From patchwork Sat Jan 1 05:25:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2194 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.27.255.1]) by backend41.mail.ord1d.rsapps.net with LMTP id NsvnCreA0GFyLAAAqwncew (envelope-from ) for ; Sat, 01 Jan 2022 11:26:31 -0500 Received: from proxy4.mail.iad3a.rsapps.net ([172.27.255.1]) by director15.mail.ord1d.rsapps.net with LMTP id ODoIDbeA0GGZCwAAIcMcQg (envelope-from ) for ; Sat, 01 Jan 2022 11:26:31 -0500 Received: from smtp40.gate.iad3a ([172.27.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy4.mail.iad3a.rsapps.net with LMTPS id gK7zBbeA0GGjOAAA8Zvu4w (envelope-from ) for ; Sat, 01 Jan 2022 11:26:31 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp40.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 9354582e-6b1f-11ec-b31d-5254003a14f9-1-1 Received: from [216.105.38.7] ([216.105.38.7:47604] helo=lists.sourceforge.net) by smtp40.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id E2/95-22483-6B080D16; Sat, 01 Jan 2022 11:26:30 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1n3hCU-0000Er-Tj; Sat, 01 Jan 2022 16:25:46 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1n3hCT-0000E8-Gt for openvpn-devel@lists.sourceforge.net; Sat, 01 Jan 2022 16:25:45 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=cYuzHxrQBkrX02HxQ9eA0YV3aKDQqsIkDukum3H9ivQ=; b=m5Y04mGc8+Lsz2+3NgSNeQ4aN3 u5Ofmc5Gwm2Z3G7RD8zDHCHTAIibu/agkZglYSGrD71U5d7XE3fgeE8pGnCgI/ZO1S6efmY/xllDc PYQRe/q6qIh0+i3di3RoikM3r65aKE/04NdYruOBSQ74p39xdb14aMsMjUPZaKRn5tYI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=cYuzHxrQBkrX02HxQ9eA0YV3aKDQqsIkDukum3H9ivQ=; b=D2Y4lqpgA7EQwjF47vfGJl3nVu RevwxCNIHeaZ8E4/ZTCPu0ITiSjk1CY5QPOJ7VCEKgWmqkK31bPYONoi2rktdjA+OGvGne5PkKBtF b1Q5+9faMv9HC9YLAtlJLXPF/zMJ1+FoyYQR9H06Y/6Rr/f97Os+M3BGyaqxcdh7dksc=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1n3hCT-00GV3v-15 for openvpn-devel@lists.sourceforge.net; Sat, 01 Jan 2022 16:25:45 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1n3hCH-000FgD-Dr for openvpn-devel@lists.sourceforge.net; Sat, 01 Jan 2022 17:25:33 +0100 Received: (nullmailer pid 2251884 invoked by uid 10006); Sat, 01 Jan 2022 16:25:32 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Sat, 1 Jan 2022 17:25:19 +0100 Message-Id: <20220101162532.2251835-2-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220101162532.2251835-1-arne@rfc2549.org> References: <20220101162532.2251835-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This options might have been useful in the past but nowadays it has a very unclear semantics, so better remove/deprecate it. Signed-off-by: Arne Schwabe --- doc/man-sections/link-options.rst | 7 ++++++- src/openvpn/options.c | 4 +--- 2 files changed, 7 insertions(+), 4 deletions(-) Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1n3hCT-00GV3v-15 Subject: [Openvpn-devel] [PATCH v3 01/14] Deprecate link-mtu X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This options might have been useful in the past but nowadays it has a very unclear semantics, so better remove/deprecate it. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- doc/man-sections/link-options.rst | 7 ++++++- src/openvpn/options.c | 4 +--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/doc/man-sections/link-options.rst b/doc/man-sections/link-options.rst index 32e72a1b..b1ae4e75 100644 --- a/doc/man-sections/link-options.rst +++ b/doc/man-sections/link-options.rst @@ -82,10 +82,15 @@ the local and the remote host. ping-restart 60 # Argument: timeout --link-mtu n - Sets an upper bound on the size of UDP packets which are sent between + **DEPRECATED** Sets an upper bound on the size of UDP packets which are sent between OpenVPN peers. *It's best not to set this parameter unless you know what you're doing.* + Due to variable header size of IP header (20 bytes for IPv4 and 40 bytes + for IPv6) and dynamically negotiated data channel cipher, this option + is not reliable. It is recommended to set tun-mtu with enough headroom + instead. + --local host Local host name or IP address for bind. If specified, OpenVPN will bind to this address only. If unspecified, OpenVPN will bind to all diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 0529c141..2ca24685 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2111,9 +2111,7 @@ options_postprocess_verify_ce(const struct options *options, */ if (options->ce.tun_mtu_defined && options->ce.link_mtu_defined) { - msg(M_USAGE, - "only one of --tun-mtu or --link-mtu may be defined (note that " - "--ifconfig implies --link-mtu %d)", LINK_MTU_DEFAULT); + msg(M_USAGE, "only one of --tun-mtu or --link-mtu may be defined"); } if (!proto_is_udp(ce->proto) && options->mtu_test)