From patchwork Tue Dec 7 06:01:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2139 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.31.255.6]) by backend41.mail.ord1d.rsapps.net with LMTP id nZjTCNaTr2FYUwAAqwncew (envelope-from ) for ; Tue, 07 Dec 2021 12:03:18 -0500 Received: from proxy1.mail.iad3b.rsapps.net ([172.31.255.6]) by director13.mail.ord1d.rsapps.net with LMTP id eFGdJdaTr2HzAwAA91zNiA (envelope-from ) for ; Tue, 07 Dec 2021 12:03:18 -0500 Received: from smtp12.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy1.mail.iad3b.rsapps.net with LMTPS id AGw6HdaTr2E4eQAALM5PBw (envelope-from ) for ; Tue, 07 Dec 2021 12:03:18 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp12.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 92de9840-577f-11ec-9fda-525400ae1f9d-1-1 Received: from [216.105.38.7] ([216.105.38.7:43546] helo=lists.sourceforge.net) by smtp12.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 8E/E5-08585-6D39FA16; Tue, 07 Dec 2021 12:03:18 -0500 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1mudrJ-0002qQ-VL; Tue, 07 Dec 2021 17:02:29 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mudrF-0002ob-6c for openvpn-devel@lists.sourceforge.net; Tue, 07 Dec 2021 17:02:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=CYyxkjOg77dm17a9GJdKWPJjKn5yGacQ2RL+/ndxmM4=; b=bNG3GpBGp8BEoOu9st+UzCM8sl WuLzDItdZliy/b1CWmEEzibCrET6oxWrymdukEYX5fes9FaRqktTOTmh3RRvZasgMx+TL8qxKph3G OEfBO2Vbzb1YhRf5GNDiGnKayqATqzMUPWBN7uylwzE4RgXL/sESAp+qYG8VlFGDLXPk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=CYyxkjOg77dm17a9GJdKWPJjKn5yGacQ2RL+/ndxmM4=; b=M kPCC83MUwV3sjgIXoRxRHIA34b/xSY65CgGHUnHiXNELz6CLl3P2P/7cImZg91QprGJMBfMfulEp6 ZTOBHb5p6aIWcEIsjyU3iriYW7Jn2GRw2mBcS+bCHmXAQP+MFLrG3NqvjGBmDyjyowI/vFAJR7v9Y vEgkIiXuVNMjBigc=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mudrD-0006Mm-Os for openvpn-devel@lists.sourceforge.net; Tue, 07 Dec 2021 17:02:25 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1mudr1-000Idb-5p for openvpn-devel@lists.sourceforge.net; Tue, 07 Dec 2021 18:02:11 +0100 Received: (nullmailer pid 3275883 invoked by uid 10006); Tue, 07 Dec 2021 17:02:11 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 7 Dec 2021 18:01:50 +0100 Message-Id: <20211207170211.3275837-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This patchset refactores a lot of the buffer related code. It mainly uses the approach of simplifying the buffer sizes by always allocating buffers with worst case overhead instead of trying a save < [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1mudrD-0006Mm-Os Subject: [Openvpn-devel] [PATCH 00/21] Big buffer/frame refactoring patch set X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This patchset refactores a lot of the buffer related code. It mainly uses the approach of simplifying the buffer sizes by always allocating buffers with worst case overhead instead of trying a save < 100 bytes and complicating the code. It also moves to central functions that calculate the various overheads from the small little functions scattered all over the source code. And last but not least, this patch set also corrects the MSS and fragment size calculation to take into account the real overhead that is present after NCP. It also adds a a 'mtu' keyword to both options so the desired real outer packet can be specified. The patchset also deprecates link-mtu as this options is no longer working well as intended since neither encryption/authentication overhead is fixed (NCP) nor is the encapsulation overhead constant (IPv4 vs IPv6) and link-mtu basically assumes that the overhead is constant. This patchset needs the "Cleanup crypto and use string isntead internal types" patch set applied first or will have conflicts. Arne Schwabe (21): Remove max_size from buffer_list_new Deprecate link-mtu Remove align_adjust frame code Fix triggering assertion of ks->authticated after tls_deauthenticate Document frame related function and variables a bit more Remove post_open_mtu code Add helper functions to calculate header/payload sizes Decouple MSS fix calculation from frame calculation Rework occ link-mtu calculation Change buffer allocation calculation and checks to be more static Remove pointless do_init_frame_tls function Fix datagram_overhead and assorted functions Implement optional mtu parameter for mssfix Add mtu paramter to --fragment and change fragment calculation Update fragment and mssfix related warnings Remove link_mtu parameter when running up/down scripts Use new frame header methods to calculate OCC_MTU_LOAD payload size Remove extra_link from frame Replace TUN_MTU_SIZE with frame->tun_mtu Remove frame->link_mtu Remove frame.extra_frame and frame.extra_buffer Changes.rst | 9 + doc/man-sections/link-options.rst | 42 ++-- src/openvpn/buffer.c | 7 +- src/openvpn/buffer.h | 4 +- src/openvpn/comp-lz4.c | 4 +- src/openvpn/comp.c | 15 -- src/openvpn/comp.h | 4 - src/openvpn/crypto.c | 64 ++++-- src/openvpn/crypto.h | 23 +- src/openvpn/forward.c | 32 +-- src/openvpn/fragment.c | 9 +- src/openvpn/init.c | 302 +++++++++++-------------- src/openvpn/init.h | 2 +- src/openvpn/lzo.c | 2 +- src/openvpn/manage.c | 4 +- src/openvpn/mss.c | 154 +++++++++++++ src/openvpn/mss.h | 14 ++ src/openvpn/mtu.c | 179 +++++++++------ src/openvpn/mtu.h | 253 ++++++++++----------- src/openvpn/multi.c | 7 +- src/openvpn/multi.h | 2 +- src/openvpn/occ.c | 34 ++- src/openvpn/options.c | 82 ++----- src/openvpn/options.h | 7 +- src/openvpn/ping.c | 2 +- src/openvpn/proto.h | 11 - src/openvpn/reliable.c | 7 - src/openvpn/reliable.h | 3 - src/openvpn/socket.c | 34 +-- src/openvpn/socket.h | 19 +- src/openvpn/socks.c | 11 +- src/openvpn/socks.h | 2 - src/openvpn/ssl.c | 99 ++++---- src/openvpn/ssl.h | 10 +- src/openvpn/ssl_common.h | 3 +- src/openvpn/tls_crypt.c | 10 - src/openvpn/tls_crypt.h | 5 - src/openvpn/tun.c | 1 - src/openvpn/tun.h | 4 - src/openvpn/win32.c | 2 +- tests/unit_tests/openvpn/Makefile.am | 6 +- tests/unit_tests/openvpn/test_buffer.c | 22 +- tests/unit_tests/openvpn/test_crypto.c | 128 ++++++++++- tests/unit_tests/openvpn/test_misc.c | 1 + 44 files changed, 900 insertions(+), 735 deletions(-)