From patchwork Tue Dec 7 06:02:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2137 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.31.255.6]) by backend41.mail.ord1d.rsapps.net with LMTP id wPYTA9STr2FAUwAAqwncew (envelope-from ) for ; Tue, 07 Dec 2021 12:03:16 -0500 Received: from proxy20.mail.iad3b.rsapps.net ([172.31.255.6]) by director9.mail.ord1d.rsapps.net with LMTP id qIRJINSTr2GmYAAAalYnBA (envelope-from ) for ; Tue, 07 Dec 2021 12:03:16 -0500 Received: from smtp12.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy20.mail.iad3b.rsapps.net with LMTPS id ePjkGNSTr2GuKgAAcDxLoQ (envelope-from ) for ; Tue, 07 Dec 2021 12:03:16 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp12.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 9163f49c-577f-11ec-9fda-525400ae1f9d-1-1 Received: from [216.105.38.7] ([216.105.38.7:43486] helo=lists.sourceforge.net) by smtp12.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id B6/E5-08585-3D39FA16; Tue, 07 Dec 2021 12:03:16 -0500 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1mudrJ-0002qF-Of; Tue, 07 Dec 2021 17:02:29 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mudrB-0002nT-Ke for openvpn-devel@lists.sourceforge.net; Tue, 07 Dec 2021 17:02:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=tgKButuHNxVJ73xY2LOxtX23OFYp33UkI/UnrTEsgz4=; b=JffF+txT9M4RHf7BNVrV9EFqLf G2blqvob3NgXYVQzKIdj1rNIQ6RJDmXqi09xD32znQ0JNTK6y0tDDVuXRCwicWqTvLwCQxWb1LhOW SSWk8SgjeBtarqS2JT8VHrjE42PjbYZFKHlMXlfLwCEn2foaJhy/ubQ3LNNXNI5pY+Pw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=tgKButuHNxVJ73xY2LOxtX23OFYp33UkI/UnrTEsgz4=; b=F0VjiVy4j/dw4PZNqYeVi7R2wg 0Jj/cQ8EPOeBvhBXouYQIRchaWHm9BNGBx7M0V6M0RZnG6MaktcJoEHFk04wBo4z14eXqbxmBAi6n Ai0MZJmlk3DCD+yGOLUqwvTmQwJOo1YDGc7c01kMxPzxPb8rkvI4xZzcMxaOMLK/hf+A=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mudrA-007aKJ-06 for openvpn-devel@lists.sourceforge.net; Tue, 07 Dec 2021 17:02:21 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1mudr3-000Iec-16 for openvpn-devel@lists.sourceforge.net; Tue, 07 Dec 2021 18:02:13 +0100 Received: (nullmailer pid 3275948 invoked by uid 10006); Tue, 07 Dec 2021 17:02:13 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 7 Dec 2021 18:02:11 +0100 Message-Id: <20211207170211.3275837-22-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211207170211.3275837-1-arne@rfc2549.org> References: <20211207170211.3275837-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Signed-off-by: Arne Schwabe --- src/openvpn/comp.c | 7 ------ src/openvpn/comp.h | 2 -- src/openvpn/crypto.c | 37 src/openvpn/crypto.h | 7 ------ src/ope [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1mudrA-007aKJ-06 Subject: [Openvpn-devel] [PATCH 21/21] Remove frame.extra_frame and frame.extra_buffer X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Signed-off-by: Arne Schwabe --- src/openvpn/comp.c | 7 ------ src/openvpn/comp.h | 2 -- src/openvpn/crypto.c | 37 --------------------------- src/openvpn/crypto.h | 7 ------ src/openvpn/fragment.c | 3 --- src/openvpn/init.c | 56 ----------------------------------------- src/openvpn/mtu.c | 14 ----------- src/openvpn/mtu.h | 42 ++----------------------------- src/openvpn/reliable.c | 7 ------ src/openvpn/reliable.h | 3 --- src/openvpn/socket.c | 10 -------- src/openvpn/socket.h | 2 -- src/openvpn/ssl.c | 21 ---------------- src/openvpn/ssl.h | 5 ---- src/openvpn/tls_crypt.c | 10 -------- src/openvpn/tls_crypt.h | 5 ---- 16 files changed, 2 insertions(+), 229 deletions(-) diff --git a/src/openvpn/comp.c b/src/openvpn/comp.c index 2d89e944d..33bf21a7a 100644 --- a/src/openvpn/comp.c +++ b/src/openvpn/comp.c @@ -116,13 +116,6 @@ comp_uninit(struct