From patchwork Tue Aug 30 00:49:58 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lev Stipakov <lstipakov@gmail.com>
X-Patchwork-Id: 2736
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6])
	by backend30.mail.ord1d.rsapps.net with LMTP
	id SFc+J5LrDWOSCgAAIUCqbw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 30 Aug 2022 06:50:58 -0400
Received: from proxy1.mail.ord1d.rsapps.net ([172.30.191.6])
	by director9.mail.ord1d.rsapps.net with LMTP
	id 2M47J5LrDWONNwAAalYnBA
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 30 Aug 2022 06:50:58 -0400
Received: from smtp6.gate.ord1d ([172.30.191.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy1.mail.ord1d.rsapps.net with LMTPS
	id oP/oJpLrDWPRMQAAasrz9Q
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 30 Aug 2022 06:50:58 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp6.gate.ord1d.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net;
 dkim=fail (signature verification failed) header.d=gmail.com;
 dmarc=fail (p=none; dis=none) header.from=gmail.com
X-Suspicious-Flag: YES
X-Classification-ID: a1081006-2851-11ed-b882-52540050e3e0-1-1
Received: from [216.105.38.7] ([216.105.38.7:54798]
 helo=lists.sourceforge.net)
	by smtp6.gate.ord1d.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id E8/73-16469-29BED036; Tue, 30 Aug 2022 06:50:58 -0400
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
	by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1oSyp3-000361-13;
	Tue, 30 Aug 2022 10:50:21 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <lstipakov@gmail.com>) id 1oSyp1-00035o-6U
 for openvpn-devel@lists.sourceforge.net;
 Tue, 30 Aug 2022 10:50:19 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=NahYCsEzlVzZGZZ297zhdwbz5LB1Dmd9CKsP0mcFL88=; b=DjsgJJP21tiIOOyFtU71drZDz6
 6NXSKF0/cFhYNP3pY42eNdmq+82Gz0bVn/lekkib2UFXCZ3FwUAb1qRFi0Xa3h9cJf+307zvU4ayS
 SAiQKjBcOzWwwgi1VeVhmLjP0oC5xFJfQB/Cx0K5vhPIfb75HuVvWfh8dqxdopUXhA24=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id:
 Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=NahYCsEzlVzZGZZ297zhdwbz5LB1Dmd9CKsP0mcFL88=; b=S4VVyTJCt5Y0qPoKIZ86YhIlt0
 kC9dm4M2bBu3QKHEIxO1RsQupOmDKZ8zU0qiYZRZjYirzoWdFD/5sx7JH3nlfJpR4WWdM2BtqKUfA
 CmSlx0SMbge1utrKIZuX8EpKjdkcnwn9IRwHdwDMuukMJqMAoDa4I3q0MntPq/wYi23c=;
Received: from mail-ed1-f50.google.com ([209.85.208.50])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95)
 id 1oSyp0-007PaW-C0 for openvpn-devel@lists.sourceforge.net;
 Tue, 30 Aug 2022 10:50:19 +0000
Received: by mail-ed1-f50.google.com with SMTP id b16so13644398edd.4
 for <openvpn-devel@lists.sourceforge.net>;
 Tue, 30 Aug 2022 03:50:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc;
 bh=NahYCsEzlVzZGZZ297zhdwbz5LB1Dmd9CKsP0mcFL88=;
 b=JQ/yUXMDhhWjXQmxJplWht/pyO0FNww8EJlYqPogsa4vioX1TFpQi5FGqcN3m7lv+i
 hiTqHPivLRIGnnyTb2hJ3cR3Z5F8nLPUKFzRJ7Qjm6WPny82+vvWVODF83P4QaYWfHTl
 Nb1cXbx/5NbcCK2xPnn0yxjK1vZaf4Cu1REzSiWgRqT6shaKfZBPiq58FXDSfX737qYu
 AX+yF7ifVTYe7BHGlwp1h1bo1/RaDJWGPAcQfs8oEYCjTGHR0uw5XT6chto8li2+rx7G
 F7+xkjlwQ54113BaQbRC7mcjAuGFDcpVSxlbaslHFHpr6QdKXLPabBdJjEdDWaSdeCvN
 fsIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc;
 bh=NahYCsEzlVzZGZZ297zhdwbz5LB1Dmd9CKsP0mcFL88=;
 b=x1VZ3yXBqRg1eGeaeD50R6BCj1q8pJJtb4dLyNHFQ4T8mCvdT9D5RoydKxr2oA8KA+
 DbNV6GUdV28DFENuPp/x6zqGZkRizGqQ9Z7G7YFHKgY9yxx9EGpwRxgPxPe8686QS03P
 oxawTnzKGXxEK56n7rqapT9ftpGUdM1T3kmFrPn/jP1yHCIW52Py/89eWqJ3rvUZFt4m
 9naggc3eA8EZpu6nRDo3r6wt6Qqa8/NtyQ7X/TYVHTnNWtc9qVmpCVDafya8mI/RRCDR
 Kp+vH2I9kNzUD2ZzdFFrGmaWB8i+WVqbkn8b88jQeS0Ns8zDSMIksgSQlJEnD7WzP4hD
 wzmQ==
X-Gm-Message-State: ACgBeo2w963u+3ZcRMHECiGH8d5THZSdbs5HgbFpwYmotLThaYMrpwnN
 ZOTFxig31zKJYO0SGSffeiKGrbJfTgjZTQ==
X-Google-Smtp-Source: 
 AA6agR4anjCGUY1zD8dH/YtOwNJpNuErCSg3fdPF9mAsDH/yaf38UPYtYsHaN0YIlsaWn6xHkvGsXw==
X-Received: by 2002:aa7:c7da:0:b0:440:d482:36b5 with SMTP id
 o26-20020aa7c7da000000b00440d48236b5mr20123408eds.21.1661856611524;
 Tue, 30 Aug 2022 03:50:11 -0700 (PDT)
Received: from LAPTOP-4L3N7KFS.localdomain (stipakov.fi. [128.199.52.117])
 by smtp.gmail.com with ESMTPSA id
 o20-20020a170906769400b0073306218484sm2186499ejm.26.2022.08.30.03.50.10
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Aug 2022 03:50:10 -0700 (PDT)
From: Lev Stipakov <lstipakov@gmail.com>
To: openvpn-devel@lists.sourceforge.net
Date: Tue, 30 Aug 2022 13:49:58 +0300
Message-Id: <20220830104958.91-1-lstipakov@gmail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <300C4042-73A3-4B19-8CE1-F55E30873C37@gmail.com>
References: <300C4042-73A3-4B19-8CE1-F55E30873C37@gmail.com>
MIME-Version: 1.0
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-2.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  From: Lev Stipakov Since version 0.8.0,
 dco-win driver added
 support for DEL_PEER command, which enabled --persist-tun implementation
 on client side. Add real implementation for dco_del_peer on Windows, which
 calls DEL_PEER, which clears peer state on the driver without tearing tunnel
 down. Content analysis details:   (-0.2 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [209.85.208.50 listed in list.dnswl.org]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider [lstipakov[at]gmail.com]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.208.50 listed in wl.mailspike.net]
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
X-Headers-End: 1oSyp0-007PaW-C0
Subject: [Openvpn-devel] [PATCH v2] dco-win: support for --persist-tun
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Lev Stipakov <lev@openvpn.net>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

