Attention is currently required from: cron2, flichtenheld, mrbff, stipa. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/808?usp=email )
Change subject: PUSH_UPDATE: Allow OpenVPN in client mode to receive and handle PUSH UPDATE control messages to allow options updating at runtime. ...................................................................... Patch Set 19: Code-Review-1 Copied votes on follow-up patch sets have been updated: * Code-Review-1 has been copied to patch set 20 (copy condition: "changekind:NO_CHANGE OR changekind:TRIVIAL_REBASE OR is:MIN"). (10 comments) Patchset: PS19: So, I think this works and is sufficently save and efficient, but I'm and old man and like my lawn orderly... so as discussed on IRC, please adjust a few minor points. File src/openvpn/options.c: http://gerrit.openvpn.net/c/openvpn/+/808/comment/849fb9c1_8109d087 : PS19, Line 5567: apply_push_options(struct options *options, please do not move that one around in options.c, this makes comparing old/new harder without good benefit, also breaks git blame... http://gerrit.openvpn.net/c/openvpn/+/808/comment/25512e6f_b2eb183f : PS19, Line 5654: so I would call check_push_update_option_flags() from here, possibly moving the "while isspace(*line) { line++; }" part up here as well. Then we can keep "apply_pull_filter()" focused on "pull filter", not dealing with a number of extra conditions... (just "is_update", see there) File src/openvpn/options_util.c: http://gerrit.openvpn.net/c/openvpn/+/808/comment/5c5cd074_1394fe2c : PS19, Line 198: if (!line || !*line || !**line) the use of a double pointer irritates me, because we never move the pointer, instead `memmove()` the buffer... I think we should just do `(*line)++` instead of the `memmove()` below - possibly also getting rid of the `strlen(str)` thing, or `str` altogether :-) - so keep the pointer, call it from `apply_push_options()` and accept a moving `*line` pointer. Also, I'm not sure if "empty string" should be treated as `false` or just ignored (return true, that is) - the existing environment where `apply_pull_filter()` is used does not care for "empty lines". A NULL pointer is a programming error that must never happen, so an ASSERT(line) is valid. http://gerrit.openvpn.net/c/openvpn/+/808/comment/6ffca9a9_893ed859 : PS19, Line 231: If there is whitespace here (`? route`) we'll fail with `pushed option is not updateable: ' route'`, if I'm not misreading it. I'd document that "there must not be whitespace between the flag letters and the option" and then we could add an `if (isspace(**line)) { complain; return false; }` here... the documentation is important, the error handling not so much (as it will hit the `return false` anyway) http://gerrit.openvpn.net/c/openvpn/+/808/comment/bc8b42ab_3cf0ba0c : PS19, Line 252: msg(D_PUSH, "Pushed option is not updatable: '%s'", *line); Maybe add an " Ignoring." to the string, so it's clear "this is informational, but not an error, and this is how we handle it"? Since the other one has "Restarting"... http://gerrit.openvpn.net/c/openvpn/+/808/comment/ce24fecc_c0a39fcd : PS19, Line 270: if (!o->pull_filter_list && !(is_update)) So, if we call `check_push_update_option_flags()` from outside, we do not need this extra dance, checking o->pull_filter_list twice... http://gerrit.openvpn.net/c/openvpn/+/808/comment/8974bb49_5a803112 : PS19, Line 276: while (isspace(*line)) It makes sense to move that upwards to `apply_push_options()`, before calling anything on the line. So both all functions called do not need to bother about leading whitespace. http://gerrit.openvpn.net/c/openvpn/+/808/comment/8689afde_5d9ee877 : PS19, Line 310: return true; This duplication of the messages and `return true` looks a bit silly :-) - I would suggest to do ``` /* on PUSH_UPDATE, "reject" and "ignore" filters are treated the same */ else if ( (f->type == PUF_TYPE_IGNORE || is_update) && strncmp(line, f->pattern, f->size) == 0) { msg(D_PUSH, "Pushed option removed by filter: '%s'", line); return true; } ``` File src/openvpn/push_util.c: http://gerrit.openvpn.net/c/openvpn/+/808/comment/b8dd5363_84e249de : PS19, Line 23: true)) Just for the record - this is the really-old-style OpenVPN formatting, which we no longer use. That said, I know it's the same as in `process_incoming_push_reply()`, so it makes sense to keep it the same, and then clang-format will change both at once. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/808?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I6ecd4cb47571cc8c20e46de8595c742aeec6064a Gerrit-Change-Number: 808 Gerrit-PatchSet: 19 Gerrit-Owner: mrbff <ma...@mandelbit.com> Gerrit-Reviewer: cron2 <g...@greenie.muc.de> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org> Gerrit-Reviewer: stipa <lstipa...@gmail.com> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-Attention: cron2 <g...@greenie.muc.de> Gerrit-Attention: flichtenheld <fr...@lichtenheld.com> Gerrit-Attention: mrbff <ma...@mandelbit.com> Gerrit-Attention: stipa <lstipa...@gmail.com> Gerrit-Comment-Date: Mon, 21 Jul 2025 18:08:07 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel