[Openvpn-devel] Fix incorrect default mssfix value in server mode

Message ID 20220301135054.277-1-lstipakov@gmail.com
State Accepted
Headers show
Series
  • [Openvpn-devel] Fix incorrect default mssfix value in server mode
Related show

Commit Message

Lev Stipakov March 1, 2022, 1:50 p.m.
From: Lev Stipakov <lev@openvpn.net>

When calculating default mssfix, we take into account
protocol overhead, which usually includes 3 bytes peer-id.

Peer-id usage is indicated by options->use_peer_id flag.
In client mode it is set when applying pushed options.
In server mode  it is not set and as a result mssfix value
is 3 bytes off.

Fix by setting this flag in multi.c when calculating
tunnel-specific options.

Signed-off-by: Lev Stipakov <lev@openvpn.net>
---
 src/openvpn/multi.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Arne Schwabe March 3, 2022, 2:08 p.m. | #1
Am 01.03.22 um 14:50 schrieb Lev Stipakov:
> From: Lev Stipakov <lev@openvpn.net>
> 
> When calculating default mssfix, we take into account
> protocol overhead, which usually includes 3 bytes peer-id.
> 
> Peer-id usage is indicated by options->use_peer_id flag.
> In client mode it is set when applying pushed options.
> In server mode  it is not set and as a result mssfix value
> is 3 bytes off.
> 
> Fix by setting this flag in multi.c when calculating
> tunnel-specific options.

Acked-By: Arne Schwabe <arne@rfc2549.org>

This fixes the issue at hand. It would be better to refactor the whole 
peerid in use signalling eventually but this is good enough for now.

Arne
Gert Doering March 17, 2022, 12:53 p.m. | #2
Thanks for the band-aid :-) - I have not tested this, trusting you and
Arne to have sufficiently tested this in the context of Win-DCO MSS
handling (as a side note, patches against a tree with "dco_enabled(o)"
in their context do not fit "master without DCO" easily ;-) ).

Your patch has been applied to the master branch.

commit 7a50f5f633ca179214d102806c582de9a076ec8a
Author: Lev Stipakov
Date:   Tue Mar 1 15:50:54 2022 +0200

     Fix incorrect default mssfix value in server mode

     Signed-off-by: Lev Stipakov <lev@openvpn.net>
     Acked-by: Arne Schwabe <arne@rfc2549.org>
     Message-Id: <20220301135054.277-1-lstipakov@gmail.com>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23896.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index d8d44f96..ea19c539 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -1772,6 +1772,7 @@  multi_client_set_protocol_options(struct context *c)
     if (proto & IV_PROTO_DATA_V2)
     {
         tls_multi->use_peer_id = true;
+        o->use_peer_id = true;
     }
     else if (dco_enabled(o))
     {