From: Lev Stipakov <lev@openvpn.net>

Since version 0.8.0, dco-win driver added support for
DEL_PEER command, which enabled --persist-tun
implementation on client side.

Add real implementation for dco_del_peer on Windows,
which calls DEL_PEER, which clears peer state
on the driver without tearing tunnel down.

When pulled options are changed on restart,
we need to close and reopen tun device. This
is not yes supported for dco-win, so we close
tun and trigger reconnect.

Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-By: Frank Lichtenheld <frank@lichtenheld.com>
---
 v2:
  - fix TCP implementation (remove unneccessary tun_close() call)
  - simplify DCO connection establishment code

 src/openvpn/dco.c          |  5 -----
 src/openvpn/dco_win.c      | 39 ++++++++++++++++++------------------
 src/openvpn/dco_win.h      |  8 +++++---
 src/openvpn/init.c         | 19 +++++++++++++++---
 src/openvpn/ovpn_dco_win.h |  1 +
 src/openvpn/socket.c       | 41 +++++++++++++++++++-------------------
 6 files changed, 61 insertions(+), 52 deletions(-)

diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 78023eea..075820c3 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -233,11 +233,6 @@ dco_check_startup_option_conflict(int msglevel, const struct options *o)
         return false;
     }
 
-    if (o->persist_tun)
-    {
-        msg(msglevel, "--persist-tun is not supported with ovpn-dco.");
-        return false;
-    }
 #elif defined(TARGET_LINUX)
     /* if the device name is fixed, we need to check if an interface with this
      * name already exists. IF it does, it must be a DCO interface, otherwise
diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index a2030866..22f30280 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -42,7 +42,7 @@
 const IN_ADDR in4addr_any = { 0 };
 #endif
 
