Implementation with multiple threads needs that to be able run encryption
in parallel. Tested with James' OpenVPN 3 server.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1474121738-19420-1-git-send-email-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12513.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -160,6 +160,7 @@ comp_generate_peer_info_string(const struct compress_options *opt, struct buffer |
160 | 160 |
buf_printf (out, "IV_LZO_STUB=1\n"); |
161 | 161 |
buf_printf (out, "IV_COMP_STUB=1\n"); |
162 | 162 |
buf_printf (out, "IV_COMP_STUBv2=1\n"); |
163 |
+ buf_printf (out, "IV_TCPNL=1\n"); |
|
163 | 164 |
} |
164 | 165 |
} |
165 | 166 |
|
... | ... |
@@ -2140,7 +2140,6 @@ do_init_crypto_static (struct context *c, const unsigned int flags) |
2140 | 2140 |
if (options->replay) |
2141 | 2141 |
{ |
2142 | 2142 |
packet_id_init (&c->c2.crypto_options.packet_id, |
2143 |
- link_socket_proto_connection_oriented (options->ce.proto), |
|
2144 | 2143 |
options->replay_window, |
2145 | 2144 |
options->replay_time, |
2146 | 2145 |
"STATIC", 0); |
... | ... |
@@ -2211,11 +2211,6 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
2211 | 2211 |
/* |
2212 | 2212 |
* Check consistency of replay options |
2213 | 2213 |
*/ |
2214 |
- if ((!proto_is_udp(ce->proto)) |
|
2215 |
- && (options->replay_window != defaults.replay_window |
|
2216 |
- || options->replay_time != defaults.replay_time)) |
|
2217 |
- msg (M_USAGE, "--replay-window only makes sense with --proto udp"); |
|
2218 |
- |
|
2219 | 2214 |
if (!options->replay |
2220 | 2215 |
&& (options->replay_window != defaults.replay_window |
2221 | 2216 |
|| options->replay_time != defaults.replay_time)) |
... | ... |
@@ -76,10 +76,9 @@ packet_id_debug (int msglevel, |
76 | 76 |
} |
77 | 77 |
|
78 | 78 |
void |
79 |
-packet_id_init (struct packet_id *p, bool tcp_mode, int seq_backtrack, int time_backtrack, const char *name, int unit) |
|
79 |
+packet_id_init (struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit) |
|
80 | 80 |
{ |
81 |
- dmsg (D_PID_DEBUG, "PID packet_id_init tcp_mode=%d seq_backtrack=%d time_backtrack=%d", |
|
82 |
- tcp_mode, |
|
81 |
+ dmsg (D_PID_DEBUG, "PID packet_id_init seq_backtrack=%d time_backtrack=%d", |
|
83 | 82 |
seq_backtrack, |
84 | 83 |
time_backtrack); |
85 | 84 |
|
... | ... |
@@ -88,7 +87,7 @@ packet_id_init (struct packet_id *p, bool tcp_mode, int seq_backtrack, int time_ |
88 | 88 |
|
89 | 89 |
p->rec.name = name; |
90 | 90 |
p->rec.unit = unit; |
91 |
- if (seq_backtrack && !tcp_mode) |
|
91 |
+ if (seq_backtrack) |
|
92 | 92 |
{ |
93 | 93 |
ASSERT (MIN_SEQ_BACKTRACK <= seq_backtrack && seq_backtrack <= MAX_SEQ_BACKTRACK); |
94 | 94 |
ASSERT (MIN_TIME_BACKTRACK <= time_backtrack && time_backtrack <= MAX_TIME_BACKTRACK); |
... | ... |
@@ -210,7 +210,7 @@ struct packet_id |
210 | 210 |
struct packet_id_rec rec; |
211 | 211 |
}; |
212 | 212 |
|
213 |
-void packet_id_init (struct packet_id *p, bool tcp_mode, int seq_backtrack, int time_backtrack, const char *name, int unit); |
|
213 |
+void packet_id_init (struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit); |
|
214 | 214 |
void packet_id_free (struct packet_id *p); |
215 | 215 |
|
216 | 216 |
/* should we accept an incoming packet id ? */ |
... | ... |
@@ -799,7 +799,7 @@ key_state_init (struct tls_session *session, struct key_state *ks) |
799 | 799 |
/* init packet ID tracker */ |
800 | 800 |
if (session->opt->replay) |
801 | 801 |
{ |
802 |
- packet_id_init (&ks->crypto_options.packet_id, session->opt->tcp_mode, |
|
802 |
+ packet_id_init (&ks->crypto_options.packet_id, |
|
803 | 803 |
session->opt->replay_window, session->opt->replay_time, "SSL", |
804 | 804 |
ks->key_id); |
805 | 805 |
} |
... | ... |
@@ -948,7 +948,6 @@ tls_session_init (struct tls_multi *multi, struct tls_session *session) |
948 | 948 |
|
949 | 949 |
/* initialize packet ID replay window for --tls-auth */ |
950 | 950 |
packet_id_init (&session->tls_auth.packet_id, |
951 |
- session->opt->tcp_mode, |
|
952 | 951 |
session->opt->replay_window, |
953 | 952 |
session->opt->replay_time, |
954 | 953 |
"TLS_AUTH", session->key_id); |