Context Navigation

← Previous Change
Ticket Comment History
Next Change →

Changes between Initial Version and Version 1 of Ticket #163, comment 9

Timestamp:: 05/06/13 11:54:24 (8 years ago)
Author:: Waffelman
Comment:

Legend:

: Unmodified
: Added
: Removed
: Modified

Ticket #163, comment 9

-                      initial
+                      v1
 Now let's step into the [https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/pf.c#L178 pf_init] function, which is the culprit that should return the defined filters as a pf_set.
 Since the packet filter file is empty, there is nothing in the buffer list passed into the function. There are two possibilities (I did not care to figure out which one it actually is:
+Since the packet filter file is empty, there is nothing in the buffer list passed into the function. There are two possibilities (I did not care to figure out which one it actually is):
  * [https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/pf.c#L192 bl is NULL] when the packet filter file is empty and the if block is not entered.
  * [https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/pf.c#L198 The head of the list is NULL] when the packet filter file is empty and the for loop is not entered.
 If the first case is true, [https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/pf.c#L280 n_errors is increased]. If the second case is true, [https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/pf.c#L274 n_errors is increased]. So it doesn't really matter :) What does matter, though, is that, because n_errors is not greater than 0, [https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/pf.c#L294 this] if block is entered, where pfs is destroyed and set to NULL. Afterwards, this NULL value is returned.
+If the first case is true, [https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/pf.c#L280 n_errors is increased]. If the second case is true, [https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/pf.c#L274 n_errors is increased]. So it doesn't really matter :) What does matter, though, is that, because n_errors is now greater than 0, [https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/pf.c#L294 this] if block is entered, where pfs is destroyed and set to NULL. Afterwards, this NULL value is returned.
 This is why the pfs pointer is NULL. There is however one workaround for this: Since the packet filter plugin func is executed before packet filtering is actually enabled, one can perform the following steps to ensure that the pf_init function does return something: