From: Lev Stipakov Date: Mon, 18 Mar 2024 18:17:44 +0000 (+0100) Subject: Disable DCO if proxy is set via management X-Git-Tag: v2.7_alpha1~281 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fd6b8395f6cee8a61111c28f335ec25ed6db11f7;p=thirdparty%2Fopenvpn.git Disable DCO if proxy is set via management Commit 45a1cb2a ("Disable DCO if proxy is set via management") attempted to disable DCO when proxy is set via management interface. However, at least on Windows this doesn't work, since: - setting tuntap_options->disable_dco to true is not enough to disable DCO - at this point it is a bit too late, since we've already done DCO-specific adjustments Since proxy can be set via management only if --management-query-proxy is specified, the better way is to add a check to dco_check_startup_option(). Github: fixes OpenVPN/openvpn#522 Change-Id: I16d6a9fefa317d7d4a195e786618328445bdbca8 Signed-off-by: Lev Stipakov Acked-by: Frank Lichtenheld Message-Id: <20240318181744.20625-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28415.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index d7c9d48c5..78243b1bf 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -387,6 +387,12 @@ dco_check_startup_option(int msglevel, const struct options *o) return false; } + if (o->management_flags & MF_QUERY_PROXY) + { + msg(msglevel, "Note: --management-query-proxy disables data channel offload."); + return false; + } + /* now that all options have been confirmed to be supported, check * if DCO is truly available on the system */ diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 6209fa8f9..f2ce9264c 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -221,12 +221,6 @@ management_callback_proxy_cmd(void *arg, const char **p) } else if (p[2] && p[3]) { - if (dco_enabled(&c->options)) - { - msg(M_INFO, "Proxy set via management, disabling Data Channel Offload."); - c->options.tuntap_options.disable_dco = true; - } - if (streq(p[1], "HTTP")) { struct http_proxy_options *ho;