[Openvpn-devel] [XS] Change in openvpn[master]: dco: disable DCO when using --reneg-bytes/pkts

Thu, 16 Oct 2025 08:50:27 -0700 

Attention is currently required from: flichtenheld, plaisthos.

Hello plaisthos, flichtenheld,

I'd like you to do a code review.
Please visit

    http://gerrit.openvpn.net/c/openvpn/+/1280?usp=email

to review the following change.


Change subject: dco: disable DCO when using --reneg-bytes/pkts
......................................................................

dco: disable DCO when using --reneg-bytes/pkts

When using --reneg-bytes or --reneg-pkts, openvpn negotiates a new key
upon reaching the specified threshold. This implies the usage of per-key
counters. DCO, on the other hand, provides only global statistics,
making it currently impossible to track when renegotiation should occur.

To avoid introducing unnecessary complexity into DCO, it is disabled
when either of these options is specified. Instead, the automatic key
renegotiation mechanism is preferred, as it provides a more modern and
streamlined approach.

Change-Id: I7b718a14b81e3759398e7a52fe151102494cc821
Signed-off-by: Ralf Lici <[email protected]>
---
M src/openvpn/dco.c
1 file changed, 7 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/80/1280/1

diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 8fb4662..59f6f5a 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -424,6 +424,13 @@
         return false;
     }

+    if (o->renegotiate_bytes > 0 || o->renegotiate_packets)
+    {
+        msg(msglevel, "Note: '--reneg-bytes' and '--reneg-pkts' are not 
supported by DCO, "
+            "disabling data channel offload.");
+        return false;
+    }
+
     /* now that all options have been confirmed to be supported, check
      * if DCO is truly available on the system
      */

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1280?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings?usp=email

Gerrit-MessageType: newchange
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I7b718a14b81e3759398e7a52fe151102494cc821
Gerrit-Change-Number: 1280
Gerrit-PatchSet: 1
Gerrit-Owner: ralf_lici <[email protected]>
Gerrit-Reviewer: flichtenheld <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>
Gerrit-Attention: flichtenheld <[email protected]>

_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to