Hi, On Tue, Aug 30, 2016 at 09:59:52PM +0300, Lev Stipakov wrote: > So, following changes are required for V3: > > 1) No drop_if_recursive() call for P2P
Well, sort of. It's useful in p2p mode as well, but it needs to check if we already know the remote address before trying to read via the pointer :-) - basically, this code: + struct openvpn_sockaddr tun_sa = c->c2.to_link_addr->dest; needs to be prefixed by if ( c->c2.to_link_addr == NULL ) return; /* no remote addr known */ (maybe the same effect can be achieved by moving the drop_if_recursive() call slightly further down in the packet processing, because something should drop it anyway if there is no remote address) > 2) Same for TAP Nah, not "disable it on tap", but "look up the protocol type without messing up the buffer" (so, not using is_ipv4() and is_ipv6()). The function itself is useful on tap as well. > 3) Add an option to disable it Yes... people using multiple routing tables will not need this check, and it might get in the way. (I'm not a big fan of "yet another option", but it seems necessary) > Sounds reasonable? Yes. Thanks :-) - I'm also willing to work on it, just had no time yet. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel