Hi, On Sat, Jun 04, 2016 at 11:57:13AM -0400, Selva Nair wrote: > - Remove and recreate WFP filters during restart even when > tun/tap is not re-opened. This is needed for resolving the remote. > Patch same as for v2.3 except for passing 'msg_channel'. > > See also: http://article.gmane.org/gmane.network.openvpn.user/36990 > > Signed-off-by: Selva Nair <selva.n...@gmail.com> > --- > src/openvpn/init.c | 18 ++++++++++++++++++ > 1 file changed, 18 insertions(+) > > diff --git a/src/openvpn/init.c b/src/openvpn/init.c > index 42baf97..fb45bc1 100644 > --- a/src/openvpn/init.c > +++ b/src/openvpn/init.c > @@ -1556,6 +1556,15 @@ do_open_tun (struct context *c) > NULL, > "up", > c->c2.es); > +#if defined(WIN32) > + if (c->options.block_outside_dns) > + { > + dmsg (D_LOW, "Blocking outside DNS"); > + if (!win_wfp_block_dns(c->c1.tuntap->adapter_index, > c->options.msg_channel)) > + msg (M_FATAL, "Blocking DNS failed!"); > + } > +#endif > +
I understand why this is needed, but the code is getting increasingly
ugly here, with the else { } branch duplicating more and more code lines
of the if () part (run_up_down(), win_wfp_block_nds())...
Looking at it, I think the patch itself is perfectly fine (so I'll apply
later on) and not to blame for this - but for master at least, we might
consider some refactoring here...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
