Re: [Openvpn-devel] [PATCH 02/10] Added PIP_OPT_MASK for process_ip_header fast exit path.

Thu, 03 Mar 2016 23:48:26 +0000 

Am 03.03.16 um 09:18 schrieb James Yonan:
> Define PIP_OPT_MASK to represent all flags of interest to
> process_ip_header, so that it can have a fast exit path
> if no flags are set.

Basically what this patch does is to change the condition to

if (flags)

and if for example PASSTOS_CAPABILITY is not 1, the following path will
always be taken:

      process_ip_header (c, PIPV4_PASSTOS|PIP_MSSFIX|PIPV4_CLIENT_NAT,
&c->c2.buf);

flags mean that possible passtos, mssfix and client_nat should be
applied here.

#if PASSTOS_CAPABILITY
  if (!c->options.passtos)
    flags &= ~PIPV4_PASSTOS;
#endif

is not compiled in. So flags is at least PIPV4_PASSTOS

So if (flags & 0xffff) is still true.

So NACK from me butthe code is very confusing...

Arne


> 
> Merged from OpenVPN 2.1
> 
> Signed-off-by: James Yonan <[email protected]>
> ---
>  src/openvpn/forward.c | 8 +-------
>  src/openvpn/forward.h | 4 +++-
>  2 files changed, 4 insertions(+), 8 deletions(-)
> 
> diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
> index 4a91f92..ef554fc 100644
> --- a/src/openvpn/forward.c
> +++ b/src/openvpn/forward.c
> @@ -1054,13 +1054,7 @@ process_ip_header (struct context *c, unsigned int 
> flags, struct buffer *buf)
>         * The --passtos and --mssfix options require
>         * us to examine the IPv4 header.
>         */
> -
> -      if (flags & (PIP_MSSFIX
> -#if PASSTOS_CAPABILITY
> -       | PIPV4_PASSTOS
> -#endif
> -       | PIPV4_CLIENT_NAT
> -       ))
> +      if (flags & PIP_OPT_MASK)
>       {
>         struct buffer ipbuf = *buf;
>         if (is_ipv4 (TUNNEL_TYPE (c->c1.tuntap), &ipbuf))
> diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h
> index af3b0a6..7debcb1 100644
> --- a/src/openvpn/forward.h
> +++ b/src/openvpn/forward.h
> @@ -249,9 +249,11 @@ bool send_control_channel_string (struct context *c, 
> const char *str, int msglev
>  
>  #define PIPV4_PASSTOS         (1<<0)
>  #define PIP_MSSFIX            (1<<1)         /* v4 and v6 */
> -#define PIPV4_OUTGOING        (1<<2)
>  #define PIPV4_EXTRACT_DHCP_ROUTER (1<<3)
>  #define PIPV4_CLIENT_NAT      (1<<4)
> +#define PIP_OPT_MASK          0xFFFF         /* all possible options for */
> +                                             /* process_ip_header() */
> +#define PIPV4_OUTGOING        (1<<16)
>  
>  void process_ip_header (struct context *c, unsigned int flags, struct buffer 
> *buf);
>  
>

Reply via email to