[Openvpn-devel,v2] dco: move availability check to the end of check_option_conflict() function

Message ID 20220802130312.18871-1-a@unstable.cc
State Accepted
Headers show
Series [Openvpn-devel,v2] dco: move availability check to the end of check_option_conflict() function | expand

Commit Message

Antonio Quartulli Aug. 2, 2022, 3:03 a.m. UTC
To better arrange the order DCO option conflict messages are printed, we
decided to first perform all needed checks on provided options and, only
at the end, if no conflict was detected, to check if DCO is really
available on the system.

This way a user gets prompted with all warnings about their
configuration first and, when everything is fixed, they will see if DCO
is available or not.

While at it, compress the first check in just one if to make the code
simpler.

Signed-off-by: Antonio Quartulli <a@unstable.cc>
---

Changes from v1:
* pass proper argument to dco_available()
---
 src/openvpn/dco.c | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

Comments

Frank Lichtenheld Aug. 9, 2022, 11:31 p.m. UTC | #1
FWIW I put this through the buildbot as a test for the new
extended t_client tests on the docker workers and it caused
no issues. Also ran the t_client tests on my DCO-enabled
Ubuntu 22 laptop. I did not do any more specific tests.

Changes look sensible to me, so
Acked-By: Frank Lichtenheld <frank@lichtenheld.com>

On Tue, Aug 02, 2022 at 03:03:12PM +0200, Antonio Quartulli wrote:
> To better arrange the order DCO option conflict messages are printed, we
> decided to first perform all needed checks on provided options and, only
> at the end, if no conflict was detected, to check if DCO is really
> available on the system.
> 
> This way a user gets prompted with all warnings about their
> configuration first and, when everything is fixed, they will see if DCO
> is available or not.
> 
> While at it, compress the first check in just one if to make the code
> simpler.
> 
> Signed-off-by: Antonio Quartulli <a@unstable.cc>
> ---
> 
> Changes from v1:
> * pass proper argument to dco_available()
> ---
>  src/openvpn/dco.c | 22 +++++++++-------------
>  1 file changed, 9 insertions(+), 13 deletions(-)
> 
> diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
> index a6912d4e..0877f0af 100644
> --- a/src/openvpn/dco.c
> +++ b/src/openvpn/dco.c
> @@ -268,18 +268,11 @@ dco_check_option_conflict_ce(const struct connection_entry *ce, int msglevel)
>  bool
>  dco_check_option_conflict(int msglevel, const struct options *o)
>  {
> -    if (o->tuntap_options.disable_dco)
> -    {
> -        /* already disabled by --disable-dco, no need to print warnings */
> -        return false;
> -    }
> -
> -    if (!dco_available(msglevel))
> -    {
> -        return false;
> -    }
> -
> -    if (!o->dev)
> +    /* check if DCO was already disabled by the user or if no dev name was
> +     * specified at all. In the latter case, later logic will most likely stop
> +     * OpenVPN, so no need to print any message here.
> +     */
> +    if (o->tuntap_options.disable_dco || !o->dev)
>      {
>          return false;
>      }
> @@ -361,7 +354,10 @@ dco_check_option_conflict(int msglevel, const struct options *o)
>      }
>      gc_free(&gc);
>  
> -    return true;
> +    /* now that all options have been confirmed to be supported, check if DCO is
> +     * truly available on the system
> +     */
> +    return dco_available(msglevel);
>  }
>
Gert Doering Aug. 18, 2022, 8:14 a.m. UTC | #2
Thanks.  This was left hanging in the cold for some reason... merged
now.  I've subjected it to the usual test for DCO related stuff (client
with no-dco kernel, client with dco, server with dco) and verified that
the same instances have DCO enabled that had before - glad for Arne's
GLOBAL_STATS patch now :-)

This *should* be safe even on windows, as windows patch 1/7 changes
the first condition to "if (!dco_enabled(o) ...)" so it won't abort on
DCO-incompatible option in a config that does not have "windows-driver dco"
in the first place.

I have rewrapped the comment to better fit into 80 char line constraints
(since the second line was quite short)

Your patch has been applied to the master branch.

commit 78b8d0e162e1fa34780ee3d3ea84691539a0b1f3
Author: Antonio Quartulli
Date:   Tue Aug 2 15:03:12 2022 +0200

     dco: move availability check to the end of check_option_conflict() function

     Signed-off-by: Antonio Quartulli <a@unstable.cc>
     Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
     Message-Id: <20220802130312.18871-1-a@unstable.cc>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24783.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index a6912d4e..0877f0af 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -268,18 +268,11 @@  dco_check_option_conflict_ce(const struct connection_entry *ce, int msglevel)
 bool
 dco_check_option_conflict(int msglevel, const struct options *o)
 {
-    if (o->tuntap_options.disable_dco)
-    {
-        /* already disabled by --disable-dco, no need to print warnings */
-        return false;
-    }
-
-    if (!dco_available(msglevel))
-    {
-        return false;
-    }
-
-    if (!o->dev)
+    /* check if DCO was already disabled by the user or if no dev name was
+     * specified at all. In the latter case, later logic will most likely stop
+     * OpenVPN, so no need to print any message here.
+     */
+    if (o->tuntap_options.disable_dco || !o->dev)
     {
         return false;
     }
@@ -361,7 +354,10 @@  dco_check_option_conflict(int msglevel, const struct options *o)
     }
     gc_free(&gc);
 
-    return true;
+    /* now that all options have been confirmed to be supported, check if DCO is
+     * truly available on the system
+     */
+    return dco_available(msglevel);
 }
 
 bool