diff mbox series

[Openvpn-devel] dco: disable DCO if --allow-compress yes/asym was specified

Message ID 20220805151325.14021-1-a@unstable.cc
State Changes Requested
Headers show
Series [Openvpn-devel] dco: disable DCO if --allow-compress yes/asym was specified | expand

Commit Message

Antonio Quartulli Aug. 5, 2022, 5:13 a.m. UTC 
Allowing compression means that we may accept a pushable compress
setting.
This scenario can't work with DCO therefore disable it when compression
is allowed.

Signed-off-by: Antonio Quartulli <a@unstable.cc>
---
 src/openvpn/dco.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

Arne Schwabe Aug. 5, 2022, 5:16 a.m. UTC | #1 
Am 05.08.22 um 17:13 schrieb Antonio Quartulli:
> Allowing compression means that we may accept a pushable compress
> setting.
> This scenario can't work with DCO therefore disable it when compression
> is allowed.
> 

Acked-By: Arne Schwabe <arne@rfc2549.org>
Gert Doering Aug. 6, 2022, 12:16 a.m. UTC | #2 
Hi,

On Fri, Aug 05, 2022 at 05:13:25PM +0200, Antonio Quartulli wrote:
>  #if defined(USE_COMP)
> -    if (o->comp.alg != COMP_ALG_UNDEF)
> +    if (o->comp.alg != COMP_ALG_UNDEF
> +        || o->comp.flags & COMP_F_ALLOW_ASYM
> +        || o->comp.flags & COMP_F_ALLOW_COMPRESS)
>      {
> -        msg(msglevel, "Note: Using compression disables data channel offload.");
> +        msg(msglevel, "Note: Allowing or using compression disables data channel offload.");

It does have an ACK, and it does what it promises to, but I do not
like the message - as in, it's technically correct, but it could be a
bit more helpful in regards to "what does the user need to do now?"

What about

> +        msg(msglevel, "Note: '--allow-compression' is not set to 'no'.  Disabling data channel offload.");

so they know "ah, need to look for that option" (and either set it to "no"
or remove it from the config).

Yes, this is not mentioning "using compression" at all anymore, but this
is indirectly handled - if you have "--allow-compression no", it will
disallow use of "--compress <whatever>" on its own, so we do not need
to mention it in the DCO specific part.

gert
diff mbox series

Patch

diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index c40fe96f..31f8737f 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -352,9 +352,11 @@  dco_check_option_conflict(int msglevel, const struct options *o)
     }
 
 #if defined(USE_COMP)
-    if (o->comp.alg != COMP_ALG_UNDEF)
+    if (o->comp.alg != COMP_ALG_UNDEF
+        || o->comp.flags & COMP_F_ALLOW_ASYM
+        || o->comp.flags & COMP_F_ALLOW_COMPRESS)
     {
-        msg(msglevel, "Note: Using compression disables data channel offload.");
+        msg(msglevel, "Note: Allowing or using compression disables data channel offload.");
 
         if (o->mode == MODE_SERVER && !(o->comp.flags & COMP_F_MIGRATE))
         {