GitList

Browse code

Don't limit max incoming message size based on c2->frame

"Be conservative in what you send, be liberal in what you accept"

When receiving packets, the real limitation of how much data we can accept
is the size of our internal buffers, not the maximum size we expect
incoming packets to have.

I ran into this while working on cipher negotiation, which will need
separate bookkeeping for the required internal buffer size, and the
link/tun MTU. Basing this code on the buffer size instead of c2->frame
makes that easier. A nice side-effect of this change is that it
simplifies the code.

This should also reduce the impact of using asymmetric tun/link MTU's,
such as in trac ticket #647.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1465388443-15484-2-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11850
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Steffan Karger authored on 2016/06/08 21:20:39
Showing 3 changed files

src/openvpn/forward.c index 4a91f92..2c9a082 100644
src/openvpn/socket.c index f7264ef..d2872be 100644
src/openvpn/socket.h index b154bc0..6f4d34f 100644

src/openvpn/forward.c

History View file @ 3c1b19e

@@ -669,7 +669,6 @@ read_incoming_link (struct context *c)
                        status = link_socket_read (c->c2.link_socket,
                      			     &c->c2.buf,
                     -			     MAX_RW_SIZE_LINK (&c->c2.frame),
                      			     &c->c2.from);
                        if (socket_connection_reset (c->c2.link_socket, status))

src/openvpn/socket.c

History View file @ 3c1b19e

@@ -2886,7 +2886,6 @@ union openvpn_pktinfo {
                      static socklen_t
                      link_socket_read_udp_posix_recvmsg (struct link_socket *sock,
                      				    struct buffer *buf,
                     -				    int maxsize,
                      				    struct link_socket_actual *from)
+                     {
                        struct iovec iov;
@@ -2895,7 +2894,7 @@ link_socket_read_udp_posix_recvmsg (struct link_socket *sock,
                        socklen_t fromlen = sizeof (from->dest.addr);
                        iov.iov_base = BPTR (buf);
                     -  iov.iov_len = maxsize;
                     +  iov.iov_len = buf_forward_capacity_total (buf);
                        mesg.msg_iov = &iov;
                        mesg.msg_iovlen = 1;
                        mesg.msg_name = &from->dest.addr;
@@ -2954,20 +2953,18 @@ link_socket_read_udp_posix_recvmsg (struct link_socket *sock,
                      int
                      link_socket_read_udp_posix (struct link_socket *sock,
                      			    struct buffer *buf,
                     -			    int maxsize,
                      			    struct link_socket_actual *from)
+                     {
                        socklen_t fromlen = sizeof (from->dest.addr);
                        socklen_t expectedlen = af_addr_size(sock->info.af);
                        addr_zero_host(&from->dest);
                     -  ASSERT (buf_safe (buf, maxsize));
                      #if ENABLE_IP_PKTINFO
                        /* Both PROTO_UDPv4 and PROTO_UDPv6 */
                        if (sock->info.proto == PROTO_UDP && sock->sockflags & SF_USE_IP_PKTINFO)
                     -    fromlen = link_socket_read_udp_posix_recvmsg (sock, buf, maxsize, from);
                     +    fromlen = link_socket_read_udp_posix_recvmsg (sock, buf, from);
                        else
                      #endif
                     -    buf->len = recvfrom (sock->sd, BPTR (buf), maxsize, 0,
                     +    buf->len = recvfrom (sock->sd, BPTR (buf), buf_forward_capacity(buf), 0,
                      			 &from->dest.addr.sa, &fromlen);
                        /* FIXME: won't do anything when sock->info.af == AF_UNSPEC */
                        if (buf->len >= 0 && expectedlen && fromlen != expectedlen)

src/openvpn/socket.h

History View file @ 3c1b19e

@@ -961,7 +961,6 @@ link_socket_read_udp_win32 (struct link_socket *sock,
                      int link_socket_read_udp_posix (struct link_socket *sock,
                      				struct buffer *buf,
                     -				int maxsize,
                      				struct link_socket_actual *from);
                      #endif
@@ -970,7 +969,6 @@ int link_socket_read_udp_posix (struct link_socket *sock,
                      static inline int
                      link_socket_read (struct link_socket *sock,
                      		  struct buffer *buf,
                     -		  int maxsize,
                      		  struct link_socket_actual *from)
+                     {
                        if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */
@@ -980,7 +978,7 @@ link_socket_read (struct link_socket *sock,
                      #ifdef WIN32
                            res = link_socket_read_udp_win32 (sock, buf, from);
                      #else
                     -      res = link_socket_read_udp_posix (sock, buf, maxsize, from);
                     +      res = link_socket_read_udp_posix (sock, buf, from);
                      #endif
                            return res;
+                         }