[Openvpn-devel,v3,01/14] Deprecate link-mtu

Message ID 20220101162532.2251835-2-arne@rfc2549.org
State Accepted
Headers show
Series
  • Big buffer/frame refactoring patch set v3
Related show

Commit Message

Arne Schwabe Jan. 1, 2022, 4:25 p.m.
This options might have been useful in the past but nowadays it has a very
unclear semantics, so better remove/deprecate it.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 doc/man-sections/link-options.rst | 7 ++++++-
 src/openvpn/options.c             | 4 +---
 2 files changed, 7 insertions(+), 4 deletions(-)

Comments

Gert Doering Jan. 27, 2022, 5:13 p.m. | #1
Acked-by: Gert Doering <gert@greenie.muc.de>

The change is mostly documentation, and it makes sense, for the reasons
given.  The actual code change just reduces the connection between
--ifconfig and --link-mtu, which is confusing at best.

Have not tested beyond a simple compile check.

(For reference: this was 02/21 in v2 of the patchset, and did not see 
an ACK there)

Your patch has been applied to the master branch.

commit 29453c37c1f3aa420a894996dd7be4a4f8393c5a
Author: Arne Schwabe
Date:   Sat Jan 1 17:25:19 2022 +0100

     Deprecate link-mtu

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20220101162532.2251835-2-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23496.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/doc/man-sections/link-options.rst b/doc/man-sections/link-options.rst
index 32e72a1b..b1ae4e75 100644
--- a/doc/man-sections/link-options.rst
+++ b/doc/man-sections/link-options.rst
@@ -82,10 +82,15 @@  the local and the remote host.
          ping-restart 60            # Argument: timeout
 
 --link-mtu n
-  Sets an upper bound on the size of UDP packets which are sent between
+  **DEPRECATED** Sets an upper bound on the size of UDP packets which are sent between
   OpenVPN peers. *It's best not to set this parameter unless you know what
   you're doing.*
 
+  Due to variable header size of IP header (20 bytes for IPv4 and 40 bytes
+  for IPv6) and dynamically negotiated data channel cipher, this option
+  is not reliable. It is recommended to set tun-mtu with enough headroom
+  instead.
+
 --local host
   Local host name or IP address for bind. If specified, OpenVPN will bind
   to this address only. If unspecified, OpenVPN will bind to all
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 0529c141..2ca24685 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2111,9 +2111,7 @@  options_postprocess_verify_ce(const struct options *options,
      */
     if (options->ce.tun_mtu_defined && options->ce.link_mtu_defined)
     {
-        msg(M_USAGE,
-            "only one of --tun-mtu or --link-mtu may be defined (note that "
-            "--ifconfig implies --link-mtu %d)", LINK_MTU_DEFAULT);
+        msg(M_USAGE, "only one of --tun-mtu or --link-mtu may be defined");
     }
 
     if (!proto_is_udp(ce->proto) && options->mtu_test)