From patchwork Wed Aug 17 11:08:57 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Timo Rothenpieler <timo@rothenpieler.org>
X-Patchwork-Id: 2695
Return-Path: <arne@rfc2549.org>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director8.mail.ord1d.rsapps.net ([172.27.255.9])
	by backend30.mail.ord1d.rsapps.net with LMTP
	id CC3SIEUm/mLKNwAAIUCqbw
	(envelope-from <arne@rfc2549.org>)
	for <patchwork@openvpn.net>; Thu, 18 Aug 2022 07:45:09 -0400
Received: from proxy6.mail.iad3a.rsapps.net ([172.27.255.9])
	by director8.mail.ord1d.rsapps.net with LMTP
	id YD+VIEUm/mJ/UgAAfY0hYg
	(envelope-from <arne@rfc2549.org>)
	for <patchwork@openvpn.net>; Thu, 18 Aug 2022 07:45:09 -0400
Received: from smtp8.gate.iad3a ([172.27.255.9])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy6.mail.iad3a.rsapps.net with LMTPS
	id cP/kGUUm/mKPCAAA8udqhg
	(envelope-from <arne@rfc2549.org>)
	for <patchwork@openvpn.net>; Thu, 18 Aug 2022 07:45:09 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: patchwork@openvpn.net
X-Originating-Ip: [192.26.174.232]
Authentication-Results: smtp8.gate.iad3a.rsapps.net;
 iprev=pass policy.iprev="192.26.174.232";
 spf=pass smtp.mailfrom="arne@rfc2549.org" smtp.helo="mail.blinkt.de";
 dkim=none (message not signed) header.d=none; dmarc=none (p=nil;
 dis=none) header.from=rothenpieler.org
X-Suspicious-Flag: NO
X-Classification-ID: ecb18e80-1eea-11ed-9ece-525400b8fe03-1-1
Received: from [192.26.174.232] ([192.26.174.232:10470] helo=mail.blinkt.de)
	by smtp8.gate.iad3a.rsapps.net (envelope-from <arne@rfc2549.org>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 4C/A8-25646-AC52EF26; Thu, 18 Aug 2022 07:43:07 -0400
Received: from [195.70.183.100] (helo=[192.168.12.111])
	by mail.blinkt.de with esmtpsa  (TLS1.3) tls TLS_AES_128_GCM_SHA256
	(Exim 4.95 (FreeBSD))
	(envelope-from <arne@rfc2549.org>)
	id 1oOdvV-0000UK-Pv
	for patchwork@openvpn.net;
	Thu, 18 Aug 2022 13:43:05 +0200
Resent-From: Arne Schwabe <arne@rfc2549.org>
Resent-To: patchwork@openvpn.net
Resent-Date: Thu, 18 Aug 2022 13:43:05 +0200
Resent-Message-ID: <d160e3af-5f38-fe9a-f12a-7183b57ffda2@rfc2549.org>
Received: from mail.blinkt.de ([unix socket])
	 by mail.blinkt.de (Cyrus 3.4.4) with LMTPA;
	 Wed, 17 Aug 2022 23:10:18 +0200
X-Cyrus-Session-Id: mail.blinkt.de-1660770618-85857-2-15087458291768025516
X-Sieve: CMU Sieve 3.0
Received: from lists.sourceforge.net ([216.105.38.7])
	by mail.blinkt.de with esmtps  (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.95 (FreeBSD))
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1oOQIr-000MKj-7p
	for arne@rfc2549.org;
	Wed, 17 Aug 2022 23:10:18 +0200
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1oOQHt-0004Za-D9;
	Wed, 17 Aug 2022 21:09:17 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <timo@rothenpieler.org>) id 1oOQHq-0004ZU-5E
 for openvpn-devel@lists.sourceforge.net;
 Wed, 17 Aug 2022 21:09:15 +0000
Received: from btbn.de ([136.243.74.85])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1oOQHo-006ujU-49 for openvpn-devel@lists.sourceforge.net;
 Wed, 17 Aug 2022 21:09:13 +0000
Received: from [authenticated] by btbn.de (Postfix) with ESMTPSA id
 C534B35BD86; Wed, 17 Aug 2022 23:09:05 +0200 (CEST)
From: Timo Rothenpieler <timo@rothenpieler.org>
To: openvpn-devel@lists.sourceforge.net
Date: Wed, 17 Aug 2022 23:08:57 +0200
Message-Id: <20220817210857.1558-1-timo@rothenpieler.org>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-Headers-End: 1oOQHo-006ujU-49
Subject: [Openvpn-devel] [PATCH] dco: turn platform config checks into
 separate function
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-Spam-Bar: +
X-getmail-retrieved-from-mailbox: Inbox

All the checks in there are only relevant during startup, and
specifically the capability check might cause issues when checking a CCD
config later at runtime.

So move them to their own function and call it only during startup.
Acked-by: Antonio Quartulli <a@unstable.cc>
---
 src/openvpn/dco.c     |  9 ++-------
 src/openvpn/dco.h     | 18 ++++++++++++++++++
 src/openvpn/options.c |  3 ++-
 3 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index f21997de..9eb2685c 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -222,8 +222,8 @@ dco_update_keys(dco_context_t *dco, struct tls_multi *multi)
     }
 }
 
-static bool
-dco_check_option_conflict_platform(int msglevel, const struct options *o)
+bool
+dco_check_startup_option_conflict(int msglevel, const struct options *o)
 {
 #if defined(TARGET_LINUX)
     /* if the device name is fixed, we need to check if an interface with this
@@ -327,11 +327,6 @@ dco_check_option_conflict(int msglevel, const struct options *o)
         return false;
     }
 
-    if (!dco_check_option_conflict_platform(msglevel, o))
-    {
-        return false;
-    }
-
     if (dev_type_enum(o->dev, o->dev_type) != DEV_TYPE_TUN)
     {
         msg(msglevel, "Note: dev-type not tun, disabling data channel offload.");
diff --git a/src/openvpn/dco.h b/src/openvpn/dco.h
index 6b5c016a..e296cf27 100644
--- a/src/openvpn/dco.h
+++ b/src/openvpn/dco.h
@@ -69,6 +69,18 @@ bool dco_available(int msglevel);
  */
 bool dco_check_option_conflict(int msglevel, const struct options *o);
 
+/**
+ * Check whether the options struct has any further option that is not supported
+ * by our current dco implementation during early startup.
+ * If so print a warning at warning level for the first conflicting option
+ * found and return false.
+ *
+ * @param msglevel  the msg level to use to print the warnings
+ * @param o         the options struct that hold the options
+ * @return          true if no conflict was detected, false otherwise
+ */
+bool dco_check_startup_option_conflict(int msglevel, const struct options *o);
+
 /**
  * Check whether any of the options pushed by the server is not supported by
  * our current dco implementation. If so print a warning at warning level
@@ -236,6 +248,12 @@ dco_check_option_conflict(int msglevel, const struct options *o)
     return false;
 }
 
+static inline bool
+dco_check_startup_option_conflict(int msglevel, const struct options *o)
+{
+    return false;
+}
+
 static inline bool
 dco_check_pull_options(int msglevel, const struct options *o)
 {
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index bd6db826..2415c1a8 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3671,7 +3671,8 @@ options_postprocess_mutate(struct options *o, struct env_set *es)
 
     /* check if any option should force disabling DCO */
 #if defined(TARGET_LINUX) || defined(TARGET_FREEBSD)
-    o->tuntap_options.disable_dco = !dco_check_option_conflict(D_DCO, o);
+    o->tuntap_options.disable_dco = !dco_check_option_conflict(D_DCO, o)
+                                    || !dco_check_startup_option_conflict(D_DCO, o);
 #endif
 
     if (dco_enabled(o) && o->dev_node)