Acked-by: Gert Doering <g...@greenie.muc.de>

Thanks for shuffling this around a bit :-)

Tis is the same code change as v3, with a bit of reformatting in the
message and comment, and it's applied in "part1" now (do_deferred_options()).

Does nothing if DCO is not available (not compiled in / no kernel support),
does the right thing on DCO active with "--pull-filter ignore peer-id":

2022-08-04 10:30:38 Pushed option removed by filter: 'peer-id 0'
2022-08-04 10:30:38 OPTIONS IMPORT: timers and/or timeouts modified
2022-08-04 10:30:38 OPTIONS IMPORT: compression parms modified
2022-08-04 10:30:38 OPTIONS IMPORT: --ifconfig/up options modified
2022-08-04 10:30:38 OPTIONS IMPORT: route options modified
2022-08-04 10:30:38 OPTIONS IMPORT: data channel crypto options modified
2022-08-04 10:30:38 OPTIONS IMPORT: Server did not request DATA_V2 packet 
format required for data channel offload
2022-08-04 10:30:38 OPTIONS ERROR: pushed options are incompatible with data 
channel offload. Use --disable-dco to connect to this server
2022-08-04 10:30:38 ERROR: Failed to apply push options


As discused on IRC, I have changed D_TLS_ERRORS to D_PUSH_ERRORS - which
is also "level 1", but fits the intent better.

Your patch has been applied to the master branch.

commit 46f6a7e8b6daf02bebe4a46498665274f1673ac0
Author: Antonio Quartulli
Date:   Thu Aug 4 08:40:16 2022 +0200

     dco: check that pulled options are compatible

     Signed-off-by: Antonio Quartulli <a...@unstable.cc>
     Acked-by: Gert Doering <g...@greenie.muc.de>
     Message-Id: <20220804064016.20414-...@unstable.cc>
     URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24797.html
     Signed-off-by: Gert Doering <g...@greenie.muc.de>


--
kind regards,

Gert Doering



_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to