LinkInterface.swift in Sources */,
 				0EFEB4872006D7C400F81029 /* TunnelKitProvider+Configuration.swift in Sources */,
 				0EBBF2F7208505DD00E36B40 /* NWUDPSessionState+Description.swift in Sources */,
@ -1140,6 +1212,7 @@
 				0EE7A79920F6296F00B42E6A /* PacketMacros.m in Sources */,
 				0EEC49DD20B5E732008FEB91 /* Utils.swift in Sources */,
 				0EFEB4B12007627700F81029 /* MemoryDestination.swift in Sources */,
 				0E58BF5A22411FEF006FB157 /* LZO.m in Sources */,
 				0EC1BBA620D712DE007C4C7B /* DNSResolver.swift in Sources */,
 				0E12B29F21449ADB00B4BAE9 /* NSRegularExpression+Shortcuts.swift in Sources */,
 				0EFEB4A02006D7F300F81029 /* ReplayProtector.m in Sources */,
@ -1173,6 +1246,7 @@
 				0EBBF2F4208505D400E36B40 /* NEUDPInterface.swift in Sources */,
 				0EFEB4902006D7F300F81029 /* TunnelInterface.swift in Sources */,
 				0EFEB49E2006D7F300F81029 /* Allocation.m in Sources */,
 				0E58BF3A22405410006FB157 /* minilzo.c in Sources */,
 				0EFEB4B02007627700F81029 /* Keychain.swift in Sources */,
 				0E041D0A2152E6FE0025FE3C /* SessionProxy+TLSWrap.swift in Sources */,
 				0EFEB48E2006D7F300F81029 /* SessionProxy+SessionKey.swift in Sources */,
@ -1181,6 +1255,7 @@
 				0EFEB4A42006D7F300F81029 /* DataPath.m in Sources */,
 				0EBBF2E62084FE6F00E36B40 /* GenericSocket.swift in Sources */,
 				0E3E0F222108A8CC00B371C1 /* SessionProxy+PushReply.swift in Sources */,
 				0E58BF542240FAA6006FB157 /* SessionProxy+CompressionAlgorithm.swift in Sources */,
 				0E12B2A621454F7F00B4BAE9 /* BidirectionalState.swift in Sources */,
 				0EFEB4912006D7F300F81029 /* TLSBox.m in Sources */,
 				0EFEB49D2006D7F300F81029 /* IOInterface.swift in Sources */,
@ -1211,6 +1286,7 @@
 				0EA82A362190B2B9007960EB /* EncryptionTests.swift in Sources */,
 				0EA82A3D2190B2B9007960EB /* TestUtils.swift in Sources */,
 				0EA82A342190B2B9007960EB /* DNSTests.swift in Sources */,
 				0E58BF3D2240547F006FB157 /* CompressionTests.swift in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@ -1348,7 +1424,7 @@
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				CODE_SIGN_IDENTITY = "iPhone Developer";
 				COPY_PHASE_STRIP = NO;
-				CURRENT_PROJECT_VERSION = 357;
+				CURRENT_PROJECT_VERSION = 363;
 				DEBUG_INFORMATION_FORMAT = dwarf;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				ENABLE_TESTABILITY = YES;
@ -1412,7 +1488,7 @@
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				CODE_SIGN_IDENTITY = "iPhone Developer";
 				COPY_PHASE_STRIP = NO;
-				CURRENT_PROJECT_VERSION = 357;
+				CURRENT_PROJECT_VERSION = 363;
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
 				ENABLE_NS_ASSERTIONS = NO;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
@ -1445,7 +1521,7 @@
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = "";
 				DYLIB_COMPATIBILITY_VERSION = 1;
-				DYLIB_CURRENT_VERSION = 357;
+				DYLIB_CURRENT_VERSION = 363;
 				DYLIB_INSTALL_NAME_BASE = "@rpath";
 				FRAMEWORK_SEARCH_PATHS = "$(inherited)";
 				INFOPLIST_FILE = "$(SRCROOT)/TunnelKit-iOS/Info.plist";
@ -1468,7 +1544,7 @@
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = "";
 				DYLIB_COMPATIBILITY_VERSION = 1;
-				DYLIB_CURRENT_VERSION = 357;
+				DYLIB_CURRENT_VERSION = 363;
 				DYLIB_INSTALL_NAME_BASE = "@rpath";
 				FRAMEWORK_SEARCH_PATHS = "$(inherited)";
 				INFOPLIST_FILE = "$(SRCROOT)/TunnelKit-iOS/Info.plist";
@ -1491,7 +1567,7 @@
 				COMBINE_HIDPI_IMAGES = YES;
 				DEFINES_MODULE = YES;
 				DYLIB_COMPATIBILITY_VERSION = 1;
-				DYLIB_CURRENT_VERSION = 357;
+				DYLIB_CURRENT_VERSION = 363;
 				DYLIB_INSTALL_NAME_BASE = "@rpath";
 				FRAMEWORK_VERSION = A;
 				INFOPLIST_FILE = "$(SRCROOT)/TunnelKit-macOS/Info.plist";
@ -1514,7 +1590,7 @@
 				COMBINE_HIDPI_IMAGES = YES;
 				DEFINES_MODULE = YES;
 				DYLIB_COMPATIBILITY_VERSION = 1;
-				DYLIB_CURRENT_VERSION = 357;
+				DYLIB_CURRENT_VERSION = 363;
 				DYLIB_INSTALL_NAME_BASE = "@rpath";
 				FRAMEWORK_VERSION = A;
 				INFOPLIST_FILE = "$(SRCROOT)/TunnelKit-macOS/Info.plist";
--- a/TunnelKit/Sources/AppExtension/TunnelKitProvider+Configuration.swift
+++ b/TunnelKit/Sources/AppExtension/TunnelKitProvider+Configuration.swift
@ -62,6 +62,7 @@ extension TunnelKitProvider {
                clientKey: nil,
                checksEKU: false,
                compressionFraming: .disabled,
                compressionAlgorithm: .disabled,
                tlsWrap: nil,
                keepAliveInterval: nil,
                renegotiatesAfter: nil,
@ -178,6 +179,11 @@ extension TunnelKitProvider {
            } else {
                sessionConfigurationBuilder.compressionFraming = ConfigurationBuilder.defaults.sessionConfiguration.compressionFraming
            }
            if let compressionAlgorithmValue = providerConfiguration[S.compressionAlgorithm] as? Int, let compressionAlgorithm = SessionProxy.CompressionAlgorithm(rawValue: compressionAlgorithmValue) {
                sessionConfigurationBuilder.compressionAlgorithm = compressionAlgorithm
            } else {
                sessionConfigurationBuilder.compressionAlgorithm = ConfigurationBuilder.defaults.sessionConfiguration.compressionAlgorithm
            }
            if let tlsWrapData = providerConfiguration[S.tlsWrap] as? Data {
                do {
                    sessionConfigurationBuilder.tlsWrap = try SessionProxy.TLSWrap.deserialized(tlsWrapData)
@ -248,6 +254,8 @@ extension TunnelKitProvider {
            static let compressionFraming = "CompressionFraming"
            static let compressionAlgorithm = "CompressionAlgorithm"
            static let tlsWrap = "TLSWrap"
            static let keepAlive = "KeepAlive"
@ -408,6 +416,9 @@ extension TunnelKitProvider {
                dict[S.resolvedAddresses] = resolvedAddresses
            }
            dict[S.compressionFraming] = sessionConfiguration.compressionFraming.rawValue
            if let compressionAlgorithm = sessionConfiguration.compressionAlgorithm?.rawValue {
                dict[S.compressionAlgorithm] = compressionAlgorithm
            }
            if let tlsWrapData = sessionConfiguration.tlsWrap?.serialized() {
                dict[S.tlsWrap] = tlsWrapData
            }
@ -479,6 +490,11 @@ extension TunnelKitProvider {
            }
            log.info("\tMTU: \(mtu)")
            log.info("\tCompression framing: \(sessionConfiguration.compressionFraming)")
            if let compressionAlgorithm = sessionConfiguration.compressionAlgorithm, compressionAlgorithm != .disabled {
                log.info("\tCompression algorithm: \(compressionAlgorithm)")
            } else {
                log.info("\tCompression algorithm: disabled")
            }
            if let keepAliveSeconds = sessionConfiguration.keepAliveInterval, keepAliveSeconds > 0 {
                log.info("\tKeep-alive: \(keepAliveSeconds) seconds")
            } else {
--- a/TunnelKit/Sources/AppExtension/TunnelKitProvider+Interaction.swift
+++ b/TunnelKit/Sources/AppExtension/TunnelKitProvider+Interaction.swift
@ -117,7 +117,10 @@ extension TunnelKitProvider {
        /// Data encryption/decryption failed.
        case encryptionData
-        /// Server uses compression and this is not supported.
+        /// The LZO engine failed.
        case lzo
        /// Server uses an unsupported compression algorithm.
        case serverCompression
        /// Tunnel timed out.
--- a/TunnelKit/Sources/AppExtension/TunnelKitProvider.swift
+++ b/TunnelKit/Sources/AppExtension/TunnelKitProvider.swift
@ -593,6 +593,9 @@ extension TunnelKitProvider {
            case .dataPathCompression:
                return .serverCompression
            case .LZO:
                return .lzo
            }
        } else if let se = error as? SessionError {
            switch se {
--- a/TunnelKit/Sources/Core/Allocation.m
+++ b/TunnelKit/Sources/Core/Allocation.m
@ -35,6 +35,7 @@
 //
 #import <stdlib.h>
 #import <Foundation/Foundation.h>
 #import "Allocation.h"
@ -43,7 +44,7 @@
 void *allocate_safely(size_t size) {
    void *memory = malloc(size);
    if (!memory) {
-//        abort("malloc() call failed")
+        NSLog(@"malloc() call failed");
        abort();
        return NULL;
    }
--- a/TunnelKit/Sources/Core/CompressionAlgorithmNative.h
+++ b/TunnelKit/Sources/Core/CompressionAlgorithmNative.h
@ -0,0 +1,32 @@
 //
 //  CompressionFramingNative.h
 //  TunnelKit
 //
 //  Created by Davide De Rosa on 3/19/19.
 //  Copyright (c) 2019 Davide De Rosa. All rights reserved.
 //
 //  https://github.com/keeshux
 //
 //  This file is part of TunnelKit.
 //
 //  TunnelKit is free software: you can redistribute it and/or modify
 //  it under the terms of the GNU General Public License as published by
 //  the Free Software Foundation, either version 3 of the License, or
 //  (at your option) any later version.
 //
 //  TunnelKit is distributed in the hope that it will be useful,
 //  but WITHOUT ANY WARRANTY; without even the implied warranty of
 //  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 //  GNU General Public License for more details.
 //
 //  You should have received a copy of the GNU General Public License
 //  along with TunnelKit.  If not, see <http://www.gnu.org/licenses/>.
 //
 #import <Foundation/Foundation.h>
 typedef NS_ENUM(NSInteger, CompressionAlgorithmNative) {
    CompressionAlgorithmNativeDisabled,
    CompressionAlgorithmNativeLZO,
    CompressionAlgorithmNativeOther
 };
--- a/TunnelKit/Sources/Core/ConfigurationParser.swift
+++ b/TunnelKit/Sources/Core/ConfigurationParser.swift
@ -25,6 +25,7 @@
 import Foundation
 import SwiftyBeaver
 import __TunnelKitNative
 private let log = SwiftyBeaver.self
@ -140,6 +141,7 @@ public class ConfigurationParser {
        var cipher: SessionProxy.Cipher?
        var digest: SessionProxy.Digest?
        var compressionFraming: SessionProxy.CompressionFraming = .disabled
        var compressionAlgorithm: SessionProxy.CompressionAlgorithm = .disabled
        var optCA: CryptoContainer?
        var clientCertificate: CryptoContainer?
        var clientKey: CryptoContainer?
@ -295,13 +297,18 @@ public class ConfigurationParser {
                isHandled = true
                compressionFraming = .compLZO
-                guard let arg = $0.first else {
+                if !LZOIsSupported() {
-                    warning = warning ?? .unsupportedConfiguration(option: line)
+                    guard let arg = $0.first else {
-                    return
+                        warning = warning ?? .unsupportedConfiguration(option: line)
-                }
+                        return
-                guard arg == "no" else {
+                    }
-                    unsupportedError = .unsupportedConfiguration(option: line)
+                    guard arg == "no" else {
-                    return
+                        unsupportedError = .unsupportedConfiguration(option: line)
                        return
                    }
                } else {
                    let arg = $0.first
                    compressionAlgorithm = (arg == "no") ? .disabled : .LZO
                }
            }
            Regex.compress.enumerateArguments(in: line) {
@ -309,6 +316,7 @@ public class ConfigurationParser {
                compressionFraming = .compress
                guard $0.isEmpty else {
                    compressionAlgorithm = .other
                    unsupportedError = .unsupportedConfiguration(option: line)
                    return
                }
@ -411,6 +419,7 @@ public class ConfigurationParser {
        sessionBuilder.cipher = cipher ?? .aes128cbc
        sessionBuilder.digest = digest ?? .sha1
        sessionBuilder.compressionFraming = compressionFraming
        sessionBuilder.compressionAlgorithm = compressionAlgorithm
        sessionBuilder.tlsWrap = tlsWrap
        sessionBuilder.clientCertificate = clientCertificate
        sessionBuilder.clientKey = clientKey
--- a/TunnelKit/Sources/Core/CoreConfiguration.swift
+++ b/TunnelKit/Sources/Core/CoreConfiguration.swift
@ -83,6 +83,8 @@ struct CoreConfiguration {
        "IV_PROTO=2",
        "IV_NCP=2",
        "IV_SSL=\(CryptoBox.version())",
        "IV_LZO=1",
        "IV_LZO_STUB=1",
        ""
    ].joined(separator: "\n")
--- a/TunnelKit/Sources/Core/CryptoAEAD.m
+++ b/TunnelKit/Sources/Core/CryptoAEAD.m
@ -346,21 +346,22 @@ static const NSInteger CryptoAEADTagLength = 16;
    return YES;
 }
- (const uint8_t *)parsePayloadWithBlock:(DataPathParseBlock)block length:(NSInteger *)length packetBytes:(uint8_t *)packetBytes packetLength:(NSInteger)packetLength error:(NSError * _Nullable __autoreleasing * _Nullable)error
+- (NSData *)parsePayloadWithBlock:(DataPathParseBlock)block compressionHeader:(nonnull uint8_t *)compressionHeader packetBytes:(nonnull uint8_t *)packetBytes packetLength:(NSInteger)packetLength error:(NSError * _Nullable __autoreleasing * _Nullable)error
 {
    uint8_t *payload = packetBytes;
-    *length = packetLength - (int)(payload - packetBytes);
+    NSUInteger length = packetLength - (int)(payload - packetBytes);
    if (!block) {
-        return payload;
+        *compressionHeader = 0x00;
        return [NSData dataWithBytes:payload length:length];
    }
    NSInteger payloadOffset;
    NSInteger payloadHeaderLength;
-    if (!block(payload, &payloadOffset, &payloadHeaderLength, packetBytes, packetLength, error)) {
+    if (!block(payload, &payloadOffset, compressionHeader, &payloadHeaderLength, packetBytes, packetLength, error)) {
        return NULL;
    }
-    *length -= payloadHeaderLength;
+    length -= payloadHeaderLength;
-    return payload + payloadOffset;
+    return [NSData dataWithBytes:(payload + payloadOffset) length:length];
 }
@end
--- a/TunnelKit/Sources/Core/CryptoCBC.m
+++ b/TunnelKit/Sources/Core/CryptoCBC.m
@ -368,22 +368,23 @@ const NSInteger CryptoCBCMaxHMACLength = 100;
    return YES;
 }
- (const uint8_t *)parsePayloadWithBlock:(DataPathParseBlock)block length:(NSInteger *)length packetBytes:(uint8_t *)packetBytes packetLength:(NSInteger)packetLength error:(NSError * _Nullable __autoreleasing * _Nullable)error
+- (NSData *)parsePayloadWithBlock:(DataPathParseBlock)block compressionHeader:(nonnull uint8_t *)compressionHeader packetBytes:(nonnull uint8_t *)packetBytes packetLength:(NSInteger)packetLength error:(NSError * _Nullable __autoreleasing * _Nullable)error
 {
    uint8_t *payload = packetBytes;
    payload += sizeof(uint32_t); // packet id
-    *length = packetLength - (int)(payload - packetBytes);
+    NSUInteger length = packetLength - (int)(payload - packetBytes);
    if (!block) {
-        return payload;
+        *compressionHeader = 0x00;
        return [NSData dataWithBytes:payload length:length];
    }
    NSInteger payloadOffset;
    NSInteger payloadHeaderLength;
-    if (!block(payload, &payloadOffset, &payloadHeaderLength, packetBytes, packetLength, error)) {
+    if (!block(payload, &payloadOffset, compressionHeader, &payloadHeaderLength, packetBytes, packetLength, error)) {
        return NULL;
    }
-    *length -= payloadHeaderLength;
+    length -= payloadHeaderLength;
-    return payload + payloadOffset;
+    return [NSData dataWithBytes:(payload + payloadOffset) length:length];
 }
@end
--- a/TunnelKit/Sources/Core/DataPath.h
+++ b/TunnelKit/Sources/Core/DataPath.h
@ -51,6 +51,7 @@ NS_ASSUME_NONNULL_BEGIN
                                decrypter:(id<DataPathDecrypter>)decrypter
                                   peerId:(uint32_t)peerId // 24-bit, discard most significant byte
                       compressionFraming:(CompressionFramingNative)compressionFraming
                     compressionAlgorithm:(CompressionAlgorithmNative)compressionAlgorithm
                               maxPackets:(NSInteger)maxPackets
                     usesReplayProtection:(BOOL)usesReplayProtection;
--- a/TunnelKit/Sources/Core/DataPath.m
+++ b/TunnelKit/Sources/Core/DataPath.m
@ -40,6 +40,7 @@
 #import "DataPathCrypto.h"
 #import "MSS.h"
 #import "ReplayProtector.h"
 #import "LZO.h"
 #import "Allocation.h"
 #import "Errors.h"
@ -65,6 +66,7 @@
@property (nonatomic, copy) DataPathAssembleBlock assemblePayloadBlock;
@property (nonatomic, copy) DataPathParseBlock parsePayloadBlock;
@property (nonatomic, strong) id<LZO> lzo;
@end
@ -80,7 +82,13 @@
    return (uint8_t *)addr;
 }
- (instancetype)initWithEncrypter:(id<DataPathEncrypter>)encrypter decrypter:(id<DataPathDecrypter>)decrypter peerId:(uint32_t)peerId compressionFraming:(CompressionFramingNative)compressionFraming maxPackets:(NSInteger)maxPackets usesReplayProtection:(BOOL)usesReplayProtection
+- (instancetype)initWithEncrypter:(id<DataPathEncrypter>)encrypter
                        decrypter:(id<DataPathDecrypter>)decrypter
                           peerId:(uint32_t)peerId
               compressionFraming:(CompressionFramingNative)compressionFraming
             compressionAlgorithm:(CompressionAlgorithmNative)compressionAlgorithm
                       maxPackets:(NSInteger)maxPackets
             usesReplayProtection:(BOOL)usesReplayProtection
 {
    NSParameterAssert(encrypter);
    NSParameterAssert(decrypter);
@ -108,6 +116,10 @@
        [self.encrypter setPeerId:peerId];
        [self.decrypter setPeerId:peerId];
        [self setCompressionFraming:compressionFraming];
        if (LZOIsSupported() && (compressionFraming == CompressionFramingNativeCompLZO) && (compressionAlgorithm == CompressionAlgorithmNativeLZO)) {
            self.lzo = LZOCreate();
        }
    }
    return self;
 }
@ -162,8 +174,9 @@
                memcpy(packetDest, payload.bytes, payload.length);
                *packetLengthOffset = 0;
            };
-            self.parsePayloadBlock = ^BOOL(uint8_t * _Nonnull payload, NSInteger * _Nonnull payloadOffset, NSInteger * _Nonnull headerLength, const uint8_t * _Nonnull packet, NSInteger packetLength, NSError * _Nullable __autoreleasing * _Nullable error) {
+            self.parsePayloadBlock = ^BOOL(uint8_t * _Nonnull payload, NSInteger * _Nonnull payloadOffset, uint8_t * _Nonnull compressionHeader, NSInteger * _Nonnull headerLength, const uint8_t * _Nonnull packet, NSInteger packetLength, NSError * _Nullable __autoreleasing * _Nullable error) {
                *payloadOffset = 0;
                *compressionHeader = 0x00;
                *headerLength = 0;
                return YES;
            };
@ -176,8 +189,9 @@
                packetDest[0] = DataPacketNoCompressSwap;
                *packetLengthOffset = 1;
            };
-            self.parsePayloadBlock = ^BOOL(uint8_t * _Nonnull payload, NSInteger * _Nonnull payloadOffset, NSInteger * _Nonnull headerLength, const uint8_t * _Nonnull packet, NSInteger packetLength, NSError * _Nullable __autoreleasing * _Nullable error) {
+            self.parsePayloadBlock = ^BOOL(uint8_t * _Nonnull payload, NSInteger * _Nonnull payloadOffset, uint8_t * _Nonnull compressionHeader, NSInteger * _Nonnull headerLength, const uint8_t * _Nonnull packet, NSInteger packetLength, NSError * _Nullable __autoreleasing * _Nullable error) {
-                if (payload[0] != DataPacketNoCompressSwap) {
+                *compressionHeader = payload[0];
                if (*compressionHeader != DataPacketNoCompressSwap) {
                    // @"Expected NO_COMPRESS_SWAP (found %X != %X)", payload[0], DataPacketNoCompressSwap);
                    *error = TunnelKitErrorWithCode(TunnelKitErrorCodeDataPathCompression);
                    return NO;
@ -190,18 +204,40 @@
            break;
        }
        case CompressionFramingNativeCompLZO: {
            __weak DataPath *weakSelf = self;
            self.assemblePayloadBlock = ^(uint8_t * packetDest, NSInteger * packetLengthOffset, NSData * payload) {
                NSData *compressedPayload = [weakSelf.lzo compressedDataWithData:payload error:NULL];
                if (compressedPayload) {
                    packetDest[0] = DataPacketLZOCompress;
                    *packetLengthOffset = 1 - (payload.length - compressedPayload.length);
                    payload = compressedPayload;
                } else {
                    packetDest[0] = DataPacketNoCompress;
                    *packetLengthOffset = 1;
                }
                memcpy(packetDest + 1, payload.bytes, payload.length);
                packetDest[0] = DataPacketNoCompress;
                *packetLengthOffset = 1;
            };
-            self.parsePayloadBlock = ^BOOL(uint8_t * _Nonnull payload, NSInteger * _Nonnull payloadOffset, NSInteger * _Nonnull headerLength, const uint8_t * _Nonnull packet, NSInteger packetLength, NSError * _Nullable __autoreleasing * _Nullable error) {
+            self.parsePayloadBlock = ^BOOL(uint8_t * _Nonnull payload, NSInteger * _Nonnull payloadOffset, uint8_t * _Nonnull compressionHeader, NSInteger * _Nonnull headerLength, const uint8_t * _Nonnull packet, NSInteger packetLength, NSError * _Nullable __autoreleasing * _Nullable error) {
-                if (payload[0] != DataPacketNoCompress) {
+                *compressionHeader = payload[0];
-                    // @"Expected NO_COMPRESS (found %X != %X)", payload[0], DataPacketNoCompress);
+                switch (*compressionHeader) {
-                    if (error) {
+                    case DataPacketNoCompress:
-                        *error = TunnelKitErrorWithCode(TunnelKitErrorCodeDataPathCompression);
+                        break;
-                    }
+                        
-                    return NO;
+                    case DataPacketLZOCompress:
                        if (!LZOIsSupported() || !weakSelf.lzo) { // compressed packet unexpected
                            if (error) {
                                *error = TunnelKitErrorWithCode(TunnelKitErrorCodeDataPathCompression);
                            }
                            return NO;
                        }
                        break;
                    default:
                        // @"Expected NO_COMPRESS (found %X != %X)", payload[0], DataPacketNoCompress);
                        if (error) {
                            *error = TunnelKitErrorWithCode(TunnelKitErrorCodeDataPathCompression);
                        }
                        return NO;
                }
                *payloadOffset = 1;
