From patchwork Sat Jan 1 05:25:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2206 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id SDbRBcGA0GFzLAAAqwncew (envelope-from ) for ; Sat, 01 Jan 2022 11:26:41 -0500 Received: from proxy8.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id gORbCMGA0GGCTwAAalYnBA (envelope-from ) for ; Sat, 01 Jan 2022 11:26:41 -0500 Received: from smtp25.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy8.mail.ord1d.rsapps.net with LMTPS id wAYdCMGA0GE3DAAAGdz6CA (envelope-from ) for ; Sat, 01 Jan 2022 11:26:41 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp25.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 9908631e-6b1f-11ec-8d6d-52540081550e-1-1 Received: from [216.105.38.7] ([216.105.38.7:53176] helo=lists.sourceforge.net) by smtp25.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 75/D4-22155-0C080D16; Sat, 01 Jan 2022 11:26:40 -0500 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1n3hCY-0000ff-Sg; Sat, 01 Jan 2022 16:25:52 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1n3hCT-0000eF-HB for openvpn-devel@lists.sourceforge.net; Sat, 01 Jan 2022 16:25:46 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=ZdsAb8qFiO4CaoHeLQ8bO2txX5APQT/wDHyWaDWv1P0=; b=b+0EAIQaMGKX7uordbSUpsw4Ak gKBBHPY/S2uG917YH9kGRjpCNNQv5hPhvVbCzT+hSi07QcG44Q6UcyI0Mmr7jVUXH9S9O+HQXPlJG UxzwV6l7qIUZmfiUA6f+eFSVefuT5+DVMXjl5ayWIEhAWq2Sj2EatxrPwn5KsrpHUlzY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=ZdsAb8qFiO4CaoHeLQ8bO2txX5APQT/wDHyWaDWv1P0=; b=Uy02O/YzG6EjUW/ur0MeMvAVrz BhGNpV6/X0CBNS0Q2LdwcLMrBJ/BQ7wAtCR3ab0zjwcYGJp05kRZ4lly3710lbezNt92h2I4wTiSJ 1iCJmMyutKLBIAMm4bhPZyG3JpPlZ4o54BUFNqKXnYJwI3k2Xc9X6tUqUz9sGFS4Jbjw=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1n3hCT-00GV41-1t for openvpn-devel@lists.sourceforge.net; Sat, 01 Jan 2022 16:25:46 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1n3hCH-000FgY-Ob for openvpn-devel@lists.sourceforge.net; Sat, 01 Jan 2022 17:25:33 +0100 Received: (nullmailer pid 2251915 invoked by uid 10006); Sat, 01 Jan 2022 16:25:33 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Sat, 1 Jan 2022 17:25:31 +0100 Message-Id: <20220101162532.2251835-14-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220101162532.2251835-1-arne@rfc2549.org> References: <20220101162532.2251835-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Signed-off-by: Arne Schwabe --- src/openvpn/comp.c | 8 -------- src/openvpn/comp.h | 2 -- src/openvpn/forward.c | 4 ++-- src/openvpn/init.c | 39 +++ [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1n3hCT-00GV41-1t Subject: [Openvpn-devel] [PATCH v3 13/14] Remove frame->link_mtu X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Signed-off-by: Arne Schwabe --- src/openvpn/comp.c | 8 -------- src/openvpn/comp.h | 2 -- src/openvpn/forward.c | 4 ++-- src/openvpn/init.c | 39 +++------------------------------------ src/openvpn/mtu.c | 26 -------------------------- src/openvpn/mtu.h | 22 ---------------------- src/openvpn/ssl.c | 9 --------- 7 files changed, 5 insertions(+), 105 deletions(-) diff --git a/src/openvpn/comp.c b/src/openvpn/comp.c index ad49b00b..2d89e944 100644 --- a/src/openvpn/comp.c +++ b/src/openvpn/comp.c @@ -123,14 +123,6 @@ comp_add_to_extra_frame(struct frame *frame) frame_add_to_extra_frame(frame, COMP_PREFIX_LEN); } -void -comp_add_to_extra_buffer(struct frame *frame) -{ - /* Leave room for compression buffer to expand in worst case scenario - * where data is totally incompressible */ - frame_add_to_extra_buffer(frame, COMP_EXTRA_BUFFER(EXPANDED_SIZE(frame))); -} - void comp_print_stats(const struct compress_context *compctx, struct status_output *so) { diff --git a/src/openvpn/comp.h b/src/openvpn/comp.h index 0d284e27..e42fc144 100644 --- a/src/openvpn/comp.h +++ b/src/openvpn/comp.h @@ -178,8 +178,6 @@ void comp_uninit(struct compress_context *compctx); void comp_add_to_extra_frame(struct frame *frame); -void comp_add_to_extra_buffer(struct frame *frame); - void comp_print_stats(const struct compress_context *compctx, struct status_output *so); void comp_generate_peer_info_string(const struct compress_options *opt, struct buffer *out); diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 5f8361d3..b6e9eabb 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1544,7 +1544,7 @@ process_outgoing_link(struct context *c) perf_push(PERF_PROC_OUT_LINK); - if (c->c2.to_link.len > 0 && c->c2.to_link.len <= EXPANDED_SIZE(&c->c2.frame)) + if (c->c2.to_link.len > 0 && c->c2.to_link.len <= c->c2.frame.buf.payload_size) { /* * Setup for call to send/sendto which will send @@ -1672,7 +1672,7 @@ process_outgoing_link(struct context *c) msg(D_LINK_ERRORS, "TCP/UDP packet too large on write to %s (tried=%d,max=%d)", print_link_socket_actual(c->c2.to_link_addr, &gc), c->c2.to_link.len, - EXPANDED_SIZE(&c->c2.frame)); + c->c2.frame.buf.payload_size); } } diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 4e81016b..2baa3c4f 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2204,24 +2204,6 @@ pull_permission_mask(const struct context *c) return flags; } -static -void adjust_mtu_peerid(struct context *c) -{ - frame_add_to_extra_frame(&c->c2.frame, 3); /* peer-id overhead */ - if (!c->options.ce.link_mtu_defined) - { - frame_add_to_link_mtu(&c->c2.frame, 3); - msg(D_PUSH, "OPTIONS IMPORT: adjusting link_mtu to %d", - EXPANDED_SIZE(&c->c2.frame)); - } - else - { - msg(M_WARN, "OPTIONS IMPORT: WARNING: peer-id set, but link-mtu" - " fixed by config - reducing tun-mtu to %d, expect" - " MTU problems", c->c2.frame.tun_mtu); - } -} - static bool do_deferred_p2p_ncp(struct context *c) { @@ -2230,11 +2212,6 @@ do_deferred_p2p_ncp(struct context *c) return true; } - if (c->c2.tls_multi->use_peer_id) - { - adjust_mtu_peerid(c); - } - struct tls_session *session = &c->c2.tls_multi->session[TM_ACTIVE]; const char *ncp_cipher = get_p2p_ncp_cipher(session, c->c2.tls_multi->peer_info, @@ -2356,7 +2333,6 @@ do_deferred_options(struct context *c, const unsigned int found) msg(D_PUSH, "OPTIONS IMPORT: peer-id set"); c->c2.tls_multi->use_peer_id = true; c->c2.tls_multi->peer_id = c->options.peer_id; - adjust_mtu_peerid(c); } /* process (potentially pushed) crypto options */ @@ -2589,14 +2565,6 @@ frame_finalize_options(struct context *c, const struct options *o) frame->buf.payload_size = payload_size; frame->buf.headroom = headroom; frame->buf.tailroom = tailroom; - - /* Kept to still update/calculate the other fields for now */ - frame_finalize(frame, - o->ce.link_mtu_defined, - o->ce.link_mtu, - o->ce.tun_mtu_defined, - o->ce.tun_mtu); - } /* @@ -3104,8 +3072,8 @@ do_init_frame_tls(struct context *c) if (c->c2.tls_multi) { tls_multi_init_finalize(c->c2.tls_multi, &c->c2.frame); - ASSERT(EXPANDED_SIZE(&c->c2.tls_multi->opt.frame) <= - EXPANDED_SIZE(&c->c2.frame)); + ASSERT(c->c2.tls_multi->opt.frame.buf.payload_size <= + c->c2.frame.buf.payload_size); frame_print(&c->c2.tls_multi->opt.frame, D_MTU_INFO, "Control Channel MTU parms"); } @@ -3197,9 +3165,8 @@ do_init_frame(struct context *c) * Modify frame parameters if compression is compiled in. * Should be called after frame_finalize_options. */ - comp_add_to_extra_buffer(&c->c2.frame); #ifdef ENABLE_FRAGMENT - comp_add_to_extra_buffer(&c->c2.frame_fragment_omit); /* omit compression frame delta from final frame_fragment */ + /*TODO:frame comp_add_to_extra_buffer(&c->c2.frame_fragment_omit); omit compression frame delta from final frame_fragment */ #endif #endif /* USE_COMP */ diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 0bcfbfd1..986cae47 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -205,31 +205,6 @@ calc_options_string_link_mtu(const struct options *o, const struct frame *frame) return payload + overhead; } -void -frame_finalize(struct frame *frame, - bool link_mtu_defined, - int link_mtu, - bool tun_mtu_defined, - int tun_mtu) -{ - /* Set link_mtu based on command line options */ - if (tun_mtu_defined) - { - ASSERT(!link_mtu_defined); - frame->link_mtu = tun_mtu + TUN_LINK_DELTA(frame); - } - else - { - ASSERT(link_mtu_defined); - frame->link_mtu = link_mtu; - } - - if (TUN_MTU_SIZE(frame) < TUN_MTU_MIN) - { - msg(M_WARN, "TUN MTU value (%d) must be at least %d", TUN_MTU_SIZE(frame), TUN_MTU_MIN); - frame_print(frame, M_FATAL, "MTU is too small"); - } -} /* * Move extra_frame octets into extra_tun. Used by fragmenting code * to adjust frame relative to its position in the buffer processing @@ -262,7 +237,6 @@ frame_print(const struct frame *frame, buf_printf(&out, " headroom:%d", frame->buf.headroom); buf_printf(&out, " payload:%d", frame->buf.payload_size); buf_printf(&out, " tailroom:%d", frame->buf.tailroom); - buf_printf(&out, " L:%d", frame->link_mtu); buf_printf(&out, " EF:%d", frame->extra_frame); buf_printf(&out, " EB:%d", frame->extra_buffer); buf_printf(&out, " ET:%d", frame->extra_tun); diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h index c6eca864..3e4dfb6d 100644 --- a/src/openvpn/mtu.h +++ b/src/openvpn/mtu.h @@ -110,9 +110,6 @@ struct frame { * decryption/encryption or compression. */ } buf; - int link_mtu; /**< Maximum packet size to be sent over - * the external network interface. */ - unsigned int mss_fix; /**< The actual MSS value that should be * written to the payload packets. This * is the value for IPv4 TCP packets. For @@ -189,13 +186,6 @@ struct options; */ #define PAYLOAD_SIZE(f) ((f)->buf.payload_size) -/* - * Max size of a payload packet after encryption, compression, etc. - * overhead is added. - */ -#define EXPANDED_SIZE(f) ((f)->link_mtu) -#define EXPANDED_SIZE_MIN(f) (TUN_MTU_MIN + TUN_LINK_DELTA(f)) - /* * Control buffer headroom allocations to allow for efficient prepending. */ @@ -218,12 +208,6 @@ struct options; * Function prototypes. */ -void frame_finalize(struct frame *frame, - bool link_mtu_defined, - int link_mtu, - bool tun_mtu_defined, - int tun_mtu); - void frame_subtract_extra(struct frame *frame, const struct frame *src); void frame_print(const struct frame *frame, @@ -347,12 +331,6 @@ const char *format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc); * frame member adjustment functions */ -static inline void -frame_add_to_link_mtu(struct frame *frame, const int increment) -{ - frame->link_mtu += increment; -} - static inline void frame_add_to_extra_frame(struct frame *frame, const unsigned int increment) { diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 091f40eb..5b6db4e5 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -320,17 +320,11 @@ tls_init_control_channel_frame_parameters(const struct frame *data_channel_frame * if --tls-auth is enabled. */ - /* inherit link MTU and extra_link from data channel */ - frame->link_mtu = data_channel_frame->link_mtu; - /* set extra_frame */ tls_adjust_frame_parameters(frame); reliable_ack_adjust_frame_parameters(frame, CONTROL_SEND_ACK_MAX); frame_add_to_extra_frame(frame, SID_SIZE + sizeof(packet_id_type)); - /* set dynamic link MTU to cap control channel packets at 1250 bytes */ - ASSERT(TUN_LINK_DELTA(frame) < min_int(frame->link_mtu, 1250)); - /* calculate the maximum overhead that control channel frames may have */ int overhead = 0; @@ -1923,9 +1917,6 @@ tls_session_update_crypto_params_do_work(struct tls_session *session, if (frame_fragment) { - frame_remove_from_extra_frame(frame_fragment, crypto_max_overhead()); - crypto_adjust_frame_parameters(frame_fragment, &session->opt->key_type, - options->replay, packet_id_long_form); frame_calculate_dynamic(frame_fragment, &session->opt->key_type, options, lsi); frame_print(frame_fragment, D_MTU_INFO, "Fragmentation MTU parms"); }