dco: turn platform config checks into separate function

All the checks in there are only relevant during startup, and
specifically the capability check might cause issues when checking a CCD
config later at runtime.

So move them to their own function and call it only during startup.
Acked-by: Antonio Quartulli <a@unstable.cc>
Message-Id: <20220817210857.1558-1-timo@rothenpieler.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24969.html

Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index f21997de6e99e9a2489c032e847daa7c264f6ba5..9eb2685c4a4c7b7ae4b5cd5fae611c17136c06e7 100644 (file)
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -222,8 +222,8 @@ dco_update_keys(dco_context_t *dco, struct tls_multi *multi)
     }
 }
 
-static bool
-dco_check_option_conflict_platform(int msglevel, const struct options *o)
+bool
+dco_check_startup_option_conflict(int msglevel, const struct options *o)
 {
 #if defined(TARGET_LINUX)
     /* if the device name is fixed, we need to check if an interface with this
@@ -327,11 +327,6 @@ dco_check_option_conflict(int msglevel, const struct options *o)
         return false;
     }
 
-    if (!dco_check_option_conflict_platform(msglevel, o))
-    {
-        return false;
-    }
-
     if (dev_type_enum(o->dev, o->dev_type) != DEV_TYPE_TUN)
     {
         msg(msglevel, "Note: dev-type not tun, disabling data channel offload.");

diff --git a/src/openvpn/dco.h b/src/openvpn/dco.h
index 6b5c016aad495750a2546c2ff4620392480ed9a3..e296cf2772a06604e0889c0bbdae0de59307b5c2 100644 (file)
--- a/src/openvpn/dco.h
+++ b/src/openvpn/dco.h
@@ -69,6 +69,18 @@ bool dco_available(int msglevel);
  */
 bool dco_check_option_conflict(int msglevel, const struct options *o);
 
+/**
+ * Check whether the options struct has any further option that is not supported
+ * by our current dco implementation during early startup.
+ * If so print a warning at warning level for the first conflicting option
+ * found and return false.
+ *
+ * @param msglevel  the msg level to use to print the warnings
+ * @param o         the options struct that hold the options
+ * @return          true if no conflict was detected, false otherwise
+ */
+bool dco_check_startup_option_conflict(int msglevel, const struct options *o);
+
 /**
  * Check whether any of the options pushed by the server is not supported by
  * our current dco implementation. If so print a warning at warning level
@@ -236,6 +248,12 @@ dco_check_option_conflict(int msglevel, const struct options *o)
     return false;
 }
 
+static inline bool
+dco_check_startup_option_conflict(int msglevel, const struct options *o)
+{
+    return false;
+}
+
 static inline bool
 dco_check_pull_options(int msglevel, const struct options *o)
 {

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index bd6db8262a8e07a9f577dc40b2e4a36967fc0452..2415c1a84367eb6141d0eded3b9127768a1842d6 100644 (file)
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3671,7 +3671,8 @@ options_postprocess_mutate(struct options *o, struct env_set *es)
 
     /* check if any option should force disabling DCO */
 #if defined(TARGET_LINUX) || defined(TARGET_FREEBSD)
-    o->tuntap_options.disable_dco = !dco_check_option_conflict(D_DCO, o);
+    o->tuntap_options.disable_dco = !dco_check_option_conflict(D_DCO, o)
+                                    || !dco_check_startup_option_conflict(D_DCO, o);
 #endif
 
     if (dco_enabled(o) && o->dev_node)