diff mbox series

[Openvpn-devel,v1] Disable DCO if proxy is set via management

Message ID 20240318181744.20625-1-gert@greenie.muc.de
State Accepted
Headers show
Series [Openvpn-devel,v1] Disable DCO if proxy is set via management | expand

Commit Message

Gert Doering March 18, 2024, 6:17 p.m. UTC 
From: Lev Stipakov <lev@openvpn.net>

Commit

    45a1cb2a ("Disable DCO if proxy is set via management")

attempted to disable DCO when proxy is set via management interface. However,
at least on Windows this doesn't work, since:

 - setting tuntap_options->disable_dco to true is not enough to disable DCO
 - at this point it is a bit too late, since we've already done DCO-specific
adjustments

Since proxy could be set via management only if --management-query-proxy is specified,
the better way would be to add a check to dco_check_startup_option().

Github: fixes OpenVPN/openvpn#522

Change-Id: I16d6a9fefa317d7d4a195e786618328445bdbca8
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/543
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Frank Lichtenheld <frank@lichtenheld.com>

Comments

Gert Doering March 19, 2024, 7:35 p.m. UTC | #1 
Straight and to the point :-)

Minimally tested with a linux t_client setup that uses DCO and proxy (but
no --managment-query-proxy).

Your patch has been applied to the master and release/2.6 branch (bugfix).

commit fd6b8395f6cee8a61111c28f335ec25ed6db11f7 (master)
commit 462fed53c7a5f21c07dafa4910765efe56d7402d (release/2.6)
Author: Lev Stipakov
Date:   Mon Mar 18 19:17:44 2024 +0100

     Disable DCO if proxy is set via management

     Signed-off-by: Lev Stipakov <lev@openvpn.net>
     Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
     Message-Id: <20240318181744.20625-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28415.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 14430d3..540b5a8 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -387,6 +387,12 @@ 
         return false;
     }
 
+    if (o->management_flags & MF_QUERY_PROXY)
+    {
+        msg(msglevel, "Note: --management-query-proxy disables data channel offload.");
+        return false;
+    }
+
     /* now that all options have been confirmed to be supported, check
      * if DCO is truly available on the system
      */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 52b3931..6a3040f 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -221,12 +221,6 @@ 
     }
     else if (p[2] && p[3])
     {
-        if (dco_enabled(&c->options))
-        {
-            msg(M_INFO, "Proxy set via management, disabling Data Channel Offload.");
-            c->options.tuntap_options.disable_dco = true;
-        }
-
         if (streq(p[1], "HTTP"))
         {
             struct http_proxy_options *ho;