Instead of statically increasing link-mtu by +3, keep the old value for
OCC compatibility with old servers/clients, and only increase link-mtu
if peer-id option is enabled (right now: is pushed by server).
If link-mtu has been set in the config, keep configured value, and log
warning (because the extra overhead has to decrease tun-mtu).
Reserve extra +3 bytes in frame->extra_link.
v2: use frame->extra_link, not frame->extra_buffer (receive path on server)
introduce frame_add_to_link_mtu() to manipulate frame->link_mtu value
rework comments to make more clear what is happening
This reverts commit f95010ad247a8998e0c39e394236251fca316849.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1423390725-13438-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9450
... | ... |
@@ -1794,6 +1794,19 @@ do_deferred_options (struct context *c, const unsigned int found) |
1794 | 1794 |
msg (D_PUSH, "OPTIONS IMPORT: peer-id set"); |
1795 | 1795 |
c->c2.tls_multi->use_peer_id = true; |
1796 | 1796 |
c->c2.tls_multi->peer_id = c->options.peer_id; |
1797 |
+ frame_add_to_extra_frame(&c->c2.frame, +3); /* peer-id overhead */ |
|
1798 |
+ if ( !c->options.ce.link_mtu_defined ) |
|
1799 |
+ { |
|
1800 |
+ frame_add_to_link_mtu(&c->c2.frame, +3); |
|
1801 |
+ msg (D_PUSH, "OPTIONS IMPORT: adjusting link_mtu to %d", |
|
1802 |
+ EXPANDED_SIZE(&c->c2.frame)); |
|
1803 |
+ } |
|
1804 |
+ else |
|
1805 |
+ { |
|
1806 |
+ msg (M_WARN, "OPTIONS IMPORT: WARNING: peer-id set, but link-mtu" |
|
1807 |
+ " fixed by config - reducing tun-mtu to %d, expect" |
|
1808 |
+ " MTU problems", TUN_MTU_SIZE(&c->c2.frame) ); |
|
1809 |
+ } |
|
1797 | 1810 |
} |
1798 | 1811 |
#endif |
1799 | 1812 |
} |
... | ... |
@@ -2403,6 +2416,17 @@ do_init_frame (struct context *c) |
2403 | 2403 |
#endif |
2404 | 2404 |
#endif /* USE_COMP */ |
2405 | 2405 |
|
2406 |
+ /* packets with peer-id (P_DATA_V2) need 3 extra bytes in frame (on client) |
|
2407 |
+ * and need link_mtu+3 bytes on socket reception (on server). |
|
2408 |
+ * |
|
2409 |
+ * accomodate receive path in f->extra_link, which has the side effect of |
|
2410 |
+ * also increasing send buffers (BUF_SIZE() macro), which need to be |
|
2411 |
+ * allocated big enough before receiving peer-id option from server. |
|
2412 |
+ * |
|
2413 |
+ * f->extra_frame is adjusted when peer-id option is push-received |
|
2414 |
+ */ |
|
2415 |
+ frame_add_to_extra_link(&c->c2.frame, 3); |
|
2416 |
+ |
|
2406 | 2417 |
#ifdef ENABLE_FRAGMENT |
2407 | 2418 |
/* |
2408 | 2419 |
* Set frame parameter for fragment code. This is necessary because |
... | ... |
@@ -258,6 +258,12 @@ frame_headroom (const struct frame *f, const unsigned int flag_mask) |
258 | 258 |
*/ |
259 | 259 |
|
260 | 260 |
static inline void |
261 |
+frame_add_to_link_mtu (struct frame *frame, const int increment) |
|
262 |
+{ |
|
263 |
+ frame->link_mtu += increment; |
|
264 |
+} |
|
265 |
+ |
|
266 |
+static inline void |
|
261 | 267 |
frame_add_to_extra_frame (struct frame *frame, const int increment) |
262 | 268 |
{ |
263 | 269 |
frame->extra_frame += increment; |
... | ... |
@@ -264,14 +264,16 @@ tls_get_cipher_name_pair (const char * cipher_name, size_t len) { |
264 | 264 |
return NULL; |
265 | 265 |
} |
266 | 266 |
|
267 |
-/** |
|
268 |
- * Max number of bytes we will add for data structures common to both data and |
|
269 |
- * control channel packets (1 byte opcode + 3 bytes peer-id). |
|
267 |
+/* |
|
268 |
+ * Max number of bytes we will add |
|
269 |
+ * for data structures common to both |
|
270 |
+ * data and control channel packets. |
|
271 |
+ * (opcode only). |
|
270 | 272 |
*/ |
271 | 273 |
void |
272 | 274 |
tls_adjust_frame_parameters(struct frame *frame) |
273 | 275 |
{ |
274 |
- frame_add_to_extra_frame (frame, 1 + 3); /* space for opcode + peer-id */ |
|
276 |
+ frame_add_to_extra_frame (frame, 1); /* space for opcode */ |
|
275 | 277 |
} |
276 | 278 |
|
277 | 279 |
/* |