From: Timo Rothenpieler Date: Wed, 17 Aug 2022 21:08:57 +0000 (+0200) Subject: dco: turn platform config checks into separate function X-Git-Tag: v2.6_beta1~107 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=897728ff7141c367c5ea1e02918c8487ccafef16;p=thirdparty%2Fopenvpn.git dco: turn platform config checks into separate function All the checks in there are only relevant during startup, and specifically the capability check might cause issues when checking a CCD config later at runtime. So move them to their own function and call it only during startup. Acked-by: Antonio Quartulli Message-Id: <20220817210857.1558-1-timo@rothenpieler.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24969.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index f21997de6..9eb2685c4 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -222,8 +222,8 @@ dco_update_keys(dco_context_t *dco, struct tls_multi *multi) } } -static bool -dco_check_option_conflict_platform(int msglevel, const struct options *o) +bool +dco_check_startup_option_conflict(int msglevel, const struct options *o) { #if defined(TARGET_LINUX) /* if the device name is fixed, we need to check if an interface with this @@ -327,11 +327,6 @@ dco_check_option_conflict(int msglevel, const struct options *o) return false; } - if (!dco_check_option_conflict_platform(msglevel, o)) - { - return false; - } - if (dev_type_enum(o->dev, o->dev_type) != DEV_TYPE_TUN) { msg(msglevel, "Note: dev-type not tun, disabling data channel offload."); diff --git a/src/openvpn/dco.h b/src/openvpn/dco.h index 6b5c016aa..e296cf277 100644 --- a/src/openvpn/dco.h +++ b/src/openvpn/dco.h @@ -69,6 +69,18 @@ bool dco_available(int msglevel); */ bool dco_check_option_conflict(int msglevel, const struct options *o); +/** + * Check whether the options struct has any further option that is not supported + * by our current dco implementation during early startup. + * If so print a warning at warning level for the first conflicting option + * found and return false. + * + * @param msglevel the msg level to use to print the warnings + * @param o the options struct that hold the options + * @return true if no conflict was detected, false otherwise + */ +bool dco_check_startup_option_conflict(int msglevel, const struct options *o); + /** * Check whether any of the options pushed by the server is not supported by * our current dco implementation. If so print a warning at warning level @@ -236,6 +248,12 @@ dco_check_option_conflict(int msglevel, const struct options *o) return false; } +static inline bool +dco_check_startup_option_conflict(int msglevel, const struct options *o) +{ + return false; +} + static inline bool dco_check_pull_options(int msglevel, const struct options *o) { diff --git a/src/openvpn/options.c b/src/openvpn/options.c index bd6db8262..2415c1a84 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3671,7 +3671,8 @@ options_postprocess_mutate(struct options *o, struct env_set *es) /* check if any option should force disabling DCO */ #if defined(TARGET_LINUX) || defined(TARGET_FREEBSD) - o->tuntap_options.disable_dco = !dco_check_option_conflict(D_DCO, o); + o->tuntap_options.disable_dco = !dco_check_option_conflict(D_DCO, o) + || !dco_check_startup_option_conflict(D_DCO, o); #endif if (dco_enabled(o) && o->dev_node)