Attention is currently required from: cron2, flichtenheld, mrbff, stipa.

cron2 has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/808?usp=email )

Change subject: PUSH_UPDATE: Allow OpenVPN in client mode to receive and handle 
PUSH UPDATE control messages to allow options updating at runtime.
......................................................................


Patch Set 19: Code-Review-1

Copied votes on follow-up patch sets have been updated:
* Code-Review-1 has been copied to patch set 20 (copy condition: 
"changekind:NO_CHANGE OR changekind:TRIVIAL_REBASE OR is:MIN").

(10 comments)

Patchset:

PS19:
So, I think this works and is sufficently save and efficient, but I'm and old 
man and like my lawn orderly... so as discussed on IRC, please adjust a few 
minor points.


File src/openvpn/options.c:

http://gerrit.openvpn.net/c/openvpn/+/808/comment/849fb9c1_8109d087 :
PS19, Line 5567: apply_push_options(struct options *options,
please do not move that one around in options.c, this makes comparing old/new 
harder without good benefit, also breaks git blame...


http://gerrit.openvpn.net/c/openvpn/+/808/comment/25512e6f_b2eb183f :
PS19, Line 5654:
so I would call check_push_update_option_flags() from here, possibly moving the 
"while isspace(*line) { line++; }" part up here as well.  Then we can keep 
"apply_pull_filter()" focused on "pull filter", not dealing with a number of 
extra conditions...  (just "is_update", see there)


File src/openvpn/options_util.c:

http://gerrit.openvpn.net/c/openvpn/+/808/comment/5c5cd074_1394fe2c :
PS19, Line 198:     if (!line || !*line || !**line)
the use of a double pointer irritates me, because we never move the pointer, 
instead `memmove()` the buffer...

I think we should just do `(*line)++` instead of the `memmove()` below - 
possibly also getting rid of the `strlen(str)` thing, or `str` altogether :-) - 
so keep the pointer, call it from `apply_push_options()` and accept a moving 
`*line` pointer.

Also, I'm not sure if "empty string" should be treated as `false` or just 
ignored (return true, that is) - the existing environment where 
`apply_pull_filter()` is used does not care for "empty lines".

A NULL pointer is a programming error that must never happen, so an 
ASSERT(line) is valid.


http://gerrit.openvpn.net/c/openvpn/+/808/comment/6ffca9a9_893ed859 :
PS19, Line 231:
If there is whitespace here (`?  route`) we'll fail with `pushed option is not 
updateable: '  route'`, if I'm not misreading it.

I'd document that "there must not be whitespace between the flag letters and 
the option" and then we could add an `if (isspace(**line)) { complain; return 
false; }` here... the documentation is important, the error handling not so 
much (as it will hit the `return false` anyway)


http://gerrit.openvpn.net/c/openvpn/+/808/comment/bc8b42ab_3cf0ba0c :
PS19, Line 252:             msg(D_PUSH, "Pushed option is not updatable: '%s'", 
*line);
Maybe add an " Ignoring." to the string, so it's clear "this is informational, 
but not an error, and this is how we handle it"?  Since the other one has 
"Restarting"...


http://gerrit.openvpn.net/c/openvpn/+/808/comment/ce24fecc_c0a39fcd :
PS19, Line 270:     if (!o->pull_filter_list && !(is_update))
So, if we call `check_push_update_option_flags()` from outside, we do not need 
this extra dance, checking o->pull_filter_list twice...


http://gerrit.openvpn.net/c/openvpn/+/808/comment/8974bb49_5a803112 :
PS19, Line 276:     while (isspace(*line))
It makes sense to move that upwards to `apply_push_options()`, before calling 
anything on the line.  So both all functions called do not need to bother about 
leading whitespace.


http://gerrit.openvpn.net/c/openvpn/+/808/comment/8689afde_5d9ee877 :
PS19, Line 310:                 return true;
This duplication of the messages and `return true` looks a bit silly :-) - I 
would suggest to do

```
        /* on PUSH_UPDATE, "reject" and "ignore" filters are treated the same */
        else if ( (f->type == PUF_TYPE_IGNORE || is_update)
                   && strncmp(line, f->pattern, f->size) == 0)
        {
            msg(D_PUSH, "Pushed option removed by filter: '%s'", line);
            return true;
        }
```


File src/openvpn/push_util.c:

http://gerrit.openvpn.net/c/openvpn/+/808/comment/b8dd5363_84e249de :
PS19, Line 23:                                true))
Just for the record - this is the really-old-style OpenVPN formatting, which we 
no longer use.  That said, I know it's the same as in 
`process_incoming_push_reply()`, so it makes sense to keep it the same, and 
then clang-format will change both at once.



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/808?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I6ecd4cb47571cc8c20e46de8595c742aeec6064a
Gerrit-Change-Number: 808
Gerrit-PatchSet: 19
Gerrit-Owner: mrbff <ma...@mandelbit.com>
Gerrit-Reviewer: cron2 <g...@greenie.muc.de>
Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com>
Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org>
Gerrit-Reviewer: stipa <lstipa...@gmail.com>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-Attention: cron2 <g...@greenie.muc.de>
Gerrit-Attention: flichtenheld <fr...@lichtenheld.com>
Gerrit-Attention: mrbff <ma...@mandelbit.com>
Gerrit-Attention: stipa <lstipa...@gmail.com>
Gerrit-Comment-Date: Mon, 21 Jul 2025 18:08:07 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to