From patchwork Wed Aug 17 11:08:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Timo Rothenpieler X-Patchwork-Id: 2695 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.27.255.9]) by backend30.mail.ord1d.rsapps.net with LMTP id CC3SIEUm/mLKNwAAIUCqbw (envelope-from ) for ; Thu, 18 Aug 2022 07:45:09 -0400 Received: from proxy6.mail.iad3a.rsapps.net ([172.27.255.9]) by director8.mail.ord1d.rsapps.net with LMTP id YD+VIEUm/mJ/UgAAfY0hYg (envelope-from ) for ; Thu, 18 Aug 2022 07:45:09 -0400 Received: from smtp8.gate.iad3a ([172.27.255.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy6.mail.iad3a.rsapps.net with LMTPS id cP/kGUUm/mKPCAAA8udqhg (envelope-from ) for ; Thu, 18 Aug 2022 07:45:09 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: patchwork@openvpn.net X-Originating-Ip: [192.26.174.232] Authentication-Results: smtp8.gate.iad3a.rsapps.net; iprev=pass policy.iprev="192.26.174.232"; spf=pass smtp.mailfrom="arne@rfc2549.org" smtp.helo="mail.blinkt.de"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=rothenpieler.org X-Suspicious-Flag: NO X-Classification-ID: ecb18e80-1eea-11ed-9ece-525400b8fe03-1-1 Received: from [192.26.174.232] ([192.26.174.232:10470] helo=mail.blinkt.de) by smtp8.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 4C/A8-25646-AC52EF26; Thu, 18 Aug 2022 07:43:07 -0400 Received: from [195.70.183.100] (helo=[192.168.12.111]) by mail.blinkt.de with esmtpsa (TLS1.3) tls TLS_AES_128_GCM_SHA256 (Exim 4.95 (FreeBSD)) (envelope-from ) id 1oOdvV-0000UK-Pv for patchwork@openvpn.net; Thu, 18 Aug 2022 13:43:05 +0200 Resent-From: Arne Schwabe Resent-To: patchwork@openvpn.net Resent-Date: Thu, 18 Aug 2022 13:43:05 +0200 Resent-Message-ID: Received: from mail.blinkt.de ([unix socket]) by mail.blinkt.de (Cyrus 3.4.4) with LMTPA; Wed, 17 Aug 2022 23:10:18 +0200 X-Cyrus-Session-Id: mail.blinkt.de-1660770618-85857-2-15087458291768025516 X-Sieve: CMU Sieve 3.0 Received: from lists.sourceforge.net ([216.105.38.7]) by mail.blinkt.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95 (FreeBSD)) (envelope-from ) id 1oOQIr-000MKj-7p for arne@rfc2549.org; Wed, 17 Aug 2022 23:10:18 +0200 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oOQHt-0004Za-D9; Wed, 17 Aug 2022 21:09:17 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oOQHq-0004ZU-5E for openvpn-devel@lists.sourceforge.net; Wed, 17 Aug 2022 21:09:15 +0000 Received: from btbn.de ([136.243.74.85]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1oOQHo-006ujU-49 for openvpn-devel@lists.sourceforge.net; Wed, 17 Aug 2022 21:09:13 +0000 Received: from [authenticated] by btbn.de (Postfix) with ESMTPSA id C534B35BD86; Wed, 17 Aug 2022 23:09:05 +0200 (CEST) From: Timo Rothenpieler To: openvpn-devel@lists.sourceforge.net Date: Wed, 17 Aug 2022 23:08:57 +0200 Message-Id: <20220817210857.1558-1-timo@rothenpieler.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Headers-End: 1oOQHo-006ujU-49 Subject: [Openvpn-devel] [PATCH] dco: turn platform config checks into separate function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-Spam-Bar: + X-getmail-retrieved-from-mailbox: Inbox All the checks in there are only relevant during startup, and specifically the capability check might cause issues when checking a CCD config later at runtime. So move them to their own function and call it only during startup. Acked-by: Antonio Quartulli --- src/openvpn/dco.c | 9 ++------- src/openvpn/dco.h | 18 ++++++++++++++++++ src/openvpn/options.c | 3 ++- 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index f21997de..9eb2685c 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -222,8 +222,8 @@ dco_update_keys(dco_context_t *dco, struct tls_multi *multi) } } -static bool -dco_check_option_conflict_platform(int msglevel, const struct options *o) +bool +dco_check_startup_option_conflict(int msglevel, const struct options *o) { #if defined(TARGET_LINUX) /* if the device name is fixed, we need to check if an interface with this @@ -327,11 +327,6 @@ dco_check_option_conflict(int msglevel, const struct options *o) return false; } - if (!dco_check_option_conflict_platform(msglevel, o)) - { - return false; - } - if (dev_type_enum(o->dev, o->dev_type) != DEV_TYPE_TUN) { msg(msglevel, "Note: dev-type not tun, disabling data channel offload."); diff --git a/src/openvpn/dco.h b/src/openvpn/dco.h index 6b5c016a..e296cf27 100644 --- a/src/openvpn/dco.h +++ b/src/openvpn/dco.h @@ -69,6 +69,18 @@ bool dco_available(int msglevel); */ bool dco_check_option_conflict(int msglevel, const struct options *o); +/** + * Check whether the options struct has any further option that is not supported + * by our current dco implementation during early startup. + * If so print a warning at warning level for the first conflicting option + * found and return false. + * + * @param msglevel the msg level to use to print the warnings + * @param o the options struct that hold the options + * @return true if no conflict was detected, false otherwise + */ +bool dco_check_startup_option_conflict(int msglevel, const struct options *o); + /** * Check whether any of the options pushed by the server is not supported by * our current dco implementation. If so print a warning at warning level @@ -236,6 +248,12 @@ dco_check_option_conflict(int msglevel, const struct options *o) return false; } +static inline bool +dco_check_startup_option_conflict(int msglevel, const struct options *o) +{ + return false; +} + static inline bool dco_check_pull_options(int msglevel, const struct options *o) { diff --git a/src/openvpn/options.c b/src/openvpn/options.c index bd6db826..2415c1a8 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3671,7 +3671,8 @@ options_postprocess_mutate(struct options *o, struct env_set *es) /* check if any option should force disabling DCO */ #if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) - o->tuntap_options.disable_dco = !dco_check_option_conflict(D_DCO, o); + o->tuntap_options.disable_dco = !dco_check_option_conflict(D_DCO, o) + || !dco_check_startup_option_conflict(D_DCO, o); #endif if (dco_enabled(o) && o->dev_node)