-static struct tuntap
+struct tuntap
 create_dco_handle(const char *devname, struct gc_arena *gc)
 {
     struct tuntap tt = { .windows_driver = WINDOWS_DRIVER_DCO };
@@ -104,7 +104,7 @@ dco_start_tun(struct tuntap *tt)
     dco_wait_ready(tt->adapter_index);
 }
 
-static int
+static void
 dco_connect_wait(HANDLE handle, OVERLAPPED *ov, int timeout, volatile int *signal_received)
 {
     /* GetOverlappedResultEx is available starting from Windows 8 */
@@ -129,7 +129,7 @@ dco_connect_wait(HANDLE handle, OVERLAPPED *ov, int timeout, volatile int *signa
         if (get_overlapped_result_ex(handle, ov, &transferred, poll_interval_ms, FALSE) != 0)
         {
             /* TCP connection established by dco */
-            return 0;
+            return;
         }
 
         DWORD err = GetLastError();
@@ -138,13 +138,13 @@ dco_connect_wait(HANDLE handle, OVERLAPPED *ov, int timeout, volatile int *signa
             /* dco reported connection error */
             msg(M_NONFATAL | M_ERRNO, "dco connect error");
             *signal_received = SIGUSR1;
-            return -1;
+            return;
         }
 
         get_signal(signal_received);
         if (*signal_received)
         {
-            return -1;
+            return;
         }
 
         management_sleep(0);
@@ -153,14 +153,11 @@ dco_connect_wait(HANDLE handle, OVERLAPPED *ov, int timeout, volatile int *signa
     /* we end up here when timeout occurs in userspace */
     msg(M_NONFATAL, "dco connect timeout");
     *signal_received = SIGUSR1;
-
-    return -1;
 }
 
-struct tuntap
-dco_create_socket(struct addrinfo *remoteaddr, bool bind_local,
-                  struct addrinfo *bind, const char *devname,
-                  struct gc_arena *gc, int timeout,
+void
+dco_create_socket(HANDLE handle, struct addrinfo *remoteaddr, bool bind_local,
+                  struct addrinfo *bind, int timeout,
                   volatile int *signal_received)
 {
     msg(D_DCO_DEBUG, "%s", __func__);
@@ -232,10 +229,8 @@ dco_create_socket(struct addrinfo *remoteaddr, bool bind_local,
         ASSERT(0);
     }
 
-    struct tuntap tt = create_dco_handle(devname, gc);
-
     OVERLAPPED ov = { 0 };
-    if (!DeviceIoControl(tt.hand, OVPN_IOCTL_NEW_PEER, &peer, sizeof(peer), NULL, 0, NULL, &ov))
+    if (!DeviceIoControl(handle, OVPN_IOCTL_NEW_PEER, &peer, sizeof(peer), NULL, 0, NULL, &ov))
     {
         DWORD err = GetLastError();
         if (err != ERROR_IO_PENDING)
@@ -244,13 +239,9 @@ dco_create_socket(struct addrinfo *remoteaddr, bool bind_local,
         }
         else
         {
-            if (dco_connect_wait(tt.hand, &ov, timeout, signal_received) < 0)
-            {
-                close_tun_handle(&tt);
-            }
+            dco_connect_wait(handle, &ov, timeout, signal_received);
         }
     }
-    return tt;
 }
 
 int
@@ -265,7 +256,15 @@ dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd,
 int
 dco_del_peer(dco_context_t *dco, unsigned int peerid)
 {
-    msg(D_DCO_DEBUG, "%s: peer-id %d - not implemented", __func__, peerid);
+    msg(D_DCO_DEBUG, "%s: peer-id %d", __func__, peerid);
+
+    DWORD bytes_returned = 0;
+    if (!DeviceIoControl(dco->tt->hand, OVPN_IOCTL_DEL_PEER, NULL,
+                         0, NULL, 0, &bytes_returned, NULL))
+    {
+        msg(M_WARN | M_ERRNO, "DeviceIoControl(OVPN_IOCTL_DEL_PEER) failed");
+        return -1;
+    }
     return 0;
 }
 
diff --git a/src/openvpn/dco_win.h b/src/openvpn/dco_win.h
index 348fc568..b3cdbbbd 100644
--- a/src/openvpn/dco_win.h
+++ b/src/openvpn/dco_win.h
@@ -37,9 +37,11 @@ struct dco_context {
 typedef struct dco_context dco_context_t;
 
