Re: [Openvpn-devel] [PATCH 08/25] dco: allow user to disable it at runtime

2022-07-18 Thread Antonio Quartulli
Hi, On 05/07/2022 14:32, Heiko Hund wrote: On Freitag, 24. Juni 2022 10:37:52 CEST Antonio Quartulli wrote: +else if (streq(p[0], "disable-dco") || streq(p[0], "dco-disable")) Don't think we need to be backwards compatible here, or do we? There's nothing to be backwards compatible with.

[Openvpn-devel] [PATCH v3 07/25] dco: add option check - disable DCO if conflict is detected

2022-07-18 Thread Antonio Quartulli
Signed-off-by: Antonio Quartulli --- ** this patch should be applied before 05/27 ** Changes from v2: * add actual invocation to dco_check_option_conflict() in options.c * add missing '}' in dco_check_option_conflict_ce() Changes from v1: * add 'already existing device check' to dco_check_optio

[Openvpn-devel] [PATCH v2 08/25] dco: allow user to disable it at runtime

2022-07-18 Thread Antonio Quartulli
Signed-off-by: Antonio Quartulli --- Changes from v1: * removed "--dco-disable" option: we just need "--disable-dco" * added text to manpage about --client-to-client being no-op * added text to manpage about --disable-dco * rebased on top of master+"dco: add option check - disable DCO if confli

Re: [Openvpn-devel] [PATCH 06/25] dco: initialize context and save pointer in TLS object

2022-07-18 Thread Antonio Quartulli
Hi, On 14/07/2022 16:27, Gert Doering wrote: Hi, On Fri, Jun 24, 2022 at 10:37:50AM +0200, Antonio Quartulli wrote: Signed-off-by: Antonio Quartulli --- src/openvpn/init.c | 49 src/openvpn/ssl_common.h | 23 +++ 2 files chang

Re: [Openvpn-devel] [PATCH 12/25] dco: check that pulled options are compatible

2022-07-18 Thread Antonio Quartulli
Hi, On 14/07/2022 22:14, Gert Doering wrote: Hi, On Fri, Jun 24, 2022 at 10:37:56AM +0200, Antonio Quartulli wrote: diff --git a/src/openvpn/init.c b/src/openvpn/init.c index b0a4b252..091cbd24 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2219,6 +2219,19 @@ do_deferred_p2p_ncp(

[Openvpn-devel] [PATCH v2 12/25] dco: check that pulled options are compatible

2022-07-18 Thread Antonio Quartulli
A server may push options that are not compatible with DCO. In this case we should log a message and bail out. Signed-off-by: Antonio Quartulli --- Changes from v1: * move check_dco_pull_options() to dco.c (renamed to dco_check_pull_options()) * make options argument const * add msglevel as fi