Hi,
On Fri, Sep 15, 2017 at 12:14 PM, Gert Doering <g...@greenie.muc.de> wrote:
> Hi,
>
> On Fri, Sep 15, 2017 at 11:53:59AM -0400, Selva wrote:
> > No it doesn't change any functionality. By not including OPT_P_CONNECTION
> > in the mask sent to verify permission the previous connection blacks
> check
> > is disabled. And this is done only when pull_mode is True.
>
> I was totally misreading the code, apologies :-) - now I read up
> on what OPT_P_CONNECTION *does*, and it's not a "normal" flag for
> "this is not an acceptable option in this mode" but a "warning if..."
> one.
>
> [..]
> > The key here is that check pull_mode to know that we are processing a
> > pushed option.
>
> What about moving the pull_mode check into verify_permission() so it
> applies to all pushed option that could trigger the warning (as Arne
> pointed out)?
I suppose Arne's statement is "theoretical" -- I could not find any other
option that could be in a connection block and pushable. Are there any?
Anyway, the reason I did not add the check in verify_permission() is that
pull_mode is not as such defined there -- easily fixed at the expense of
code repetition and associated "risks.."
But pull_mode = allowed & OPT_P_PLL_MODE is probably never going to change,
so this may be its a lame excuse. I'll do a v2 if that's the preferred way.
Selva
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
