Hi, On Wed, Nov 02, 2016 at 08:41:12PM +0100, Gert Doering wrote: > ACK, thanks. Took us long enough.
Bah. I wanted to do everything right, but missed one crucial test: that
it "does what it says" in tap mode as well - well, it doesn't.
Unlike v2, this will not break tap (or p2p server or --inetd) mode, but
the functionality is not right.
This code:
/* make sure we got whole IP header */
if (BLEN (buf) < (int) sizeof (struct openvpn_iphdr))
return;
/* skip ipv4 packets for ipv6 tun */
if (tun_sa.addr.sa.sa_family != AF_INET)
return;
pip = (struct openvpn_iphdr *) BPTR (buf);
/* drop packets with same dest addr as gateway */
if (tun_sa.addr.in4.sin_addr.s_addr == pip->daddr)
drop = true;
... does not take "if it's TAP, skip the ethernet header" into account,
so is comparing tun_sa...s_addr with "something", but not with the
IP address in the IP packet inside the ethernet frame.
So, unfortunately, another NAK.
But I noticed before pushing, so just totally ignore my previous mail -
this is not in the official tree (and won't make 2.3.13, meh).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
