From patchwork Mon Mar 18 18:17:44 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gert Doering <gert@greenie.muc.de>
X-Patchwork-Id: 3653
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:f20a:b0:55c:c090:46f0 with SMTP id
 sk10csp1452758mab;
        Mon, 18 Mar 2024 11:18:35 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCWRzis/KMlRgFLq1TIw2vDrE8b9pQW6wW/lI66vjyI87bIn7sO9flmSpG/2aRVg/Om7V9mevWq0RxlSP3gBPFDsUb2v1dA=
X-Google-Smtp-Source: 
 AGHT+IEdwik6x3Zh48XvT4kIrt47+2TgO1lr6651Z1UN7YWA3vd3GOIFesUsReZ3YyirZVih/aVq
X-Received: by 2002:a05:6358:7e8d:b0:17b:dddf:5338 with SMTP id
 o13-20020a0563587e8d00b0017bdddf5338mr11684186rwn.2.1710785914798;
        Mon, 18 Mar 2024 11:18:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1710785914; cv=none;
        d=google.com; s=arc-20160816;
        b=zt4rA9zY43+NeJoWXcFMFsjXG+OeVInZdtFz6fsqeJLYzrbqPUsCJ7jZZ2lhjlChQA
         0DWPbt/f0u7raVAfsEqbj/s6fsQzJQESfx5iaQzw9XqvFLbi6kV/to/Xrq/Egfmlh9/l
         68fLD2mZlrq6A0BeluXOS4PAvgxd9ZSbfl0oYIyACSmBZnM8565c7ktK1Pku7e4XcQkj
         8XL8vBIwWUGc5IzUYZ2jnBdwh7zdCX3pFoZ75SbhNncSugmHZSeXskG7861j5CpLAsfL
         td3tIfdOOCCudQqLPLgzfUaGNCmzcAcspujxzrbPHOHAhnsgCo/cW4HfTOkbes1RHf6Y
         DQlg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=errors-to:content-transfer-encoding:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:references:in-reply-to:message-id:date:to:from
         :dkim-signature:dkim-signature;
        bh=JuaRRxq57i6ainGgw98xPZA9kteCETY6WYjl69BVjPw=;
        fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
        b=TWKBpuRi04CEIfiHNHMFMHrqvG5pNNyIaPBwNtXsrzFpWXcDjxMtJGamkuoXx3S/sP
         I3gmjsDmWQZ6BL6LMYlKDGSIt4wJpd4I9Kzbyz0CT5mxBnO9+cHylQAL+IcnZEwnxBhA
         0J46yhTwkmv5HJQIdFzZ0KD05la2U/4Zaux0J2HXOyugwKiaQseZmYNMyfdawpPuX0mW
         Jm0zx1PuAwtWTH7Y7aXIoZSjH0rysJ59BySCgMjpkL2mWQeXYw/wx05EWtSHu9X7gDmI
         RQu+//IPkUflEqA69hC/zyPNXoelBUJzeX9oyFdOZ46WdTrR6zU8pJ+MHaEMQzrIxw6D
         cLzQ==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=L0ejIiUv;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b="Fm7/9JV8";
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 p17-20020a631e51000000b005dc4328dc23si8524240pgm.780.2024.03.18.11.18.34
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 18 Mar 2024 11:18:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=L0ejIiUv;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b="Fm7/9JV8";
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
	by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1rmHYh-0003bQ-Rg;
	Mon, 18 Mar 2024 18:18:04 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <gert@blue.greenie.muc.de>) id 1rmHYf-0003bG-Th
 for openvpn-devel@lists.sourceforge.net;
 Mon, 18 Mar 2024 18:18:02 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=qBwdqVHCqfpJFTajoI35pZsciG2amEYVPrbn2qKMonU=; b=L0ejIiUvowFjqAuWW3nws0Wy0i
 F4SDP71WqM2Z0OrPaEc/XpG448IyjhuIQV8yefEJe7+ZZ6IcnCBc9uWmcZyhD57xzvDRI0nWzXcbj
 te8sNv4T/czZu3kPbUrDukIhhEPFDQlmJ5UGgaS2f6S5/aePyiut7jTfYNemmCgst3fk=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=qBwdqVHCqfpJFTajoI35pZsciG2amEYVPrbn2qKMonU=; b=Fm7/9JV8k+48nDwva4Qh5kJyuy
 hlrMeJY4d583Bh/QweCr4QoxdQomFtnV86geimZhqrjZlqzV3VX0HqlRRcQNXiqTausJJlDTjLo7b
 H1u+wRSfWprhmTpkfR0thCnOmoDiDTFxBWJRJaa39R51uQKia9S4T5Ru7Tvn+ZEZnVP4=;
Received: from dhcp-174.greenie.muc.de ([193.149.48.174]
 helo=blue.greenie.muc.de)
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1rmHYT-00088j-Tl for openvpn-devel@lists.sourceforge.net;
 Mon, 18 Mar 2024 18:18:02 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
 by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 42IIHjlF020635
 for <openvpn-devel@lists.sourceforge.net>; Mon, 18 Mar 2024 19:17:45 +0100
Received: (from gert@localhost)
 by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 42IIHj2l020634
 for openvpn-devel@lists.sourceforge.net; Mon, 18 Mar 2024 19:17:45 +0100
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Mon, 18 Mar 2024 19:17:44 +0100
Message-ID: <20240318181744.20625-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.43.2
In-Reply-To: 
 <gerrit.1710510194000.I16d6a9fefa317d7d4a195e786618328445bdbca8@gerrit.openvpn.net>
References: 
 <gerrit.1710510194000.I16d6a9fefa317d7d4a195e786618328445bdbca8@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: -0.0 (/)
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-2.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: From: Lev Stipakov <lev@openvpn.net> Commit 45a1cb2a
 ("Disable DCO if proxy is set via management")
 Content analysis details:   (-0.0 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
X-Headers-End: 1rmHYT-00088j-Tl
Subject: [Openvpn-devel] [PATCH v1] Disable DCO if proxy is set via
 management
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1793889051341522406?=
X-GMAIL-MSGID: =?utf-8?q?1793889051341522406?=

From: Lev Stipakov <lev@openvpn.net>

Commit

    45a1cb2a ("Disable DCO if proxy is set via management")

attempted to disable DCO when proxy is set via management interface. However,
at least on Windows this doesn't work, since:

 - setting tuntap_options->disable_dco to true is not enough to disable DCO
 - at this point it is a bit too late, since we've already done DCO-specific
adjustments

Since proxy could be set via management only if --management-query-proxy is specified,
the better way would be to add a check to dco_check_startup_option().

Github: fixes OpenVPN/openvpn#522

Change-Id: I16d6a9fefa317d7d4a195e786618328445bdbca8
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/543
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Frank Lichtenheld <frank@lichtenheld.com>

diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 14430d3..540b5a8 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -387,6 +387,12 @@
         return false;
     }
 
+    if (o->management_flags & MF_QUERY_PROXY)
+    {
+        msg(msglevel, "Note: --management-query-proxy disables data channel offload.");
+        return false;
+    }
+
     /* now that all options have been confirmed to be supported, check
      * if DCO is truly available on the system
      */
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 52b3931..6a3040f 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -221,12 +221,6 @@
     }
     else if (p[2] && p[3])
     {
-        if (dco_enabled(&c->options))
-        {
-            msg(M_INFO, "Proxy set via management, disabling Data Channel Offload.");
-            c->options.tuntap_options.disable_dco = true;
-        }
-
         if (streq(p[1], "HTTP"))
         {
             struct http_proxy_options *ho;