 struct tuntap
-dco_create_socket(struct addrinfo *remoteaddr, bool bind_local,
-                  struct addrinfo *bind, const char *devname,
-                  struct gc_arena *gc, int timeout,
+create_dco_handle(const char *devname, struct gc_arena *gc);
+
+void
+dco_create_socket(HANDLE handle, struct addrinfo *remoteaddr, bool bind_local,
+                  struct addrinfo *bind, int timeout,
                   volatile int *signal_received);
 
 void
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 9917cefe..84d95c21 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2183,10 +2183,23 @@ do_up(struct context *c, bool pulled_options, unsigned int option_types_found)
             {
                 /* if so, close tun, delete routes, then reinitialize tun and add routes */
                 msg(M_INFO, "NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.");
+
+                bool tt_dco_win = tuntap_is_dco_win(c->c1.tuntap);
                 do_close_tun(c, true);
-                management_sleep(1);
-                c->c2.did_open_tun = do_open_tun(c);
-                update_time();
+
+                if (tt_dco_win)
+                {
+                    msg(M_NONFATAL, "dco-win doesn't yet support reopening TUN device");
+                    /* prevent link_socket_close() from closing handle with WinSock API */
+                    c->c2.link_socket->sd = SOCKET_UNDEFINED;
+                    return false;
+                }
+                else
+                {
+                    management_sleep(1);
+                    c->c2.did_open_tun = do_open_tun(c);
+                    update_time();
+                }
             }
         }
 
diff --git a/src/openvpn/ovpn_dco_win.h b/src/openvpn/ovpn_dco_win.h
index 1ebd51a7..cbbdf92e 100644
--- a/src/openvpn/ovpn_dco_win.h
+++ b/src/openvpn/ovpn_dco_win.h
@@ -106,3 +106,4 @@ typedef struct _OVPN_SET_PEER {
 #define OVPN_IOCTL_SWAP_KEYS    CTL_CODE(FILE_DEVICE_UNKNOWN, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define OVPN_IOCTL_SET_PEER     CTL_CODE(FILE_DEVICE_UNKNOWN, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define OVPN_IOCTL_START_VPN    CTL_CODE(FILE_DEVICE_UNKNOWN, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define OVPN_IOCTL_DEL_PEER     CTL_CODE(FILE_DEVICE_UNKNOWN, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index 4e29327b..4a982561 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -2128,23 +2128,25 @@ static void
 create_socket_dco_win(struct context *c, struct link_socket *sock,
                       volatile int *signal_received)
 {
-    struct tuntap *tt;
-    /* In this case persist-tun is enabled, which we don't support yet */
-    ASSERT(!c->c1.tuntap);
-
-    ALLOC_OBJ(tt, struct tuntap);
-
-    *tt = dco_create_socket(sock->info.lsa->current_remote,
-                            sock->bind_local,
-                            sock->info.lsa->bind_local,
-                            c->options.dev_node,
-                            &c->gc,
-                            get_server_poll_remaining_time(sock->server_poll_timeout),
-                            signal_received);
-
-    /* This state is used by signal handler which does teardown,
-     * so it has to be set before return */
-    c->c1.tuntap = tt;
+    if (!c->c1.tuntap)
+    {
+        struct tuntap *tt;
+        ALLOC_OBJ(tt, struct tuntap);
+
+        *tt = create_dco_handle(c->options.dev_node, &c->gc);
+
+        /* Ensure we can "safely" cast the handle to a socket */
+        static_assert(sizeof(sock->sd) == sizeof(tt->hand), "HANDLE and SOCKET size differs");
+
+        c->c1.tuntap = tt;
+    }
+
+    dco_create_socket(c->c1.tuntap->hand,
+                      sock->info.lsa->current_remote,
+                      sock->bind_local, sock->info.lsa->bind_local,
+                      get_server_poll_remaining_time(sock->server_poll_timeout),
+                      signal_received);
+
     sock->info.dco_installed = true;
 
     if (*signal_received)
@@ -2152,10 +2154,7 @@ create_socket_dco_win(struct context *c, struct link_socket *sock,
         return;
     }
 
-    /* Ensure we can "safely" cast the handle to a socket */
-    static_assert(sizeof(sock->sd) == sizeof(tt->hand), "HANDLE and SOCKET size differs");
-    sock->sd = (SOCKET)tt->hand;
-
+    sock->sd = (SOCKET)c->c1.tuntap->hand;
     linksock_print_addr(sock);
 }
 #endif /* if defined(_WIN32) */