compress_context *compctx) } } -void -comp_add_to_extra_frame(struct frame *frame) -{ - /* Leave room for our one-byte compressed/didn't-compress prefix byte. */ - frame_add_to_extra_frame(frame, COMP_PREFIX_LEN); -} - void comp_print_stats(const struct compress_context *compctx, struct status_output *so) { diff --git a/src/openvpn/comp.h b/src/openvpn/comp.h index e42fc144f..d059d6cd3 100644 --- a/src/openvpn/comp.h +++ b/src/openvpn/comp.h @@ -176,8 +176,6 @@ struct compress_context *comp_init(const struct compress_options *opt); void comp_uninit(struct compress_context *compctx); -void comp_add_to_extra_frame(struct frame *frame); - void comp_print_stats(const struct compress_context *compctx, struct status_output *so); void comp_generate_peer_info_string(const struct compress_options *opt, struct buffer *out); diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index b4b8ca54b..f4f23427b 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -722,43 +722,6 @@ calculate_crypto_overhead(const struct key_type *kt, return crypto_overhead; } -void -crypto_adjust_frame_parameters(struct frame *frame, - const struct key_type *kt, - bool packet_id, - bool packet_id_long_form) -{ - unsigned int crypto_overhead = 0; - - if (packet_id) - { - crypto_overhead += packet_id_size(packet_id_long_form); - } - - if (cipher_defined(kt->cipher)) - { - crypto_overhead += cipher_kt_iv_size(kt->cipher); - - if (cipher_kt_mode_aead(kt->cipher)) - { - crypto_overhead += cipher_kt_tag_size(kt->cipher); - } - - /* extra block required by cipher_ctx_update() */ - crypto_overhead += cipher_kt_block_size(kt->cipher); - } - - if (md_defined(kt->digest)) - { - crypto_overhead += md_kt_size(kt->digest); - } - - frame_add_to_extra_frame(frame, crypto_overhead); - - msg(D_MTU_DEBUG, "%s: Adjusting frame parameters for crypto by %u bytes", - __func__, crypto_overhead); -} - unsigned int crypto_max_overhead(void) { diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 5a67b7ac1..b039c3b6b 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -408,13 +408,6 @@ bool crypto_check_replay(struct crypto_options *opt, const struct packet_id_net *pin, const char *error_prefix, struct gc_arena *gc); - -/** Calculate crypto overhead and adjust frame to account for that */ -void crypto_adjust_frame_parameters(struct frame *frame, - const struct key_type *kt, - bool packet_id, - bool packet_id_long_form); - /** Calculate the maximum overhead that our encryption has * on a packet. This does not include needed additional buffer size * diff --git a/src/openvpn/fragment.c b/src/openvpn/fragment.c index ce8cd3489..eb90dcacb 100644 --- a/src/openvpn/fragment.c +++ b/src/openvpn/fragment.c @@ -96,9 +96,6 @@ fragment_init(struct frame *frame) * fragment_master assume an initial CLEAR */ ALLOC_OBJ_CLEAR(ret, struct fragment_master); - /* add in the size of our contribution to the expanded frame size */ - frame_add_to_extra_frame(frame, sizeof(fragment_header_type)); - /* * Outgoing sequence ID is randomized to reduce * the probability of sequence number collisions diff --git a/src/openvpn/init.c b/src/openvpn/init.c index abdf6aaf3..d157bb07e 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2594,10 +2594,6 @@ do_init_crypto_static(struct context *c, const unsigned int flags) /* Get key schedule */ c->c2.crypto_options.key_ctx_bi = c->c1.ks.static_key; - /* Compute MTU parameters */ - crypto_adjust_frame_parameters(&c->c2.frame, &c->c1.ks.key_type, - options->replay, true); - /* Sanity check on sequence number, and cipher mode options */ check_replay_consistency(&c->c1.ks.key_type, options->replay); } @@ -2789,19 +2785,6 @@ do_init_crypto_tls(struct