Am 28.07.22 um 17:20 schrieb Antonio Quartulli:
The ovpn-dco kernel module needs to be informed about the keys to be
used to encrypt/decrypt data traffic to/from a peer.
Configure keys in DCO right afte they are generated by the SSL code, to
avoid keeping them in memory longer than needed.
Signed-off-by: Antonio Quartulli <a...@unstable.cc>
---
Changes from v2:
* re-enable explicit-exit-notification in every case
* add check to drop packet when attempting to send data packet and DCO
is enabled (print warning as well)
Changes from v1:
* adapt to new member name dco_enabled
* invert if blocks and condition in init_key_contexts() [and use 'else']
* fix comment for init_key_contexts()
* disable explicit-exit-notification in mutate_ce() when DCO is enabled
Acked-By: Arne Schwabe <a...@rfc2549.org>
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
