From: Gert Doering Date: Mon, 2 Aug 2021 13:31:27 +0000 (+0200) Subject: Ignore --explicit-exit-notify in TCP mode. X-Git-Tag: v2.6_beta1~452 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7953b07bf56c1df0f895ef0702a7732564de5ce9;p=thirdparty%2Fopenvpn.git Ignore --explicit-exit-notify in TCP mode. Mixed udp+tcp configs can not have --explicit-exit-notify in them today because this option is refused in TCP mode. At the same time, it was always possible to push the option both in UDP and TCP mode (with a warning logged in TCP mode, and the option reset to 0). Do the same thing for local config - warn, and reset to 0. (Leaving it enabled in TCP mode is harmless, but causes extra error messages in the log which is undesired behaviour. Maybe one should just fix the underlying logic for TCP mode instead, but this is more invasive) Signed-off-by: Gert Doering Acked-by: Antonio Quartulli Message-Id: <20210802133127.25000-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22690.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 63cda1e86..7e146db90 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2266,12 +2266,6 @@ options_postprocess_verify_ce(const struct options *options, } #endif - if (!proto_is_udp(ce->proto) && ce->explicit_exit_notification) - { - msg(M_USAGE, - "--explicit-exit-notify can only be used with --proto udp"); - } - if (!ce->remote && ce->proto == PROTO_TCP_CLIENT) { msg(M_USAGE, "--remote MUST be used in TCP Client mode"); @@ -2978,6 +2972,13 @@ options_postprocess_mutate_ce(struct options *o, struct connection_entry *ce) connection_entry_preload_key(&ce->tls_crypt_v2_file, &ce->tls_crypt_v2_file_inline, &o->gc); } + + if (!proto_is_udp(ce->proto) && ce->explicit_exit_notification) + { + msg(M_WARN, "NOTICE: --explicit-exit-notify ignored for --proto tcp"); + ce->explicit_exit_notification = 0; + } + } #ifdef _WIN32