plaisthos has uploaded this change for review. (
http://gerrit.openvpn.net/c/openvpn/+/1550?usp=email )
Change subject: Try to emphasise the difference between new ovpn and old
ovpn-dco
......................................................................
Try to emphasise the difference between new ovpn and old ovpn-dco
This tries to ensure that the difference between the old and new module
is clearer.
Also removed a duplicate section about --disable-dco from the manual page.
Change-Id: Iff9f6811fdf553f59f2afee0072d7bf90133d328
---
M Changes.rst
M configure.ac
M doc/man-sections/advanced-options.rst
M doc/man-sections/generic-options.rst
M src/openvpn/dco.c
M src/openvpn/dco_linux.c
6 files changed, 15 insertions(+), 18 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/50/1550/1
diff --git a/Changes.rst b/Changes.rst
index 36af4e7..9c80ee8 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -55,10 +55,11 @@
Support for new version of Linux DCO module
OpenVPN DCO module is moving upstream and being merged into the
- main Linux kernel. For this process some API changes were required.
+ main Linux kernel in 6.16. For this process some API changes were required.
OpenVPN 2.7 will only support the new API. The new module is called
- ``ovpn``. Out-of-tree builds for older kernels are available. Please
- see the release announcements for futher information.
+ ``ovpn``. Out-of-tree builds for older kernels are available from
+ https://github.com/OpenVPN/ovpn-backports. Please
+ see the release announcements for further information.
Support for server mode in win-dco driver
On Windows the win-dco driver can now be used in server setups.
diff --git a/configure.ac b/configure.ac
index e151816..57f1bd6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -731,7 +731,7 @@
OPTIONAL_LIBNL_GENL_LIBS="${LIBNL_GENL_LIBS}"
AC_DEFINE(ENABLE_DCO, 1, [Enable shared data
channel offload])
- AC_MSG_NOTICE([Enabled ovpn-dco support for
Linux])
+ AC_MSG_NOTICE([Enabled ovpn-dco (via ovpn
kernel module) support for Linux])
fi
;;
*-*-freebsd*)
diff --git a/doc/man-sections/advanced-options.rst
b/doc/man-sections/advanced-options.rst
index e1115e4..e50c578 100644
--- a/doc/man-sections/advanced-options.rst
+++ b/doc/man-sections/advanced-options.rst
@@ -102,7 +102,9 @@
Data channel offload currently requires data-ciphers to only contain
AEAD ciphers (AES-GCM and Chacha20-Poly1305) and Linux with the
- ovpn-dco module.
+ ovpn module. The ovpn module is integrated into the Linux kernel
+ since 6.16 or available as backport from
+ https://github.com/OpenVPN/ovpn-backports.
Note that some options have no effect or cannot be used when DCO mode
is enabled.
diff --git a/doc/man-sections/generic-options.rst
b/doc/man-sections/generic-options.rst
index f46dfec..81e375d 100644
--- a/doc/man-sections/generic-options.rst
+++ b/doc/man-sections/generic-options.rst
@@ -178,15 +178,6 @@
on console) and ``--auth-nocache`` will fail as soon as key
renegotiation (and reauthentication) occurs.
---disable-dco
- Disable "data channel offload" (DCO).
-
- On Linux don't use the ovpn-dco device driver, but rather rely on the
- legacy tun module.
-
- You may want to use this option if your server needs to allow clients
- older than version 2.4 to connect.
-
--disable-occ
**DEPRECATED** Disable "options consistency check" (OCC) in configurations
that do not use TLS.
diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 26b8645..a696d7a 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -376,9 +376,10 @@
* don't need to have the net_ctx percolate all the way here
*/
int ret = net_iface_type(NULL, o->dev, iftype);
- if ((ret == 0) && (strcmp(iftype, "ovpn-dco") != 0))
+ if ((ret == 0) && (strcmp(iftype, "ovpn") != 0))
{
- msg(msglevel, "Interface %s exists and is non-DCO. Disabling data
channel offload",
+ msg(msglevel, "Interface %s exists and its not using "
+ "ovpn DCO driver. Disabling data channel offload",
o->dev);
return false;
}
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 3ad8b90..96ce643 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -159,7 +159,7 @@
break;
case -NLE_OBJ_NOTFOUND:
- msg(M_INFO, "%s: netlink reports object not found, ovpn-dco
unloaded?", prefix);
+ msg(M_INFO, "%s: netlink reports object not found, ovpn kernel
module unloaded?", prefix);
break;
default:
@@ -1239,7 +1239,9 @@
{
if (resolve_ovpn_netlink_id(D_DCO_DEBUG) < 0)
{
- msg(msglevel, "Note: Kernel support for ovpn-dco missing, disabling
data channel offload.");
+ msg(msglevel, "Note: Kernel support for ovpn missing, disabling data "
+ "channel offload. Use a 6.16.0 kernel with ovpn or use"
+ "ovpn-backports to enable data channel offload.");
return false;
}
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1550?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Iff9f6811fdf553f59f2afee0072d7bf90133d328
Gerrit-Change-Number: 1550
Gerrit-PatchSet: 1
Gerrit-Owner: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