                *headerLength = 1;
@ -289,17 +325,23 @@
            continue;
        }
-        NSInteger payloadLength;
+        uint8_t compressionHeader;
-        const uint8_t *payloadBytes = [self.decrypter parsePayloadWithBlock:self.parsePayloadBlock
+        NSData *payload = [self.decrypter parsePayloadWithBlock:self.parsePayloadBlock
-                                                                     length:&payloadLength
+                                              compressionHeader:&compressionHeader
-                                                                packetBytes:dataPacketBytes
+                                                    packetBytes:dataPacketBytes
-                                                               packetLength:dataPacketLength
+                                                   packetLength:dataPacketLength
-                                                                      error:error];
+                                                          error:error];
-        if (!payloadBytes) {
+        if (!payload) {
            return nil;
        }
-        
+        if (compressionHeader == DataPacketLZOCompress) {
-        if ((payloadLength == sizeof(DataPacketPingData)) && !memcmp(payloadBytes, DataPacketPingData, payloadLength)) {
+            payload = [self.lzo decompressedDataWithData:payload error:error];
            if (!payload) {
                return nil;
            }
        }
        if ((payload.length == sizeof(DataPacketPingData)) && !memcmp(payload.bytes, DataPacketPingData, payload.length)) {
            if (keepAlive) {
                *keepAlive = true;
            }
@ -308,7 +350,6 @@
 //        MSSFix(payloadBytes, payloadLength);
        NSData *payload = [[NSData alloc] initWithBytes:payloadBytes length:payloadLength];
        [self.inPackets addObject:payload];
    }
--- a/TunnelKit/Sources/Core/DataPathCrypto.h
+++ b/TunnelKit/Sources/Core/DataPathCrypto.h
@ -59,6 +59,7 @@ NS_ASSUME_NONNULL_BEGIN
 typedef void (^DataPathAssembleBlock)(uint8_t *packetDest, NSInteger *packetLengthOffset, NSData *payload);
 typedef BOOL (^DataPathParseBlock)(uint8_t *payload,
                                   NSInteger *payloadOffset,
                                   uint8_t *header,
                                   NSInteger *headerLength,
                                   const uint8_t *packet,
                                   NSInteger packetLength,
@ -82,7 +83,7 @@ typedef BOOL (^DataPathParseBlock)(uint8_t *payload,
@protocol DataPathDecrypter <DataPathChannel>
 - (BOOL)decryptDataPacket:(NSData *)packet into:(uint8_t *)packetBytes length:(NSInteger *)packetLength packetId:(uint32_t *)packetId error:(NSError **)error;
- (const uint8_t * _Nullable)parsePayloadWithBlock:(nullable DataPathParseBlock)block length:(NSInteger *)length packetBytes:(uint8_t *)packetBytes packetLength:(NSInteger)packetLength error:(NSError **)error;
+- (nullable NSData *)parsePayloadWithBlock:(nullable DataPathParseBlock)block compressionHeader:(uint8_t *)compressionHeader packetBytes:(uint8_t *)packetBytes packetLength:(NSInteger)packetLength error:(NSError **)error;
@end
--- a/TunnelKit/Sources/Core/Errors.h
+++ b/TunnelKit/Sources/Core/Errors.h
@ -52,7 +52,8 @@ typedef NS_ENUM(NSInteger, TunnelKitErrorCode) {
    TunnelKitErrorCodeTLSBoxServerEKU           = 207,
    TunnelKitErrorCodeDataPathOverflow          = 301,
    TunnelKitErrorCodeDataPathPeerIdMismatch    = 302,
-    TunnelKitErrorCodeDataPathCompression       = 303
+    TunnelKitErrorCodeDataPathCompression       = 303,
    TunnelKitErrorCodeLZO                       = 401,
 };
 static inline NSError *TunnelKitErrorWithCode(TunnelKitErrorCode code) {
--- a/TunnelKit/Sources/Core/LZO.h
+++ b/TunnelKit/Sources/Core/LZO.h
@ -0,0 +1,42 @@
 //
 //  LZO.h
 //  TunnelKit
 //
 //  Created by Davide De Rosa on 3/18/19.
 //  Copyright (c) 2019 Davide De Rosa. All rights reserved.
 //
 //  https://github.com/keeshux
 //
 //  This file is part of TunnelKit.
 //
 //  TunnelKit is free software: you can redistribute it and/or modify
 //  it under the terms of the GNU General Public License as published by
 //  the Free Software Foundation, either version 3 of the License, or
 //  (at your option) any later version.
 //
 //  TunnelKit is distributed in the hope that it will be useful,
 //  but WITHOUT ANY WARRANTY; without even the implied warranty of
 //  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 //  GNU General Public License for more details.
 //
 //  You should have received a copy of the GNU General Public License
 //  along with TunnelKit.  If not, see <http://www.gnu.org/licenses/>.
 //
 #import <Foundation/Foundation.h>
 NS_ASSUME_NONNULL_BEGIN
@protocol LZO
 - (nullable NSData *)compressedDataWithData:(NSData *)data error:(NSError **)error;
 - (nullable NSData *)decompressedDataWithData:(NSData *)data error:(NSError **)error;
 - (nullable NSData *)decompressedDataWithBytes:(const uint8_t *)bytes length:(NSInteger)length error:(NSError **)error;
@end
 //+ (NSString *)versionString;
 BOOL LZOIsSupported(void);
 id<LZO> LZOCreate(void);
 NS_ASSUME_NONNULL_END
--- a/TunnelKit/Sources/Core/LZO.m
+++ b/TunnelKit/Sources/Core/LZO.m
@ -0,0 +1,45 @@
 //
 //  LZO.m
 //  TunnelKit
 //
 //  Created by Davide De Rosa on 3/18/19.
 //  Copyright (c) 2019 Davide De Rosa. All rights reserved.
 //
 //  https://github.com/keeshux
 //
 //  This file is part of TunnelKit.
 //
 //  TunnelKit is free software: you can redistribute it and/or modify
 //  it under the terms of the GNU General Public License as published by
 //  the Free Software Foundation, either version 3 of the License, or
 //  (at your option) any later version.
 //
 //  TunnelKit is distributed in the hope that it will be useful,
 //  but WITHOUT ANY WARRANTY; without even the implied warranty of
 //  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 //  GNU General Public License for more details.
 //
 //  You should have received a copy of the GNU General Public License
 //  along with TunnelKit.  If not, see <http://www.gnu.org/licenses/>.
 //
 #import "LZO.h"
 #import "ZeroingData.h"
 static NSString *const LZOClassName = @"StandardLZO";
 static Class LZOClass()
 {
    NSBundle *bundle = [NSBundle bundleForClass:[ZeroingData class]];
    return [bundle classNamed:LZOClassName];
 }
 BOOL LZOIsSupported()
 {
    return LZOClass() != nil;
 }
 id<LZO> LZOCreate()
 {
    return [[LZOClass() alloc] init];
 }
--- a/TunnelKit/Sources/Core/PacketMacros.h
+++ b/TunnelKit/Sources/Core/PacketMacros.h
@ -61,6 +61,7 @@ typedef NS_ENUM(uint8_t, PacketCode) {
 #define DataPacketNoCompress        0xfa
 #define DataPacketNoCompressSwap    0xfb
 #define DataPacketLZOCompress       0x66
 extern const uint8_t DataPacketPingData[16];
--- a/TunnelKit/Sources/Core/SessionProxy+CompressionAlgorithm.swift
+++ b/TunnelKit/Sources/Core/SessionProxy+CompressionAlgorithm.swift
@ -0,0 +1,66 @@
 //
 //  SessionProxy+CompressionAlgorithm.swift
 //  TunnelKit
 //
 //  Created by Davide De Rosa on 3/19/19.
 //  Copyright (c) 2019 Davide De Rosa. All rights reserved.
 //
 //  https://github.com/keeshux
 //
 //  This file is part of TunnelKit.
 //
 //  TunnelKit is free software: you can redistribute it and/or modify
 //  it under the terms of the GNU General Public License as published by
 //  the Free Software Foundation, either version 3 of the License, or
 //  (at your option) any later version.
 //
 //  TunnelKit is distributed in the hope that it will be useful,
 //  but WITHOUT ANY WARRANTY; without even the implied warranty of
 //  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 //  GNU General Public License for more details.
 //
 //  You should have received a copy of the GNU General Public License
 //  along with TunnelKit.  If not, see <http://www.gnu.org/licenses/>.
 //
 import Foundation
 import __TunnelKitNative
 extension SessionProxy {
    /// Defines the type of compression algorithm.
    public enum CompressionAlgorithm: Int, Codable, CustomStringConvertible {
        /// No compression.
        case disabled
        /// LZO compression.
        case LZO
        /// Any other compression algorithm (unsupported).
        case other
        var native: CompressionAlgorithmNative {
            guard let val = CompressionAlgorithmNative(rawValue: rawValue) else {
                fatalError("Unhandled CompressionAlgorithm bridging")
            }
            return val
        }
        // MARK: CustomStringConvertible
        /// :nodoc:
        public var description: String {
            switch self {
            case .disabled:
                return "disabled"
            case .LZO:
                return "lzo"
            case .other:
                return "other"
            }
        }
    }
 }
--- a/TunnelKit/Sources/Core/SessionProxy+Configuration.swift
+++ b/TunnelKit/Sources/Core/SessionProxy+Configuration.swift
@ -156,6 +156,9 @@ extension SessionProxy {
        /// Sets compression framing, disabled by default.
        public var compressionFraming: CompressionFraming
        /// Sets compression algorithm, disabled by default.
        public var compressionAlgorithm: CompressionAlgorithm?
        /// The optional TLS wrapping.
        public var tlsWrap: TLSWrap?
@ -180,6 +183,7 @@ extension SessionProxy {
            clientKey = nil
            checksEKU = false
            compressionFraming = .disabled
            compressionAlgorithm = .disabled
            tlsWrap = nil
            keepAliveInterval = nil
            renegotiatesAfter = nil
@ -201,6 +205,7 @@ extension SessionProxy {
                clientKey: clientKey,
                checksEKU: checksEKU,
                compressionFraming: compressionFraming,
                compressionAlgorithm: compressionAlgorithm,
                tlsWrap: tlsWrap,
                keepAliveInterval: keepAliveInterval,
                renegotiatesAfter: renegotiatesAfter,
@ -234,6 +239,9 @@ extension SessionProxy {
        /// - Seealso: `SessionProxy.ConfigurationBuilder.compressionFraming`
        public let compressionFraming: CompressionFraming
        /// - Seealso: `SessionProxy.ConfigurationBuilder.compressionAlgorithm`
        public let compressionAlgorithm: CompressionAlgorithm?
        /// - Seealso: `SessionProxy.ConfigurationBuilder.tlsWrap`
        public var tlsWrap: TLSWrap?
@ -262,6 +270,7 @@ extension SessionProxy {
            builder.clientKey = clientKey
            builder.checksEKU = checksEKU
            builder.compressionFraming = compressionFraming
            builder.compressionAlgorithm = compressionAlgorithm
            builder.tlsWrap = tlsWrap
            builder.keepAliveInterval = keepAliveInterval
            builder.renegotiatesAfter = renegotiatesAfter
@ -282,6 +291,7 @@ extension SessionProxy {
                (lhs.clientKey == rhs.clientKey) &&
                (lhs.checksEKU == rhs.checksEKU) &&
                (lhs.compressionFraming == rhs.compressionFraming) &&
                (lhs.compressionAlgorithm == rhs.compressionAlgorithm) &&
                (lhs.keepAliveInterval == rhs.keepAliveInterval) &&
                (lhs.renegotiatesAfter == rhs.renegotiatesAfter) &&
                (lhs.usesPIAPatches == rhs.usesPIAPatches) &&
--- a/TunnelKit/Sources/Core/SessionProxy+PushReply.swift
+++ b/TunnelKit/Sources/Core/SessionProxy+PushReply.swift
@ -150,8 +150,8 @@ public protocol SessionReply {
    /// The optional compression framing.
    var compressionFraming: SessionProxy.CompressionFraming? { get }
-    /// True if uses compression.
+    /// The optional compression algorithm.
-    var usesCompression: Bool { get }
+    var compressionAlgorithm: SessionProxy.CompressionAlgorithm? { get }
    /// The optional keep-alive interval.
    var ping: Int? { get }
@ -217,7 +217,7 @@ extension SessionProxy {
        let compressionFraming: SessionProxy.CompressionFraming?
-        let usesCompression: Bool
+        let compressionAlgorithm: SessionProxy.CompressionAlgorithm?
        let ping: Int?
@ -246,7 +246,7 @@ extension SessionProxy {
            var dnsServers: [String] = []
            var compressionFraming: SessionProxy.CompressionFraming?
-            var usesCompression = false
+            var compressionAlgorithm: SessionProxy.CompressionAlgorithm?
            var ping: Int?
            var authToken: String?
            var peerId: UInt32?
@ -395,11 +395,19 @@ extension SessionProxy {
                switch $0[0] {
                case "comp-lzo":
                    compressionFraming = .compLZO
-                    usesCompression = !(($0.count == 2) && ($0[1] == "no"))
+                    if !(($0.count == 2) && ($0[1] == "no")) {
                        compressionAlgorithm = .LZO
                    } else {
                        compressionAlgorithm = .disabled
                    }
                case "compress":
                    compressionFraming = .compress
-                    usesCompression = ($0.count > 1)
+                    if $0.count > 1 {
                        compressionAlgorithm = .other
                    } else {
                        compressionAlgorithm = .disabled
                    }
                default:
                    break
@ -430,7 +438,7 @@ extension SessionProxy {
            self.dnsServers = dnsServers
            self.compressionFraming = compressionFraming
-            self.usesCompression = usesCompression
+            self.compressionAlgorithm = compressionAlgorithm
            self.ping = ping
            self.authToken = authToken
            self.peerId = peerId
--- a/TunnelKit/Sources/Core/SessionProxy.swift
+++ b/TunnelKit/Sources/Core/SessionProxy.swift
@ -912,9 +912,21 @@ public class SessionProxy {
            reply = optionalReply
            log.debug("Received PUSH_REPLY: \"\(reply.maskedDescription)\"")
-            if let framing = reply.compressionFraming, reply.usesCompression {
+            if let framing = reply.compressionFraming, let compression = reply.compressionAlgorithm, compression != .disabled {
-                log.error("Server has compression enabled and this is currently unsupported (\(framing))")
+                switch framing {
-                throw SessionError.serverCompression
+                case .compress:
                    log.error("Server has new compression enabled and this is currently unsupported (\(framing))")
                    throw SessionError.serverCompression
                case .compLZO:
                    if !LZOIsSupported() {
                        log.error("Server has legacy LZO compression enabled and this was not built into the library (\(framing))")
                        throw SessionError.serverCompression
                    }
                default:
                    break
                }
            }
        } catch let e {
            deferStop(.shutdown, e)
@ -1021,6 +1033,10 @@ public class SessionProxy {
        if let negFraming = pushedFraming {
            log.info("\tNegotiated compression framing: \(negFraming)")
        }
        let pushedCompression = pushReply.compressionAlgorithm
        if let negCompression = pushedCompression {
            log.info("\tNegotiated compression algorithm: \(negCompression)")
        }
        if let negPing = pushReply.ping {
            log.info("\tNegotiated keep-alive: \(negPing) seconds")
        }
@ -1048,6 +1064,7 @@ public class SessionProxy {
            decrypter: bridge.decrypter(),
            peerId: pushReply.peerId ?? PacketPeerIdDisabled,
            compressionFraming: (pushedFraming ?? configuration.compressionFraming).native,
            compressionAlgorithm: (pushedCompression ?? configuration.compressionAlgorithm ?? .disabled).native,
            maxPackets: link?.packetBufferSize ?? 200,
            usesReplayProtection: CoreConfiguration.usesReplayProtection
        )
--- a/TunnelKit/Sources/Core/module.modulemap
+++ b/TunnelKit/Sources/Core/module.modulemap
@ -45,7 +45,9 @@ module __TunnelKitNative {
    header "ControlPacket.h"
    header "ReplayProtector.h"
    header "CompressionFramingNative.h"
    header "CompressionAlgorithmNative.h"
    header "DataPath.h"
    header "DataPathCrypto.h"
    header "LZO.h"
    export *
 }
--- a/TunnelKit/Sources/LZO/StandardLZO.m
+++ b/TunnelKit/Sources/LZO/StandardLZO.m
@ -0,0 +1,100 @@
 //
 //  StandardLZO.m
 //  TunnelKit
 //
 //  Created by Davide De Rosa on 3/18/19.
 //  Copyright (c) 2019 Davide De Rosa. All rights reserved.
 //
 //  https://github.com/keeshux
 //
 //  This file is part of TunnelKit.
 //
 //  TunnelKit is free software: you can redistribute it and/or modify
 //  it under the terms of the GNU General Public License as published by
 //  the Free Software Foundation, either version 3 of the License, or
 //  (at your option) any later version.
 //
 //  TunnelKit is distributed in the hope that it will be useful,
 //  but WITHOUT ANY WARRANTY; without even the implied warranty of
 //  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 //  GNU General Public License for more details.
 //
 //  You should have received a copy of the GNU General Public License
 //  along with TunnelKit.  If not, see <http://www.gnu.org/licenses/>.
 //
 #import "minilzo.h"
 #import "LZO.h"
 #import "Errors.h"
 #define HEAP_ALLOC(var,size) \
 lzo_align_t __LZO_MMODEL var [ ((size) + (sizeof(lzo_align_t) - 1)) / sizeof(lzo_align_t) ]
 #define LZO1X_1_15_MEM_COMPRESS ((lzo_uint32_t) (32768L * lzo_sizeof_dict_t))
 static HEAP_ALLOC(wrkmem, LZO1X_1_MEM_COMPRESS);
@interface StandardLZO : NSObject <LZO>
@property (nonatomic, strong) NSMutableData *decompressedBuffer;
@end
@implementation StandardLZO
 + (NSString *)versionString
 {
    return [NSString stringWithCString:lzo_version_string() encoding:NSUTF8StringEncoding];
 }
 - (instancetype)init
 {
    if (lzo_init() != LZO_E_OK) {
        NSLog(@"LZO engine failed to initialize");
        abort();
        return nil;
    }
    if ((self = [super init])) {
        self.decompressedBuffer = [[NSMutableData alloc] initWithLength:LZO1X_1_15_MEM_COMPRESS];
    }
    return self;
 }
 - (NSData *)compressedDataWithData:(NSData *)data error:(NSError * _Nullable __autoreleasing * _Nullable)error
 {
    NSMutableData *dst = [[NSMutableData alloc] initWithLength:data.length];
    lzo_uint dstLength;
    const int status = lzo1x_1_compress(data.bytes, data.length, dst.mutableBytes, &dstLength, wrkmem);
    if (status != LZO_E_OK) {
        if (error) {
            *error = TunnelKitErrorWithCode(TunnelKitErrorCodeLZO);
        }
        return nil;
    }
    if (dstLength > data.length) {
        return nil;
    }
    dst.length = dstLength;
    return dst;
 }
 - (NSData *)decompressedDataWithData:(NSData *)data error:(NSError * _Nullable __autoreleasing * _Nullable)error
 {
    return [self decompressedDataWithBytes:data.bytes length:data.length error:error];
 }
 - (NSData *)decompressedDataWithBytes:(const uint8_t *)bytes length:(NSInteger)length error:(NSError * _Nullable __autoreleasing * _Nullable)error
 {
    lzo_uint dstLength;
    const int status = lzo1x_decompress(bytes, length, self.decompressedBuffer.mutableBytes, &dstLength, NULL);
    if (status != LZO_E_OK) {
        if (error) {
            *error = TunnelKitErrorWithCode(TunnelKitErrorCodeLZO);
        }
        return nil;
    }
    return [NSData dataWithBytes:self.decompressedBuffer.bytes length:dstLength];
 }
@end
--- a/TunnelKit/Sources/LZO/lib/COPYING
+++ b/TunnelKit/Sources/LZO/lib/COPYING
@ -0,0 +1,339 @@
                    GNU GENERAL PUBLIC LICENSE
                       Version 2, June 1991
 Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.
                            Preamble
  The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
 License is intended to guarantee your freedom to share and change free
 software--to make sure the software is free for all its users.  This
 General Public License applies to most of the Free Software
 Foundation's software and to any other program whose authors commit to
 using it.  (Some other Free Software Foundation software is covered by
 the GNU Lesser General Public License instead.)  You can apply it to
 your programs, too.
  When we speak of free software, we are referring to freedom, not
 price.  Our General Public Licenses are designed to make sure that you
 have the freedom to distribute copies of free software (and charge for
 this service if you wish), that you receive source code or can get it
 if you want it, that you can change the software or use pieces of it
 in new free programs; and that you know you can do these things.
  To protect your rights, we need to make restrictions that forbid
 anyone to deny you these rights or to ask you to surrender the rights.
 These restrictions translate to certain responsibilities for you if you
 distribute copies of the software, or if you modify it.
  For example, if you distribute copies of such a program, whether
 gratis or for a fee, you must give the recipients all the rights that
 you have.  You must make sure that they, too, receive or can get the
 source code.  And you must show them these terms so they know their
 rights.
  We protect your rights with two steps: (1) copyright the software, and
 (2) offer you this license which gives you legal permission to copy,
 distribute and/or modify the software.
  Also, for each author's protection and ours, we want to make certain
 that everyone understands that there is no warranty for this free
 software.  If the software is modified by someone else and passed on, we
 want its recipients to know that what they have is not the original, so
 that any problems introduced by others will not reflect on the original
 authors' reputations.
  Finally, any free program is threatened constantly by software
 patents.  We wish to avoid the danger that redistributors of a free
 program will individually obtain patent licenses, in effect making the
 program proprietary.  To prevent this, we have made it clear that any
 patent must be licensed for everyone's free use or not licensed at all.
  The precise terms and conditions for copying, distribution and
 modification follow.
                    GNU GENERAL PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
  0. This License applies to any program or other work which contains
 a notice placed by the copyright holder saying it may be distributed
 under the terms of this General Public License.  The "Program", below,
 refers to any such program or work, and a "work based on the Program"
 means either the Program or any derivative work under copyright law:
 that is to say, a work containing the Program or a portion of it,
 either verbatim or with modifications and/or translated into another
 language.  (Hereinafter, translation is included without limitation in
 the term "modification".)  Each licensee is addressed as "you".
 Activities other than copying, distribution and modification are not
 covered by this License; they are outside its scope.  The act of
 running the Program is not restricted, and the output from the Program
 is covered only if its contents constitute a work based on the
 Program (independent of having been made by running the Program).
 Whether that is true depends on what the Program does.
  1. You may copy and distribute verbatim copies of the Program's
 source code as you receive it, in any medium, provided that you
 conspicuously and appropriately publish on each copy an appropriate
 copyright notice and disclaimer of warranty; keep intact all the
 notices that refer to this License and to the absence of any warranty;
 and give any other recipients of the Program a copy of this License
 along with the Program.
 You may charge a fee for the physical act of transferring a copy, and
 you may at your option offer warranty protection in exchange for a fee.
  2. You may modify your copy or copies of the Program or any portion
 of it, thus forming a work based on the Program, and copy and
 distribute such modifications or work under the terms of Section 1
 above, provided that you also meet all of these conditions:
    a) You must cause the modified files to carry prominent notices
    stating that you changed the files and the date of any change.
    b) You must cause any work that you distribute or publish, that in
    whole or in part contains or is derived from the Program or any
    part thereof, to be licensed as a whole at no charge to all third
    parties under the terms of this License.
    c) If the modified program normally reads commands interactively
    when run, you must cause it, when started running for such
    interactive use in the most ordinary way, to print or display an
    announcement including an appropriate copyright notice and a
    notice that there is no warranty (or else, saying that you provide
    a warranty) and that users may redistribute the program under
    these conditions, and telling the user how to view a copy of this
    License.  (Exception: if the Program itself is interactive but
    does not normally print such an announcement, your work based on
    the Program is not required to print an announcement.)
 These requirements apply to the modified work as a whole.  If
 identifiable sections of that work are not derived from the Program,
 and can be reasonably considered independent and separate works in
 themselves, then this License, and its terms, do not apply to those
 sections when you distribute them as separate works.  But when you
 distribute the same sections as part of a whole which is a work based
 on the Program, the distribution of the whole must be on the terms of
 this License, whose permissions for other licensees extend to the
 entire whole, and thus to each and every part regardless of who wrote it.
 Thus, it is not the intent of this section to claim rights or contest
 your rights to work written entirely by you; rather, the intent is to
 exercise the right to control the distribution of derivative or
 collective works based on the Program.
 In addition, mere aggregation of another work not based on the Program
 with the Program (or with a work based on the Program) on a volume of
 a storage or distribution medium does not bring the other work under
 the scope of this License.
  3. You may copy and distribute the Program (or a work based on it,
 under Section 2) in object code or executable form under the terms of
 Sections 1 and 2 above provided that you also do one of the following:
    a) Accompany it with the complete corresponding machine-readable
    source code, which must be distributed under the terms of Sections
    1 and 2 above on a medium customarily used for software interchange; or,
    b) Accompany it with a written offer, valid for at least three
    years, to give any third party, for a charge no more than your
    cost of physically performing source distribution, a complete
    machine-readable copy of the corresponding source code, to be
    distributed under the terms of Sections 1 and 2 above on a medium
    customarily used for software interchange; or,
    c) Accompany it with the information you received as to the offer
    to distribute corresponding source code.  (This alternative is
    allowed only for noncommercial distribution and only if you
    received the program in object code or executable form with such
    an offer, in accord with Subsection b above.)
 The source code for a work means the preferred form of the work for
 making modifications to it.  For an executable work, complete source
 code means all the source code for all modules it contains, plus any
 associated interface definition files, plus the scripts used to
 control compilation and installation of the executable.  However, as a
 special exception, the source code distributed need not include
 anything that is normally distributed (in either source or binary
 form) with the major components (compiler, kernel, and so on) of the
 operating system on which the executable runs, unless that component
 itself accompanies the executable.
 If distribution of executable or object code is made by offering
 access to copy from a designated place, then offering equivalent
 access to copy the source code from the same place counts as
 distribution of the source code, even though third parties are not
 compelled to copy the source along with the object code.
  4. You may not copy, modify, sublicense, or distribute the Program
 except as expressly provided under this License.  Any attempt
 otherwise to copy, modify, sublicense or distribute the Program is
 void, and will automatically terminate your rights under this License.
 However, parties who have received copies, or rights, from you under
 this License will not have their licenses terminated so long as such
 parties remain in full compliance.
  5. You are not required to accept this License, since you have not
 signed it.  However, nothing else grants you permission to modify or
 distribute the Program or its derivative works.  These actions are
 prohibited by law if you do not accept this License.  Therefore, by
 modifying or distributing the Program (or any work based on the
 Program), you indicate your acceptance of this License to do so, and
 all its terms and conditions for copying, distributing or modifying
 the Program or works based on it.
  6. Each time you redistribute the Program (or any work based on the
 Program), the recipient automatically receives a license from the
 original licensor to copy, distribute or modify the Program subject to
 these terms and conditions.  You may not impose any further
 restrictions on the recipients' exercise of the rights granted herein.
 You are not responsible for enforcing compliance by third parties to
 this License.
  7. If, as a consequence of a court judgment or allegation of patent
 infringement or for any other reason (not limited to patent issues),
 conditions are imposed on you (whether by court order, agreement or
 otherwise) that contradict the conditions of this License, they do not
 excuse you from the conditions of this License.  If you cannot
 distribute so as to satisfy simultaneously your obligations under this
 License and any other pertinent obligations, then as a consequence you
 may not distribute the Program at all.  For example, if a patent
 license would not permit royalty-free redistribution of the Program by
 all those who receive copies directly or indirectly through you, then
 the only way you could satisfy both it and this License would be to
 refrain entirely from distribution of the Program.
 If any portion of this section is held invalid or unenforceable under
 any particular circumstance, the balance of the section is intended to
 apply and the section as a whole is intended to apply in other
 circumstances.
 It is not the purpose of this section to induce you to infringe any
 patents or other property right claims or to contest validity of any
 such claims; this section has the sole purpose of protecting the
 integrity of the free software distribution system, which is
 implemented by public license practices.  Many people have made
 generous contributions to the wide range of software distributed
 through that system in reliance on consistent application of that
 system; it is up to the author/donor to decide if he or she is willing
 to distribute software through any other system and a licensee cannot
 impose that choice.
 This section is intended to make thoroughly clear what is believed to
 be a consequence of the rest of this License.
  8. If the distribution and/or use of the Program is restricted in
 certain countries either by patents or by copyrighted interfaces, the
 original copyright holder who places the Program under this License
 may add an explicit geographical distribution limitation excluding
 those countries, so that distribution is permitted only in or among
 countries not thus excluded.  In such case, this License incorporates
 the limitation as if written in the body of this License.
  9. The Free Software Foundation may publish revised and/or new versions
 of the General Public License from time to time.  Such new versions will
 be similar in spirit to the present version, but may differ in detail to
 address new problems or concerns.
 Each version is given a distinguishing version number.  If the Program
 specifies a version number of this License which applies to it and "any
 later version", you have the option of following the terms and conditions
 either of that version or of any later version published by the Free
 Software Foundation.  If the Program does not specify a version number of
 this License, you may choose any version ever published by the Free Software
 Foundation.
  10. If you wish to incorporate parts of the Program into other free
 programs whose distribution conditions are different, write to the author
 to ask for permission.  For software which is copyrighted by the Free
 Software Foundation, write to the Free Software Foundation; we sometimes
 make exceptions for this.  Our decision will be guided by the two goals
 of preserving the free status of all derivatives of our free software and
 of promoting the sharing and reuse of software generally.
                            NO WARRANTY
  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
 OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
 PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
 OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
 TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
 PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
 REPAIR OR CORRECTION.
  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
 WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
 REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
 INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
 OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
 TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
 YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
                     END OF TERMS AND CONDITIONS
            How to Apply These Terms to Your New Programs
  If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
 free software which everyone can redistribute and change under these terms.
  To do so, attach the following notices to the program.  It is safest
 to attach them to the start of each source file to most effectively
 convey the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
    <one line to give the program's name and a brief idea of what it does.>
    Copyright (C) <year>  <name of author>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License along
    with this program; if not, write to the Free Software Foundation, Inc.,
    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 Also add information on how to contact you by electronic and paper mail.
 If the program is interactive, make it output a short notice like this
 when it starts in an interactive mode:
    Gnomovision version 69, Copyright (C) year name of author
    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
    This is free software, and you are welcome to redistribute it
    under certain conditions; type `show c' for details.
 The hypothetical commands `show w' and `show c' should show the appropriate
 parts of the General Public License.  Of course, the commands you use may
 be called something other than `show w' and `show c'; they could even be
 mouse-clicks or menu items--whatever suits your program.
 You should also get your employer (if you work as a programmer) or your
 school, if any, to sign a "copyright disclaimer" for the program, if
 necessary.  Here is a sample; alter the names:
  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
  `Gnomovision' (which makes passes at compilers) written by James Hacker.
  <signature of Ty Coon>, 1 April 1989
  Ty Coon, President of Vice
 This General Public License does not permit incorporating your program into
 proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
 library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.
--- a/TunnelKit/Sources/LZO/lib/Makefile
+++ b/TunnelKit/Sources/LZO/lib/Makefile
@ -0,0 +1,100 @@
 #
 # a very simple Makefile for miniLZO
 #
 # Copyright (C) 1996-2017 Markus F.X.J. Oberhumer
 #
 PROGRAM = testmini
 SOURCES = testmini.c minilzo.c
 default:
 	@echo ""
 	@echo "Welcome to miniLZO. Please choose one of the following 'make' targets:"
 	@echo ""
 	@echo "    gcc:   gcc"
 	@echo "    unix:  hpux hpux9"
 	@echo "    win32: win32-bc win32-cygwin win32-dm win32-lccwin32"
 	@echo "           win32-intelc win32-mingw win32-vc win32-watcomc"
 	@echo "    dos32: dos32-djgpp2 dos32-wc"
 	@echo ""
 # Make sure that minilzo.h, lzoconf.h and lzodefs.h are in the
 # current dircectory. Otherwise you may want to adjust CPPFLAGS.
 CPPFLAGS = -I. -I../include/lzo
 GCC_CFLAGS = -s -Wall -O2 -fomit-frame-pointer
 #
 # gcc (generic)
 #
 gcc:
 	gcc $(CPPFLAGS) $(GCC_CFLAGS) -o $(PROGRAM) $(SOURCES)
 cc:
 	cc $(CPPFLAGS) -o $(PROGRAM) $(SOURCES)
 #
 # UNIX
 #
 hpux:
 	cc -Ae $(CPPFLAGS) -o $(PROGRAM) $(SOURCES)
 hpux9:
 	cc -Aa -D_HPUX_SOURCE $(CPPFLAGS) -o $(PROGRAM) $(SOURCES)
 #
 # Windows (32-bit)
 #
 win32-borlandc win32-bc:
 	bcc32 -O2 -d -w -w-aus $(CPPFLAGS) $(SOURCES)
 win32-cygwin32 win32-cygwin:
 	gcc -mcygwin $(CPPFLAGS) $(GCC_CFLAGS) -o $(PROGRAM).exe $(SOURCES)
 win32-digitalmars win32-dm:
 	dmc -mn -o -w- $(CPPFLAGS) $(SOURCES)
 win32-intelc win32-ic:
 	icl -nologo -MT -W3 -O2 -GF $(CPPFLAGS) $(SOURCES)
 win32-lccwin32:
 	@echo "NOTE: need lcc 2002-07-25 or newer, older versions have bugs"
 	lc -A -unused -O $(CPPFLAGS) $(SOURCES)
 win32-mingw32 win32-mingw:
 	gcc -mno-cygwin $(CPPFLAGS) $(GCC_CFLAGS) -o $(PROGRAM).exe $(SOURCES)
 win32-visualc win32-vc:
 	cl -nologo -MT -W3 -O2 -GF $(CPPFLAGS) $(SOURCES)
 win32-watcomc win32-wc:
 	wcl386 -bt=nt -zq -mf -5r -zc -w5 -oneatx $(CPPFLAGS) $(SOURCES)
 #
 # DOS (32-bit)
 #
 dos32-djgpp2 dos32-dj2:
 	gcc $(CPPFLAGS) $(GCC_CFLAGS) -o $(PROGRAM).exe $(SOURCES)
 dos32-watcomc dos32-wc:
 	wcl386 -zq -mf -bt=dos -l=dos4g -5r -ox -zc $(CPPFLAGS) $(SOURCES)
 #
 # other targets
 #
 clean:
 	rm -f $(PROGRAM) $(PROGRAM).exe $(PROGRAM).map $(PROGRAM).tds
 	rm -f *.err *.o *.obj
 .PHONY: default clean
--- a/TunnelKit/Sources/LZO/lib/README.LZO
+++ b/TunnelKit/Sources/LZO/lib/README.LZO
@ -0,0 +1,123 @@
 ============================================================================
 miniLZO -- mini subset of the LZO real-time data compression library
 ============================================================================
 Author  : Markus Franz Xaver Johannes Oberhumer
           <markus@oberhumer.com>
           http://www.oberhumer.com/opensource/lzo/
 Version : 2.10
 Date    : 01 Mar 2017
 I've created miniLZO for projects where it is inconvenient to
 include (or require) the full LZO source code just because you
 want to add a little bit of data compression to your application.
 miniLZO implements the LZO1X-1 compressor and both the standard and
 safe LZO1X decompressor. Apart from fast compression it also useful
 for situations where you want to use pre-compressed data files (which
 must have been compressed with LZO1X-999).
 miniLZO consists of one C source file and three header files:
    minilzo.c
    minilzo.h, lzoconf.h, lzodefs.h
 To use miniLZO just copy these files into your source directory, add
 minilzo.c to your Makefile and #include minilzo.h from your program.
 Note: you also must distribute this file ('README.LZO') with your project.
 minilzo.o compiles to about 6 KiB (using gcc or Visual C on an i386), and
 the sources are about 30 KiB when packed with zip - so there's no more
 excuse that your application doesn't support data compression :-)
 For more information, documentation, example programs and other support
 files (like Makefiles and build scripts) please download the full LZO
 package from
    http://www.oberhumer.com/opensource/lzo/
 Have fun,
  Markus
 P.S. minilzo.c is generated automatically from the LZO sources and
      therefore functionality is completely identical
 Appendix A: building miniLZO
 ----------------------------
 miniLZO is written such a way that it should compile and run
 out-of-the-box on most machines.
 If you are running on a very unusual architecture and lzo_init() fails then
 you should first recompile with '-DLZO_DEBUG' to see what causes the failure.
 The most probable case is something like 'sizeof(void *) != sizeof(size_t)'.
 After identifying the problem you can compile by adding some defines
 like '-DSIZEOF_VOID_P=8' to your Makefile.
 The best solution is (of course) using Autoconf - if your project uses
 Autoconf anyway just add '-DMINILZO_HAVE_CONFIG_H' to your compiler
 flags when compiling minilzo.c. See the LZO distribution for an example
 how to set up configure.ac.
 Appendix B: list of public functions available in miniLZO
 ---------------------------------------------------------
 Library initialization
    lzo_init()
 Compression
    lzo1x_1_compress()
 Decompression
    lzo1x_decompress()
    lzo1x_decompress_safe()
 Checksum functions
    lzo_adler32()
 Version functions
    lzo_version()
    lzo_version_string()
    lzo_version_date()
 Portable (but slow) string functions
    lzo_memcmp()
    lzo_memcpy()
    lzo_memmove()
    lzo_memset()
 Appendix C: suggested macros for 'configure.ac' when using Autoconf
 -------------------------------------------------------------------
 Checks for typedefs and structures
    AC_CHECK_TYPE(ptrdiff_t,long)
    AC_TYPE_SIZE_T
    AC_CHECK_SIZEOF(short)
    AC_CHECK_SIZEOF(int)
    AC_CHECK_SIZEOF(long)
    AC_CHECK_SIZEOF(long long)
    AC_CHECK_SIZEOF(__int64)
    AC_CHECK_SIZEOF(void *)
    AC_CHECK_SIZEOF(size_t)
    AC_CHECK_SIZEOF(ptrdiff_t)
 Checks for compiler characteristics
    AC_C_CONST
 Checks for library functions
    AC_CHECK_FUNCS(memcmp memcpy memmove memset)
 Appendix D: Copyright
 ---------------------
 LZO and miniLZO are Copyright (C) 1996-2017 Markus Franz Xaver Oberhumer
 All Rights Reserved.
 LZO and miniLZO are distributed under the terms of the GNU General
 Public License (GPL).  See the file COPYING.
 Special licenses for commercial and other applications which
 are not willing to accept the GNU General Public License
 are available by contacting the author.
--- a/TunnelKit/Sources/LZO/lib/lzoconf.h
+++ b/TunnelKit/Sources/LZO/lib/lzoconf.h
@ -0,0 +1,453 @@
 /* lzoconf.h -- configuration of the LZO data compression library
   This file is part of the LZO real-time data compression library.
   Copyright (C) 1996-2017 Markus Franz Xaver Johannes Oberhumer
   All Rights Reserved.
   The LZO library is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public License as
   published by the Free Software Foundation; either version 2 of
   the License, or (at your option) any later version.
   The LZO library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
   You should have received a copy of the GNU General Public License
   along with the LZO library; see the file COPYING.
   If not, write to the Free Software Foundation, Inc.,
   51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
   Markus F.X.J. Oberhumer
   <markus@oberhumer.com>
   http://www.oberhumer.com/opensource/lzo/
 */
 #ifndef __LZOCONF_H_INCLUDED
 #define __LZOCONF_H_INCLUDED 1
 #define LZO_VERSION             0x20a0  /* 2.10 */
 #define LZO_VERSION_STRING      "2.10"
 #define LZO_VERSION_DATE        "Mar 01 2017"
 /* internal Autoconf configuration file - only used when building LZO */
 #if defined(LZO_HAVE_CONFIG_H)
 #  include <config.h>
 #endif
 #include <limits.h>
 #include <stddef.h>
 /***********************************************************************
 // LZO requires a conforming <limits.h>
 ************************************************************************/
 #if !defined(CHAR_BIT) || (CHAR_BIT != 8)
 #  error "invalid CHAR_BIT"
 #endif
 #if !defined(UCHAR_MAX) || !defined(USHRT_MAX) || !defined(UINT_MAX) || !defined(ULONG_MAX)
 #  error "check your compiler installation"
 #endif
 #if (USHRT_MAX < 1) || (UINT_MAX < 1) || (ULONG_MAX < 1)
 #  error "your limits.h macros are broken"
 #endif
 /* get OS and architecture defines */
 #ifndef __LZODEFS_H_INCLUDED
 #include <lzo/lzodefs.h>
 #endif
 #ifdef __cplusplus
 extern "C" {
 #endif
 /***********************************************************************
 // some core defines
 ************************************************************************/
 /* memory checkers */
 #if !defined(__LZO_CHECKER)
 #  if defined(__BOUNDS_CHECKING_ON)
 #    define __LZO_CHECKER       1
 #  elif defined(__CHECKER__)
 #    define __LZO_CHECKER       1
 #  elif defined(__INSURE__)
 #    define __LZO_CHECKER       1
 #  elif defined(__PURIFY__)
 #    define __LZO_CHECKER       1
 #  endif
 #endif
 /***********************************************************************
 // integral and pointer types
 ************************************************************************/
 /* lzo_uint must match size_t */
 #if !defined(LZO_UINT_MAX)
 #  if (LZO_ABI_LLP64)
 #    if (LZO_OS_WIN64)
     typedef unsigned __int64   lzo_uint;
     typedef __int64            lzo_int;
 #    define LZO_TYPEOF_LZO_INT  LZO_TYPEOF___INT64
 #    else
     typedef lzo_ullong_t       lzo_uint;
     typedef lzo_llong_t        lzo_int;
 #    define LZO_TYPEOF_LZO_INT  LZO_TYPEOF_LONG_LONG
 #    endif
 #    define LZO_SIZEOF_LZO_INT  8
 #    define LZO_UINT_MAX        0xffffffffffffffffull
 #    define LZO_INT_MAX         9223372036854775807LL
 #    define LZO_INT_MIN         (-1LL - LZO_INT_MAX)
 #  elif (LZO_ABI_IP32L64) /* MIPS R5900 */
     typedef unsigned int       lzo_uint;
     typedef int                lzo_int;
 #    define LZO_SIZEOF_LZO_INT  LZO_SIZEOF_INT
 #    define LZO_TYPEOF_LZO_INT  LZO_TYPEOF_INT
 #    define LZO_UINT_MAX        UINT_MAX
 #    define LZO_INT_MAX         INT_MAX
 #    define LZO_INT_MIN         INT_MIN
 #  elif (ULONG_MAX >= LZO_0xffffffffL)
     typedef unsigned long      lzo_uint;
     typedef long               lzo_int;
 #    define LZO_SIZEOF_LZO_INT  LZO_SIZEOF_LONG
 #    define LZO_TYPEOF_LZO_INT  LZO_TYPEOF_LONG
 #    define LZO_UINT_MAX        ULONG_MAX
 #    define LZO_INT_MAX         LONG_MAX
 #    define LZO_INT_MIN         LONG_MIN
 #  else
 #    error "lzo_uint"
 #  endif
 #endif
 /* The larger type of lzo_uint and lzo_uint32_t. */
 #if (LZO_SIZEOF_LZO_INT >= 4)
 #  define lzo_xint              lzo_uint
 #else
 #  define lzo_xint              lzo_uint32_t
 #endif
 typedef int lzo_bool;
 /* sanity checks */
 LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_int)  == LZO_SIZEOF_LZO_INT)
 LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint) == LZO_SIZEOF_LZO_INT)
 LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_xint) >= sizeof(lzo_uint))
 LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_xint) >= sizeof(lzo_uint32_t))
 #ifndef __LZO_MMODEL
 #define __LZO_MMODEL            /*empty*/
 #endif
 /* no typedef here because of const-pointer issues */
 #define lzo_bytep               unsigned char __LZO_MMODEL *
 #define lzo_charp               char __LZO_MMODEL *
 #define lzo_voidp               void __LZO_MMODEL *
 #define lzo_shortp              short __LZO_MMODEL *
 #define lzo_ushortp             unsigned short __LZO_MMODEL *
 #define lzo_intp                lzo_int __LZO_MMODEL *
 #define lzo_uintp               lzo_uint __LZO_MMODEL *
 #define lzo_xintp               lzo_xint __LZO_MMODEL *
 #define lzo_voidpp              lzo_voidp __LZO_MMODEL *
 #define lzo_bytepp              lzo_bytep __LZO_MMODEL *
 #define lzo_int8_tp             lzo_int8_t __LZO_MMODEL *
 #define lzo_uint8_tp            lzo_uint8_t __LZO_MMODEL *
 #define lzo_int16_tp            lzo_int16_t __LZO_MMODEL *
 #define lzo_uint16_tp           lzo_uint16_t __LZO_MMODEL *
 #define lzo_int32_tp            lzo_int32_t __LZO_MMODEL *
 #define lzo_uint32_tp           lzo_uint32_t __LZO_MMODEL *
 #if defined(lzo_int64_t)
 #define lzo_int64_tp            lzo_int64_t __LZO_MMODEL *
 #define lzo_uint64_tp           lzo_uint64_t __LZO_MMODEL *
 #endif
 /* Older LZO versions used to support ancient systems and memory models
 * such as 16-bit MSDOS with __huge pointers or Cray PVP, but these
 * obsolete configurations are not supported any longer.
 */
 #if defined(__LZO_MMODEL_HUGE)
 #error "__LZO_MMODEL_HUGE memory model is unsupported"
 #endif
 #if (LZO_MM_PVP)
 #error "LZO_MM_PVP memory model is unsupported"
 #endif
 #if (LZO_SIZEOF_INT < 4)
 #error "LZO_SIZEOF_INT < 4 is unsupported"
 #endif
 #if (__LZO_UINTPTR_T_IS_POINTER)
 #error "__LZO_UINTPTR_T_IS_POINTER is unsupported"
 #endif
 LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(int) >= 4)
 LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint) >= 4)
 /* Strange configurations where sizeof(lzo_uint) != sizeof(size_t) should
 * work but have not received much testing lately, so be strict here.
 */
 LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint) == sizeof(size_t))
 LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint) == sizeof(ptrdiff_t))
 LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint) == sizeof(lzo_uintptr_t))
 LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(void *)   == sizeof(lzo_uintptr_t))
 LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(char *)   == sizeof(lzo_uintptr_t))
 LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(long *)   == sizeof(lzo_uintptr_t))
 LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(void *)   == sizeof(lzo_voidp))
 LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(char *)   == sizeof(lzo_bytep))
 /***********************************************************************
 // function types
 ************************************************************************/
 /* name mangling */
 #if !defined(__LZO_EXTERN_C)
 #  ifdef __cplusplus
 #    define __LZO_EXTERN_C      extern "C"
 #  else
 #    define __LZO_EXTERN_C      extern
 #  endif
 #endif
 /* calling convention */
 #if !defined(__LZO_CDECL)
 #  define __LZO_CDECL           __lzo_cdecl
 #endif
 /* DLL export information */
 #if !defined(__LZO_EXPORT1)
 #  define __LZO_EXPORT1         /*empty*/
 #endif
 #if !defined(__LZO_EXPORT2)
 #  define __LZO_EXPORT2         /*empty*/
 #endif
 /* __cdecl calling convention for public C and assembly functions */
 #if !defined(LZO_PUBLIC)
 #  define LZO_PUBLIC(r)         __LZO_EXPORT1 r __LZO_EXPORT2 __LZO_CDECL
 #endif
 #if !defined(LZO_EXTERN)
 #  define LZO_EXTERN(r)         __LZO_EXTERN_C LZO_PUBLIC(r)
 #endif
 #if !defined(LZO_PRIVATE)
 #  define LZO_PRIVATE(r)        static r  __LZO_CDECL
 #endif
 /* function types */
 typedef int
 (__LZO_CDECL *lzo_compress_t)   ( const lzo_bytep src, lzo_uint  src_len,
                                        lzo_bytep dst, lzo_uintp dst_len,
                                        lzo_voidp wrkmem );
 typedef int
 (__LZO_CDECL *lzo_decompress_t) ( const lzo_bytep src, lzo_uint  src_len,
                                        lzo_bytep dst, lzo_uintp dst_len,
                                        lzo_voidp wrkmem );
 typedef int
 (__LZO_CDECL *lzo_optimize_t)   (       lzo_bytep src, lzo_uint  src_len,
                                        lzo_bytep dst, lzo_uintp dst_len,
                                        lzo_voidp wrkmem );
 typedef int
 (__LZO_CDECL *lzo_compress_dict_t)(const lzo_bytep src, lzo_uint  src_len,
                                         lzo_bytep dst, lzo_uintp dst_len,
                                         lzo_voidp wrkmem,
                                   const lzo_bytep dict, lzo_uint dict_len );
 typedef int
 (__LZO_CDECL *lzo_decompress_dict_t)(const lzo_bytep src, lzo_uint  src_len,
                                           lzo_bytep dst, lzo_uintp dst_len,
                                           lzo_voidp wrkmem,
                                     const lzo_bytep dict, lzo_uint dict_len );
 /* Callback interface. Currently only the progress indicator ("nprogress")
 * is used, but this may change in a future release. */
 struct lzo_callback_t;
 typedef struct lzo_callback_t lzo_callback_t;
 #define lzo_callback_p lzo_callback_t __LZO_MMODEL *
 /* malloc & free function types */
 typedef lzo_voidp (__LZO_CDECL *lzo_alloc_func_t)
    (lzo_callback_p self, lzo_uint items, lzo_uint size);
 typedef void      (__LZO_CDECL *lzo_free_func_t)
    (lzo_callback_p self, lzo_voidp ptr);
 /* a progress indicator callback function */
 typedef void (__LZO_CDECL *lzo_progress_func_t)
    (lzo_callback_p, lzo_uint, lzo_uint, int);
 struct lzo_callback_t
 {
    /* custom allocators (set to 0 to disable) */
    lzo_alloc_func_t nalloc;                /* [not used right now] */
    lzo_free_func_t nfree;                  /* [not used right now] */
    /* a progress indicator callback function (set to 0 to disable) */
    lzo_progress_func_t nprogress;
    /* INFO: the first parameter "self" of the nalloc/nfree/nprogress
     * callbacks points back to this struct, so you are free to store
     * some extra info in the following variables. */
    lzo_voidp user1;
    lzo_xint user2;
    lzo_xint user3;
 };
 /***********************************************************************
 // error codes and prototypes
 ************************************************************************/
 /* Error codes for the compression/decompression functions. Negative
 * values are errors, positive values will be used for special but
 * normal events.
