Message ID | 20220813204224.22576-2-a@unstable.cc |
---|---|
State | Changes Requested |
Headers | show |
Series | [Openvpn-devel,v101,1/7] dco-win: introduce low-level code for handling ovpn-dco-win in Windows | expand |
Again, this cannot be tested yet. Stared at the code and tested with follow-up commits, looks good and works as expected. Acked-by: Lev Stipakov <lstipakov@gmail.com> la 13. elok. 2022 klo 23.43 Antonio Quartulli (a@unstable.cc) kirjoitti: > At the moment dco-win doesn't support --persist-tun and --server, > so check for these options at startup time. > > Signed-off-by: Antonio Quartulli <a@unstable.cc> > Signed-off-by: Lev Stipakov <lev@openvpn.net> > --- > Changes from v100: > * improved commit title/message > --- > src/openvpn/dco.c | 17 +++++++++++++++-- > src/openvpn/options.c | 5 +++++ > 2 files changed, 20 insertions(+), 2 deletions(-) > > diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c > index b342bee1..dcb570f9 100644 > --- a/src/openvpn/dco.c > +++ b/src/openvpn/dco.c > @@ -221,7 +221,20 @@ dco_update_keys(dco_context_t *dco, struct tls_multi > *multi) > static bool > dco_check_option_conflict_platform(int msglevel, const struct options *o) > { > -#if defined(TARGET_LINUX) > +#if defined(_WIN32) > + if (o->mode == MODE_SERVER) > + { > + msg(msglevel, "Only client and p2p data channel offload is > supported " > + "with ovpn-dco-win."); > + return false; > + } > + > + if (o->persist_tun) > + { > + msg(msglevel, "--persist-tun is not supported with > ovpn-dco-win."); > + return false; > + } > +#elif defined(TARGET_LINUX) > /* if the device name is fixed, we need to check if an interface with > this > * name already exists. IF it does, it must be a DCO interface, > otherwise > * DCO has to be disabled in order to continue. > @@ -246,7 +259,7 @@ dco_check_option_conflict_platform(int msglevel, const > struct options *o) > strerror(-ret), ret); > } > } > -#endif /* if defined(TARGET_LINUX) */ > +#endif /* if defined(_WIN32) */ > return true; > } > > diff --git a/src/openvpn/options.c b/src/openvpn/options.c > index 14cb4cc4..cec6cf10 100644 > --- a/src/openvpn/options.c > +++ b/src/openvpn/options.c > @@ -2450,6 +2450,11 @@ options_postprocess_verify_ce(const struct options > *options, > { > msg(M_USAGE, "--windows-driver wintun requires --dev tun"); > } > + > + if (options->windows_driver == WINDOWS_DRIVER_DCO) > + { > + dco_check_option_conflict(M_USAGE, options); > + } > #endif /* ifdef _WIN32 */ > > /* > -- > 2.35.1 > > > > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel >
Hi, On Sat, Aug 13, 2022 at 10:42:19PM +0200, Antonio Quartulli wrote: > At the moment dco-win doesn't support --persist-tun and --server, > so check for these options at startup time. This needs rebasing anyway (due to the startup change), but while at it... > + > + if (options->windows_driver == WINDOWS_DRIVER_DCO) > + { > + dco_check_option_conflict(M_USAGE, options); > + } ... this should read "if (dco_enabled(options))", no? Patch 3/7 changes dco_enabled() to do exactly this "if (driver == WINDOWS_DRIVER_DCO)" and it would make *this* function more clear. OTOH, the first thing dco_check_options_conflict() does is "check if DCO is enabled at all", so why check it in the caller again? Staring at this for a while, I do wonder why we do the "linux DCO" options check in options_postprocess_mutate(), and the "Win32 DCO" options check in options_postprocess_verify_ce() (while it does not look at the actual ->ce entries, and really *really* does not belong). Can we please clean this up, and have one joint call for all DCO platforms? I see no good reason for having two calls to the same function, doing the same thing, in two different call chains for different OSes. Now there is a material difference, if the Win32 invocation finds a dco-incompatible option, it will exit M_USAGE, while Linux will just disable DCO - if this is what we want, we should still keep the stuff closer together, like /* check if any option should force disabling DCO */ #if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) o->tuntap_options.disable_dco = !dco_check_option_conflict(D_DCO, o) || !dco_check_startup_option_conflict(D_DCO, o); #else if _WIN32 /* we can not currently fallback to non-DCO on Windows, so exit M_USAGE * if an option conflict is discovered */ dco_check_option_conflict(M_USAGE, o); dco_check_startup_option_conflict(M_USAGE, o); #endif gert
Hi, On Thu, Aug 18, 2022 at 11:26:38AM +0200, Antonio Quartulli wrote: > -#if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) > - o->tuntap_options.disable_dco = !dco_check_option_conflict(D_DCO, o) > - || !dco_check_startup_option_conflict(D_DCO, o); > -#endif > + o->tuntap_options.disable_dco = !dco_check_option_conflict(DCO_CHECK_OPTION_LEVEL, o) > + || !dco_check_startup_option_conflict(DCO_CHECK_OPTION_LEVEL, o); Nah, this is not good. This reads as "this is code which will always return, and will log with some arbitrary log level" (how would a reader know that D_DCO and DCO_CHECK_OPTION_LEVEL is not both coming from errror.h?). Make it explicit, and explain why. gert
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index b342bee1..dcb570f9 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -221,7 +221,20 @@ dco_update_keys(dco_context_t *dco, struct tls_multi *multi) static bool dco_check_option_conflict_platform(int msglevel, const struct options *o) { -#if defined(TARGET_LINUX) +#if defined(_WIN32) + if (o->mode == MODE_SERVER) + { + msg(msglevel, "Only client and p2p data channel offload is supported " + "with ovpn-dco-win."); + return false; + } + + if (o->persist_tun) + { + msg(msglevel, "--persist-tun is not supported with ovpn-dco-win."); + return false; + } +#elif defined(TARGET_LINUX) /* if the device name is fixed, we need to check if an interface with this * name already exists. IF it does, it must be a DCO interface, otherwise * DCO has to be disabled in order to continue. @@ -246,7 +259,7 @@ dco_check_option_conflict_platform(int msglevel, const struct options *o) strerror(-ret), ret); } } -#endif /* if defined(TARGET_LINUX) */ +#endif /* if defined(_WIN32) */ return true; } diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 14cb4cc4..cec6cf10 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2450,6 +2450,11 @@ options_postprocess_verify_ce(const struct options *options, { msg(M_USAGE, "--windows-driver wintun requires --dev tun"); } + + if (options->windows_driver == WINDOWS_DRIVER_DCO) + { + dco_check_option_conflict(M_USAGE, options); + } #endif /* ifdef _WIN32 */ /*