Am 04.03.16 um 08:29 schrieb James Yonan: > On 03/03/2016 16:48, Arne Schwabe wrote: >> Am 03.03.16 um 09:18 schrieb James Yonan: >>> Define PIP_OPT_MASK to represent all flags of interest to >>> process_ip_header, so that it can have a fast exit path >>> if no flags are set. >> Basically what this patch does is to change the condition to >> >> if (flags) >> >> and if for example PASSTOS_CAPABILITY is not 1, the following path will >> always be taken: >> >> process_ip_header (c, PIPV4_PASSTOS|PIP_MSSFIX|PIPV4_CLIENT_NAT, >> &c->c2.buf); >> >> flags mean that possible passtos, mssfix and client_nat should be >> applied here. >> >> #if PASSTOS_CAPABILITY >> if (!c->options.passtos) >> flags &= ~PIPV4_PASSTOS; >> #endif >> >> is not compiled in. So flags is at least PIPV4_PASSTOS >> >> So if (flags & 0xffff) is still true. >> >> So NACK from me butthe code is very confusing... >> >> Arne > > I think what makes this patch confusing is that it's really a patch > that facilitates another patch that we've used in the past at OpenVPN > Tech. for some custom NAT algs. This patch reduces the footprint of > the second patch, making it easier to maintain. > Yes. I think I get the intention of the patch. But if this patch should work in OpenVPN now we need to replace
#if PASSTOS_CAPABILITY if (!c->options.passtos) flags &= ~PIPV4_PASSTOS; #endif with #if PASSTOS_CAPABILITY if (!c->options.passtos) #endif flags &= ~PIPV4_PASSTOS; to have the correct behaviour if PASSTOS_CAPABILITY is missing. Arne