 */
 #define LZO_E_OK                    0
 #define LZO_E_ERROR                 (-1)
 #define LZO_E_OUT_OF_MEMORY         (-2)    /* [lzo_alloc_func_t failure] */
 #define LZO_E_NOT_COMPRESSIBLE      (-3)    /* [not used right now] */
 #define LZO_E_INPUT_OVERRUN         (-4)
 #define LZO_E_OUTPUT_OVERRUN        (-5)
 #define LZO_E_LOOKBEHIND_OVERRUN    (-6)
 #define LZO_E_EOF_NOT_FOUND         (-7)
 #define LZO_E_INPUT_NOT_CONSUMED    (-8)
 #define LZO_E_NOT_YET_IMPLEMENTED   (-9)    /* [not used right now] */
 #define LZO_E_INVALID_ARGUMENT      (-10)
 #define LZO_E_INVALID_ALIGNMENT     (-11)   /* pointer argument is not properly aligned */
 #define LZO_E_OUTPUT_NOT_CONSUMED   (-12)
 #define LZO_E_INTERNAL_ERROR        (-99)
 #ifndef lzo_sizeof_dict_t
 #  define lzo_sizeof_dict_t     ((unsigned)sizeof(lzo_bytep))
 #endif
 /* lzo_init() should be the first function you call.
 * Check the return code !
 *
 * lzo_init() is a macro to allow checking that the library and the
 * compiler's view of various types are consistent.
 */
 #define lzo_init() __lzo_init_v2(LZO_VERSION,(int)sizeof(short),(int)sizeof(int),\
    (int)sizeof(long),(int)sizeof(lzo_uint32_t),(int)sizeof(lzo_uint),\
    (int)lzo_sizeof_dict_t,(int)sizeof(char *),(int)sizeof(lzo_voidp),\
    (int)sizeof(lzo_callback_t))
 LZO_EXTERN(int) __lzo_init_v2(unsigned,int,int,int,int,int,int,int,int,int);
 /* version functions (useful for shared libraries) */
 LZO_EXTERN(unsigned) lzo_version(void);
 LZO_EXTERN(const char *) lzo_version_string(void);
 LZO_EXTERN(const char *) lzo_version_date(void);
 LZO_EXTERN(const lzo_charp) _lzo_version_string(void);
 LZO_EXTERN(const lzo_charp) _lzo_version_date(void);
 /* string functions */
 LZO_EXTERN(int)
    lzo_memcmp(const lzo_voidp a, const lzo_voidp b, lzo_uint len);
 LZO_EXTERN(lzo_voidp)
    lzo_memcpy(lzo_voidp dst, const lzo_voidp src, lzo_uint len);
 LZO_EXTERN(lzo_voidp)
    lzo_memmove(lzo_voidp dst, const lzo_voidp src, lzo_uint len);
 LZO_EXTERN(lzo_voidp)
    lzo_memset(lzo_voidp buf, int c, lzo_uint len);
 /* checksum functions */
 LZO_EXTERN(lzo_uint32_t)
    lzo_adler32(lzo_uint32_t c, const lzo_bytep buf, lzo_uint len);
 LZO_EXTERN(lzo_uint32_t)
    lzo_crc32(lzo_uint32_t c, const lzo_bytep buf, lzo_uint len);
 LZO_EXTERN(const lzo_uint32_tp)
    lzo_get_crc32_table(void);
 /* misc. */
 LZO_EXTERN(int) _lzo_config_check(void);
 typedef union {
    lzo_voidp a00; lzo_bytep a01; lzo_uint a02; lzo_xint a03; lzo_uintptr_t a04;
    void *a05; unsigned char *a06; unsigned long a07; size_t a08; ptrdiff_t a09;
 #if defined(lzo_int64_t)
    lzo_uint64_t a10;
 #endif
 } lzo_align_t;
 /* align a char pointer on a boundary that is a multiple of 'size' */
 LZO_EXTERN(unsigned) __lzo_align_gap(const lzo_voidp p, lzo_uint size);
 #define LZO_PTR_ALIGN_UP(p,size) \
    ((p) + (lzo_uint) __lzo_align_gap((const lzo_voidp)(p),(lzo_uint)(size)))
 /***********************************************************************
 // deprecated macros - only for backward compatibility
 ************************************************************************/
 /* deprecated - use 'lzo_bytep' instead of 'lzo_byte *' */
 #define lzo_byte                unsigned char
 /* deprecated type names */
 #define lzo_int32               lzo_int32_t
 #define lzo_uint32              lzo_uint32_t
 #define lzo_int32p              lzo_int32_t __LZO_MMODEL *
 #define lzo_uint32p             lzo_uint32_t __LZO_MMODEL *
 #define LZO_INT32_MAX           LZO_INT32_C(2147483647)
 #define LZO_UINT32_MAX          LZO_UINT32_C(4294967295)
 #if defined(lzo_int64_t)
 #define lzo_int64               lzo_int64_t
 #define lzo_uint64              lzo_uint64_t
 #define lzo_int64p              lzo_int64_t __LZO_MMODEL *
 #define lzo_uint64p             lzo_uint64_t __LZO_MMODEL *
 #define LZO_INT64_MAX           LZO_INT64_C(9223372036854775807)
 #define LZO_UINT64_MAX          LZO_UINT64_C(18446744073709551615)
 #endif
 /* deprecated types */
 typedef union { lzo_bytep a; lzo_uint b; } __lzo_pu_u;
 typedef union { lzo_bytep a; lzo_uint32_t b; } __lzo_pu32_u;
 /* deprecated defines */
 #if !defined(LZO_SIZEOF_LZO_UINT)
 #  define LZO_SIZEOF_LZO_UINT   LZO_SIZEOF_LZO_INT
 #endif
 #if defined(LZO_CFG_COMPAT)
 #define __LZOCONF_H 1
 #if defined(LZO_ARCH_I086)
 #  define __LZO_i386 1
 #elif defined(LZO_ARCH_I386)
 #  define __LZO_i386 1
 #endif
 #if defined(LZO_OS_DOS16)
 #  define __LZO_DOS 1
 #  define __LZO_DOS16 1
 #elif defined(LZO_OS_DOS32)
 #  define __LZO_DOS 1
 #elif defined(LZO_OS_WIN16)
 #  define __LZO_WIN 1
 #  define __LZO_WIN16 1
 #elif defined(LZO_OS_WIN32)
 #  define __LZO_WIN 1
 #endif
 #define __LZO_CMODEL            /*empty*/
 #define __LZO_DMODEL            /*empty*/
 #define __LZO_ENTRY             __LZO_CDECL
 #define LZO_EXTERN_CDECL        LZO_EXTERN
 #define LZO_ALIGN               LZO_PTR_ALIGN_UP
 #define lzo_compress_asm_t      lzo_compress_t
 #define lzo_decompress_asm_t    lzo_decompress_t
 #endif /* LZO_CFG_COMPAT */
 #ifdef __cplusplus
 } /* extern "C" */
 #endif
 #endif /* already included */
 /* vim:set ts=4 sw=4 et: */
--- a/TunnelKit/Sources/LZO/lib/lzodefs.h
+++ b/TunnelKit/Sources/LZO/lib/lzodefs.h
--- a/TunnelKit/Sources/LZO/lib/minilzo.c
+++ b/TunnelKit/Sources/LZO/lib/minilzo.c
--- a/TunnelKit/Sources/LZO/lib/minilzo.h
+++ b/TunnelKit/Sources/LZO/lib/minilzo.h
@ -0,0 +1,106 @@
 /* minilzo.h -- mini subset of the LZO real-time data compression library
   This file is part of the LZO real-time data compression library.
   Copyright (C) 1996-2017 Markus Franz Xaver Johannes Oberhumer
   All Rights Reserved.
   The LZO library is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public License as
   published by the Free Software Foundation; either version 2 of
   the License, or (at your option) any later version.
   The LZO library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
   You should have received a copy of the GNU General Public License
   along with the LZO library; see the file COPYING.
   If not, write to the Free Software Foundation, Inc.,
   51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
   Markus F.X.J. Oberhumer
   <markus@oberhumer.com>
   http://www.oberhumer.com/opensource/lzo/
 */
 /*
 * NOTE:
 *   the full LZO package can be found at
 *   http://www.oberhumer.com/opensource/lzo/
 */
 #ifndef __MINILZO_H_INCLUDED
 #define __MINILZO_H_INCLUDED 1
 #define MINILZO_VERSION         0x20a0  /* 2.10 */
 #if defined(__LZOCONF_H_INCLUDED)
 #  error "you cannot use both LZO and miniLZO"
 #endif
 /* internal Autoconf configuration file - only used when building miniLZO */
 #ifdef MINILZO_HAVE_CONFIG_H
 #  include <config.h>
 #endif
 #include <limits.h>
 #include <stddef.h>
 #ifndef __LZODEFS_H_INCLUDED
 #include "lzodefs.h"
 #endif
 #undef LZO_HAVE_CONFIG_H
 #include "lzoconf.h"
 #if !defined(LZO_VERSION) || (LZO_VERSION != MINILZO_VERSION)
 #  error "version mismatch in header files"
 #endif
 #ifdef __cplusplus
 extern "C" {
 #endif
 /***********************************************************************
 //
 ************************************************************************/
 /* Memory required for the wrkmem parameter.
 * When the required size is 0, you can also pass a NULL pointer.
 */
 #define LZO1X_MEM_COMPRESS      LZO1X_1_MEM_COMPRESS
 #define LZO1X_1_MEM_COMPRESS    ((lzo_uint32_t) (16384L * lzo_sizeof_dict_t))
 #define LZO1X_MEM_DECOMPRESS    (0)
 /* compression */
 LZO_EXTERN(int)
 lzo1x_1_compress        ( const lzo_bytep src, lzo_uint  src_len,
                                lzo_bytep dst, lzo_uintp dst_len,
                                lzo_voidp wrkmem );
 /* decompression */
 LZO_EXTERN(int)
 lzo1x_decompress        ( const lzo_bytep src, lzo_uint  src_len,
                                lzo_bytep dst, lzo_uintp dst_len,
                                lzo_voidp wrkmem /* NOT USED */ );
 /* safe decompression with overrun testing */
 LZO_EXTERN(int)
 lzo1x_decompress_safe   ( const lzo_bytep src, lzo_uint  src_len,
                                lzo_bytep dst, lzo_uintp dst_len,
                                lzo_voidp wrkmem /* NOT USED */ );
 #ifdef __cplusplus
 } /* extern "C" */
 #endif
 #endif /* already included */
 /* vim:set ts=4 sw=4 et: */
--- a/TunnelKit/Sources/LZO/lib/testmini.c
+++ b/TunnelKit/Sources/LZO/lib/testmini.c
@ -0,0 +1,148 @@
 /* testmini.c -- very simple test program for the miniLZO library
   This file is part of the LZO real-time data compression library.
