Re: [Openvpn-devel] [PATCH] do_persist_tuntap: remove indentation level

Hi, On 09/09/2022 08:41, Lev Stipakov wrote: From: Lev Stipakov Reverse if condition - this allows us to get rid of indentation level, which makes code easier to read. Signed-off-by: Lev Stipakov Thanks for this change. I also firmly believe this style makes the code easier to read (and t

[Openvpn-devel] [PATCH applied] Re: do_persist_tuntap: remove indentation level

Best viewed with "-w" :-) - mildly client-side tested. Your patch has been applied to the master branch. commit 84099782cfa61c9e06781ff31c4a57d65b8594d3 Author: Lev Stipakov Date: Fri Sep 9 09:41:26 2022 +0300 do_persist_tuntap: remove indentation level Signed-off-by: Lev Stipakov

[Openvpn-devel] [PATCH applied] Re: msvc: remove .filters files

Acked-by: Gert Doering I have no idea what that stuff does, but it's not related to "openvpn code" (obviously), and getting rid of files that are only there - and need to maintained - for build functionality we do not use sounds like a good idea. I have not tested anything, just verified the cor

[Openvpn-devel] [PATCH] dco.c: check certain options only on startup

From: Lev Stipakov Following options are set on startup and cannot be changed later: - dev - dev-type - connections list - mode - topology Same for system-wide availability of dco. dco_check_option_conflict(), where those options were checked, is also called in server mode when client is

[Openvpn-devel] [PATCH v2] dco.c: check certain options only on startup

From: Lev Stipakov Following options are set on startup and cannot be changed later: - dev - dev-type - connections list - mode - topology Same for system-wide availability of dco. dco_check_option_conflict(), where those options were checked, is also called in server mode when client is

Re: [Openvpn-devel] [PATCH v2] dco.c: check certain options only on startup

Hi, On 09/09/2022 14:18, Lev Stipakov wrote: From: Lev Stipakov Following options are set on startup and cannot be changed later: - dev - dev-type - connections list - mode - topology Same for system-wide availability of dco. dco_check_option_conflict(), where those options were c

[Openvpn-devel] [PATCH] Use DCO on Windows by default

From: Lev Stipakov On startup, check following conditions: - ovpn-dco-win driver is installed. Perform this check by trying to open adapter by symbolic name. - options are compatible with dco. Same checks as on Linux and FreeBSD. In addition, check that --mode server is not used and --windows

[Openvpn-devel] [PATCH 2/3] Use buffer to prepare protocol-flags push-reply

The current approach of checking a string buffer is a bit clunky and also not very extensible. Refactor this by collecting the flags in a buffer. Signed-off-by: Arne Schwabe --- src/openvpn/push.c | 14 +++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/openvpn/pus

[Openvpn-devel] [PATCH 1/3] Allows renegotiation only to start if session is fully established

This change makes the state machine more strict in terms of transation that are allowed. The benefit of this change are two: - allows any option that might be pushed to affect renegotiation consistently This is a prerequisite for the upcoming secure renegotiation patch set - avoids corner cas

[Openvpn-devel] [PATCH 3/3] Introduce dynamic tls-crypt for secure soft_reset/session renegotiation

Currently we have only one slot for renegotiation of the session/keys If a replayed/faked packet is inserted by a malicous attacker, the legimate peer cannot renegotiate anymore. This commit introduces dynamic tls-crypt. When both peer support this feature, both peer create a dynamic tls-crypt key