P_DATA_V2 introduced the peer-id. This allows clients to float, but as a
side-effect 32-bit aligns the encrypted data. That alignment improves
performance particularly on cheaper/older CPUs. So although servers don't
actually have a peer-id, still use the V2 packet format (with a zero-id)
for server->client traffic too.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1511531903-19349-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/search?l=mid&q=1511531903-19349-1-git-send-email-steffan.karger@fox-it.com
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -496,7 +496,7 @@ encrypt_sign(struct context *c, bool comp_frag) |
496 | 496 |
/* If using P_DATA_V2, prepend the 1-byte opcode and 3-byte peer-id to the |
497 | 497 |
* packet before openvpn_encrypt(), so we can authenticate the opcode too. |
498 | 498 |
*/ |
499 |
- if (c->c2.buf.len > 0 && !c->c2.tls_multi->opt.server && c->c2.tls_multi->use_peer_id) |
|
499 |
+ if (c->c2.buf.len > 0 && c->c2.tls_multi->use_peer_id) |
|
500 | 500 |
{ |
501 | 501 |
tls_prepend_opcode_v2(c->c2.tls_multi, &b->encrypt_buf); |
502 | 502 |
} |
... | ... |
@@ -512,7 +512,7 @@ encrypt_sign(struct context *c, bool comp_frag) |
512 | 512 |
/* Do packet administration */ |
513 | 513 |
if (c->c2.tls_multi) |
514 | 514 |
{ |
515 |
- if (c->c2.buf.len > 0 && (c->c2.tls_multi->opt.server || !c->c2.tls_multi->use_peer_id)) |
|
515 |
+ if (c->c2.buf.len > 0 && !c->c2.tls_multi->use_peer_id) |
|
516 | 516 |
{ |
517 | 517 |
tls_prepend_opcode_v1(c->c2.tls_multi, &c->c2.buf); |
518 | 518 |
} |