   Copyright (C) 1996-2017 Markus Franz Xaver Johannes Oberhumer
   All Rights Reserved.
   The LZO library is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public License as
   published by the Free Software Foundation; either version 2 of
   the License, or (at your option) any later version.
   The LZO library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
   You should have received a copy of the GNU General Public License
   along with the LZO library; see the file COPYING.
   If not, write to the Free Software Foundation, Inc.,
   51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
   Markus F.X.J. Oberhumer
   <markus@oberhumer.com>
   http://www.oberhumer.com/opensource/lzo/
 */
 #include <stdio.h>
 #include <stdlib.h>
 /*************************************************************************
 // This program shows the basic usage of the LZO library.
 // We will compress a block of data and decompress again.
 //
 // For more information, documentation, example programs and other support
 // files (like Makefiles and build scripts) please download the full LZO
 // package from
 //    http://www.oberhumer.com/opensource/lzo/
 **************************************************************************/
 /* First let's include "minizo.h". */
 #include "minilzo.h"
 /* We want to compress the data block at 'in' with length 'IN_LEN' to
 * the block at 'out'. Because the input block may be incompressible,
 * we must provide a little more output space in case that compression
 * is not possible.
 */
 #define IN_LEN      (128*1024ul)
 #define OUT_LEN     (IN_LEN + IN_LEN / 16 + 64 + 3)
 static unsigned char __LZO_MMODEL in  [ IN_LEN ];
 static unsigned char __LZO_MMODEL out [ OUT_LEN ];
 /* Work-memory needed for compression. Allocate memory in units
 * of 'lzo_align_t' (instead of 'char') to make sure it is properly aligned.
 */
 #define HEAP_ALLOC(var,size) \
    lzo_align_t __LZO_MMODEL var [ ((size) + (sizeof(lzo_align_t) - 1)) / sizeof(lzo_align_t) ]
 static HEAP_ALLOC(wrkmem, LZO1X_1_MEM_COMPRESS);
 /*************************************************************************
 //
 **************************************************************************/
 int main(int argc, char *argv[])
 {
    int r;
    lzo_uint in_len;
    lzo_uint out_len;
    lzo_uint new_len;
    if (argc < 0 && argv == NULL)   /* avoid warning about unused args */
        return 0;
    printf("\nLZO real-time data compression library (v%s, %s).\n",
           lzo_version_string(), lzo_version_date());
    printf("Copyright (C) 1996-2017 Markus Franz Xaver Johannes Oberhumer\nAll Rights Reserved.\n\n");
 /*
 * Step 1: initialize the LZO library
 */
    if (lzo_init() != LZO_E_OK)
    {
        printf("internal error - lzo_init() failed !!!\n");
        printf("(this usually indicates a compiler bug - try recompiling\nwithout optimizations, and enable '-DLZO_DEBUG' for diagnostics)\n");
        return 3;
    }
 /*
 * Step 2: prepare the input block that will get compressed.
 *         We just fill it with zeros in this example program,
 *         but you would use your real-world data here.
 */
    in_len = IN_LEN;
    lzo_memset(in,0,in_len);
 /*
 * Step 3: compress from 'in' to 'out' with LZO1X-1
 */
    r = lzo1x_1_compress(in,in_len,out,&out_len,wrkmem);
    if (r == LZO_E_OK)
        printf("compressed %lu bytes into %lu bytes\n",
            (unsigned long) in_len, (unsigned long) out_len);
    else
    {
        /* this should NEVER happen */
        printf("internal error - compression failed: %d\n", r);
        return 2;
    }
    /* check for an incompressible block */
    if (out_len >= in_len)
    {
        printf("This block contains incompressible data.\n");
        return 0;
    }
 /*
 * Step 4: decompress again, now going from 'out' to 'in'
 */
    new_len = in_len;
    r = lzo1x_decompress(out,out_len,in,&new_len,NULL);
    if (r == LZO_E_OK && new_len == in_len)
        printf("decompressed %lu bytes back into %lu bytes\n",
            (unsigned long) out_len, (unsigned long) in_len);
    else
    {
        /* this should NEVER happen */
        printf("internal error - decompression failed: %d\n", r);
        return 1;
    }
    printf("\nminiLZO simple compression test passed.\n");
    return 0;
 }
 /* vim:set ts=4 sw=4 et: */
--- a/TunnelKitHost/Info.plist
+++ b/TunnelKitHost/Info.plist
@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.4.3</string>
+	<string>1.5.0</string>
 	<key>CFBundleVersion</key>
 	<string>1</string>
 	<key>LSRequiresIPhoneOS</key>
--- a/TunnelKitTests-iOS/Info.plist
+++ b/TunnelKitTests-iOS/Info.plist
@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>BNDL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.4.3</string>
+	<string>1.5.0</string>
 	<key>CFBundleVersion</key>
 	<string>1</string>
 </dict>
--- a/TunnelKitTests-macOS/Info.plist
+++ b/TunnelKitTests-macOS/Info.plist
@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>BNDL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.4.3</string>
+	<string>1.5.0</string>
 	<key>CFBundleVersion</key>
 	<string>1</string>
 </dict>
--- a/TunnelKitTests/CompressionTests.swift
+++ b/TunnelKitTests/CompressionTests.swift
@ -0,0 +1,57 @@
 //
 //  CompressionTests.swift
 //  TunnelKitTests
 //
 //  Created by Davide De Rosa on 3/18/19.
 //  Copyright (c) 2019 Davide De Rosa. All rights reserved.
 //
 //  https://github.com/keeshux
 //
 //  This file is part of TunnelKit.
 //
 //  TunnelKit is free software: you can redistribute it and/or modify
 //  it under the terms of the GNU General Public License as published by
 //  the Free Software Foundation, either version 3 of the License, or
 //  (at your option) any later version.
 //
 //  TunnelKit is distributed in the hope that it will be useful,
 //  but WITHOUT ANY WARRANTY; without even the implied warranty of
 //  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 //  GNU General Public License for more details.
 //
 //  You should have received a copy of the GNU General Public License
 //  along with TunnelKit.  If not, see <http://www.gnu.org/licenses/>.
 //
 import XCTest
@testable import TunnelKit
 import __TunnelKitNative
 class CompressionTests: XCTestCase {
    override func setUp() {
        // Put setup code here. This method is called before the invocation of each test method in the class.
 //        print("LZO version: \(LZO.versionString())")
    }
    override func tearDown() {
        // Put teardown code here. This method is called after the invocation of each test method in the class.
    }
    func testSymmetric() {
        XCTAssertTrue(LZOIsSupported());
        let lzo = LZOCreate()
        let src = Data(bytes: [UInt8](repeating: 6, count: 100))
        guard let dst = try? lzo.compressedData(with: src) else {
            XCTFail("Uncompressible data")
            return
        }
        guard let dstDecompressed = try? lzo.decompressedData(with: dst) else {
            XCTFail("Unable to decompress data")
            return
        }
        print("BEFORE: \(src)")
        print("AFTER : \(dstDecompressed)")
        XCTAssertEqual(src, dstDecompressed)
    }
 }
--- a/TunnelKitTests/ConfigurationParserTests.swift
+++ b/TunnelKitTests/ConfigurationParserTests.swift
@ -57,9 +57,11 @@ class ConfigurationParserTests: XCTestCase {
    }
    func testCompression() throws {
-        XCTAssertNotNil(try ConfigurationParser.parsed(fromLines: base + ["comp-lzo"]).warning)
+//        XCTAssertNotNil(try ConfigurationParser.parsed(fromLines: base + ["comp-lzo"]).warning)
        XCTAssertNil(try ConfigurationParser.parsed(fromLines: base + ["comp-lzo"]).warning)
        XCTAssertNoThrow(try ConfigurationParser.parsed(fromLines: base + ["comp-lzo no"]))
-        XCTAssertThrowsError(try ConfigurationParser.parsed(fromLines: base + ["comp-lzo yes"]))
+        XCTAssertNoThrow(try ConfigurationParser.parsed(fromLines: base + ["comp-lzo yes"]))
 //        XCTAssertThrowsError(try ConfigurationParser.parsed(fromLines: base + ["comp-lzo yes"]))
        XCTAssertNoThrow(try ConfigurationParser.parsed(fromLines: base + ["compress"]))
        XCTAssertThrowsError(try ConfigurationParser.parsed(fromLines: base + ["compress lzo"]))
--- a/TunnelKitTests/DataPathEncryptionTests.swift
+++ b/TunnelKitTests/DataPathEncryptionTests.swift
@ -92,6 +92,7 @@ class DataPathEncryptionTests: XCTestCase {
            decrypter: dec,
            peerId: peerId ?? PacketPeerIdDisabled,
            compressionFraming: .disabled,
            compressionAlgorithm: .disabled,
            maxPackets: 1000,
            usesReplayProtection: false
        )
@ -135,10 +136,9 @@ class DataPathEncryptionTests: XCTestCase {
        var decryptedBytes: [UInt8] = [UInt8](repeating: 0, count: 1000)
        var decryptedLength: Int = 0
        var packetId: UInt32 = 0
-        var payloadLength: Int = 0
+        var compressionHeader: UInt8 = 0
        try! dec.decryptDataPacket(encrypted, into: &decryptedBytes, length: &decryptedLength, packetId: &packetId)
-        let payloadBytes = try! dec.parsePayload(nil, length: &payloadLength, packetBytes: &decryptedBytes, packetLength: decryptedLength)
+        let payload = try! dec.parsePayload(nil, compressionHeader: &compressionHeader, packetBytes: &decryptedBytes, packetLength: decryptedLength)
        let payload = Data(bytes: payloadBytes, count: payloadLength)
        XCTAssertEqual(payload, expectedPayload)
        XCTAssertEqual(packetId, expectedPacketId)
--- a/TunnelKitTests/DataPathPerformanceTests.swift
+++ b/TunnelKitTests/DataPathPerformanceTests.swift
@ -59,6 +59,7 @@ class DataPathPerformanceTests: XCTestCase {
            decrypter: decrypter,
            peerId: PacketPeerIdDisabled,
            compressionFraming: .disabled,
            compressionAlgorithm: .disabled,
            maxPackets: 200,
            usesReplayProtection: false
        )
--- a/TunnelKitTests/PushTests.swift
+++ b/TunnelKitTests/PushTests.swift
@ -28,8 +28,8 @@ import XCTest
 private extension SessionReply {
    func debug() {
-        print("Compression framing: \(dnsServers)")
+        print("Compression framing: \(compressionFraming?.description ?? "none")")
-        print("Compression: \(usesCompression)")
+        print("Compression algorithm: \(compressionAlgorithm?.description ?? "none")")
        print("IPv4: \(ipv4?.description ?? "none")")
        print("IPv6: \(ipv6?.description ?? "none")")
        print("DNS: \(dnsServers)")
@ -109,27 +109,27 @@ class PushTests: XCTestCase {
        reply = try! SessionProxy.PushReply(message: msg.appending(",comp-lzo no"))!
        reply.debug()
        XCTAssertEqual(reply.compressionFraming, .compLZO)
-        XCTAssertFalse(reply.usesCompression)
+        XCTAssertEqual(reply.compressionAlgorithm, .disabled)
        reply = try! SessionProxy.PushReply(message: msg.appending(",comp-lzo"))!
        reply.debug()
        XCTAssertEqual(reply.compressionFraming, .compLZO)
-        XCTAssertTrue(reply.usesCompression)
+        XCTAssertEqual(reply.compressionAlgorithm, .LZO)
        reply = try! SessionProxy.PushReply(message: msg.appending(",comp-lzo yes"))!
        reply.debug()
        XCTAssertEqual(reply.compressionFraming, .compLZO)
-        XCTAssertTrue(reply.usesCompression)
+        XCTAssertEqual(reply.compressionAlgorithm, .LZO)
        reply = try! SessionProxy.PushReply(message: msg.appending(",compress"))!
        reply.debug()
        XCTAssertEqual(reply.compressionFraming, .compress)
-        XCTAssertFalse(reply.usesCompression)
+        XCTAssertEqual(reply.compressionAlgorithm, .disabled)
        reply = try! SessionProxy.PushReply(message: msg.appending(",compress lz4"))!
        reply.debug()
        XCTAssertEqual(reply.compressionFraming, .compress)
-        XCTAssertTrue(reply.usesCompression)
+        XCTAssertEqual(reply.compressionAlgorithm, .other)
    }
    func testNCP() {