context *c, const unsigned int flags) /* In short form, unique datagram identifier is 32 bits, in long form 64 bits */ packet_id_long_form = cipher_kt_mode_ofb_cfb(c->c1.ks.key_type.cipher); - /* Compute MTU parameters (postpone if we push/pull options) */ - if (c->options.pull || c->options.mode == MODE_SERVER) - { - /* Account for worst-case crypto overhead before allocating buffers */ - frame_add_to_extra_frame(&c->c2.frame, crypto_max_overhead()); - } - else - { - crypto_adjust_frame_parameters(&c->c2.frame, &c->c1.ks.key_type, - options->replay, packet_id_long_form); - } - tls_adjust_frame_parameters(&c->c2.frame); - /* Set all command-line TLS-related options */ CLEAR(to); @@ -2954,8 +2937,6 @@ do_init_crypto_tls(struct context *c, const unsigned int flags) to.tls_wrap.opt.key_ctx_bi = c->c1.ks.tls_wrap_key; to.tls_wrap.opt.pid_persist = &c->c1.pid_persist; to.tls_wrap.opt.flags |= CO_PACKET_ID_LONG_FORM; - crypto_adjust_frame_parameters(&to.frame, &c->c1.ks.tls_auth_key_type, - true, true); } /* TLS handshake encryption (--tls-crypt) */ @@ -2966,7 +2947,6 @@ do_init_crypto_tls(struct context *c, const unsigned int flags) to.tls_wrap.opt.key_ctx_bi = c->c1.ks.tls_wrap_key; to.tls_wrap.opt.pid_persist = &c->c1.pid_persist; to.tls_wrap.opt.flags |= CO_PACKET_ID_LONG_FORM; - tls_crypt_adjust_frame_parameters(&to.frame); if (options->ce.tls_crypt_v2_file) { @@ -2984,10 +2964,6 @@ do_init_crypto_tls(struct context *c, const unsigned int flags) } } - /* If we are running over TCP, allow for - * length prefix */ - socket_adjust_frame_parameters(&to.frame, options->ce.proto); - /* * Initialize OpenVPN's master TLS-mode object. */ @@ -3061,20 +3037,6 @@ do_init_crypto(struct context *c, const unsigned int flags) static void do_init_frame(struct context *c) { -#ifdef USE_COMP - /* - * modify frame parameters if compression is enabled - */ - if (comp_enabled(&c->options.comp)) - { - comp_add_to_extra_frame(&c->c2.frame); - -#ifdef ENABLE_FRAGMENT - comp_add_to_extra_frame(&c->c2.frame_fragment_omit); /* omit compression frame delta from final frame_fragment */ -#endif - } -#endif /* USE_COMP */ - /* * Adjust frame size based on the --tun-mtu-extra parameter. */ @@ -3083,29 +3045,12 @@ do_init_frame(struct context *c) frame_add_to_extra_tun(&c->c2.frame, c->options.ce.tun_mtu_extra); } - /* - * Adjust frame size based on link socket parameters. - * (Since TCP is a stream protocol, we need to insert - * a packet length uint16_t in the buffer.) - */ - socket_adjust_frame_parameters(&c->c2.frame, c->options.ce.proto); - /* * Fill in the blanks in the frame parameters structure, * make sure values are rational, etc. */ frame_finalize_options(c, NULL); -#ifdef USE_COMP - /* - * Modify frame parameters if compression is compiled in. - * Should be called after frame_finalize_options. - */ -#ifdef ENABLE_FRAGMENT - /*TODO:frame comp_add_to_extra_buffer(&c->c2.frame_fragment_omit); omit compression frame delta from final frame_fragment */ -#endif -#endif /* USE_COMP */ - #ifdef ENABLE_FRAGMENT /* * Set frame parameter for fragment code. This is necessary because @@ -3113,7 +3058,6 @@ do_init_frame(struct context *c) * passed through the compression code. */ c->c2.frame_fragment = c->c2.frame; - frame_subtract_extra(&c->c2.frame_fragment, &c->c2.frame_fragment_omit); c->c2.frame_fragment_initial = c->c2.frame_fragment; #endif diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index eb823165a..3783e5315 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -179,18 +179,6 @@ calc_options_string_link_mtu(const struct options *o, const struct frame *frame) return payload + overhead; } -/* - * Move extra_frame octets into extra_tun. Used by fragmenting code - * to adjust frame relative to its position in the buffer processing - * queue. - */ -void -frame_subtract_extra(struct frame *frame, const struct frame *src) -{ - frame->extra_frame -= src->extra_frame; - frame->extra_tun += src->extra_frame; -} - void frame_print(const struct frame *frame, int level, @@ -211,8 +199,6 @@ frame_print(const struct frame *frame, buf_printf(&out, " headroom:%d", frame->buf.headroom); buf_printf(&out, " payload:%d", frame->buf.payload_size); buf_printf(&out, " tailroom:%d", frame->buf.tailroom); - buf_printf(&out, " EF:%d", frame->extra_frame); - buf_printf(&out, " EB:%d", frame->extra_buffer); buf_printf(&out, " ET:%d", frame->extra_tun); buf_printf(&out, " ]"); diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h index 72cf80917..d9a0752e6 100644 --- a/src/openvpn/mtu.h +++ b/src/openvpn/mtu.h @@ -123,13 +123,6 @@ struct frame { * size that can be send in a single fragment */ - int extra_frame; /**< Maximum number of bytes that all - * processing steps together could add. - * @code - * frame.link_mtu = "socket MTU" - extra_frame; - * @endcode - */ - int tun_mtu; /**< the (user) configured tun-mtu. This is used * in configuring the tun interface or * in calculations that use the desired size @@ -141,16 +134,6 @@ struct frame { * code ignores it) */ - int extra_buffer; /**< Maximum number of bytes that - * processing steps could expand the - * internal work buffer. - * - * This is used by the \link compression - * Data Channel Compression - * module\endlink to give enough working - * space for worst-case expansion of - * incompressible content. */ - int extra_tun; /**< Maximum number of bytes in excess of * the tun/tap MTU that might be read * from or written to the virtual @@ -196,16 +179,13 @@ struct options; * * Most of our code only prepends headers but compression needs the extra bytes * *after* the data as compressed data might end up larger than the original - * data (and max compression overhead is part of extra_buffer). Also crypto - * needs an extra block for encryption. Therefore tailroom is larger than the - * headroom. + * data. Also crypto needs an extra block for encryption. Therefore tailroom is + * larger than the headroom. */ #define BUF_SIZE(f) ((f)->buf.headroom + (f)->buf.payload_size + (f)->buf.tailroom) #define FRAME_HEADROOM(f) ((f)->buf.headroom) -void frame_subtract_extra(struct frame *frame, const struct frame *src); - void frame_print(const struct frame *frame, int level, const char *prefix); @@ -313,30 +293,12 @@ const char *format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc); * frame member adjustment functions */ -static inline void -frame_add_to_extra_frame(struct frame *frame, const unsigned int increment) -{ - frame->extra_frame += increment; -} - -static inline void -frame_remove_from_extra_frame(struct frame *frame, const unsigned int decrement) -{ - frame->extra_frame -= decrement; -} - static inline void frame_add_to_extra_tun(struct frame *frame, const int increment) { frame->extra_tun += increment; } -static inline void -frame_add_to_extra_buffer(struct frame *frame, const int increment) -{ - frame->extra_buffer += increment; -} - static inline bool frame_defined(const struct frame *frame) { diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c index 08c9ab192..6f9971010 100644 --- a/src/openvpn/reliable.c +++ b/src/openvpn/reliable.c @@ -253,13 +253,6 @@ error: return false; } -/* add to extra_frame the maximum number of bytes we will need for reliable_ack_write */ -void -reliable_ack_adjust_frame_parameters(struct frame *frame, int max) -{ - frame_add_to_extra_frame(frame, ACK_SIZE(max)); -} - /* print a reliable ACK record coming off the wire */ const char * reliable_ack_print(struct buffer *buf, bool verbose, struct gc_arena *gc) diff --git a/src/openvpn/reliable.h b/src/openvpn/reliable.h index 693abb3c7..cbd9cc8f1 100644 --- a/src/openvpn/reliable.h +++ b/src/openvpn/reliable.h @@ -207,9 +207,6 @@ void reliable_init(struct reliable *rel, int buf_size, int offset, int array_siz */ void reliable_free(struct reliable *rel); -/* add to extra_frame the maximum number of bytes we will need for reliable_ack_write */ -void reliable_ack_adjust_frame_parameters(struct frame *frame, int max); - /** @} name Functions for initialization and cleanup */ diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index fe1dfb315..93b857f01 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -2285,16 +2285,6 @@ link_socket_close(struct link_socket *sock) } } -/* for stream protocols, allow for packet length prefix */ -void -socket_adjust_frame_parameters(struct frame *frame, int proto) -{ - if (link_socket_proto_connection_oriented(proto)) - { - frame_add_to_extra_frame(frame, sizeof(packet_size_type)); - } -} - void setenv_trusted(struct env_set *es, const struct link_socket_info *info) { diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index a43ed80b5..2ad0e1b33 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -298,8 +298,6 @@ void link_socket_init_phase2(struct context *c); void do_preresolve(struct context *c); -void socket_adjust_frame_parameters(struct frame *frame, int proto); - void link_socket_close(struct link_socket *sock); void sd_close(socket_descriptor_t *sd); diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index bb1ff04cc..4012ebf15 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -295,18 +295,6 @@ tls_limit_reneg_bytes(const char *ciphername, int *reneg_bytes) } } -/* - * Max number of bytes we will add - * for data structures common to both - * data and control channel packets. - * (opcode only). - */ -void -tls_adjust_frame_parameters(struct frame *frame) -{ - frame_add_to_extra_frame(frame, 1); /* space for opcode */ -} - /* * Max number of bytes we will add * to control channel packet. @@ -320,11 +308,6 @@ tls_init_control_channel_frame_parameters(const struct frame *data_channel_frame * if --tls-auth is enabled. */ - /* set extra_frame */ - tls_adjust_frame_parameters(frame); - reliable_ack_adjust_frame_parameters(frame, CONTROL_SEND_ACK_MAX); - frame_add_to_extra_frame(frame, SID_SIZE + sizeof(packet_id_type)); - /* calculate the maximum overhead that control channel frames may have */ int overhead = 0; @@ -1900,10 +1883,6 @@ tls_session_update_crypto_params_do_work(struct tls_session *session, session->opt->crypto_flags |= CO_PACKET_ID_LONG_FORM; } - /* Update frame parameters: undo worst-case overhead, add actual overhead */ - frame_remove_from_extra_frame(frame, crypto_max_overhead()); - crypto_adjust_frame_parameters(frame, &session->opt->key_type, - options->replay, packet_id_long_form); frame_calculate_dynamic(frame, &session->opt->key_type, options, lsi); frame_print(frame, D_MTU_INFO, "Data Channel MTU parms"); diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index e566acd81..5e1c7a2a2 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -471,11 +471,6 @@ void ssl_put_auth_challenge(const char *cr_str); #endif -/* - * Reserve any extra space required on frames. - */ -void tls_adjust_frame_parameters(struct frame *frame); - /* * Send a payload over the TLS control channel */ diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 543e2afd0..26f8b8ddf 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -89,16 +89,6 @@ tls_crypt_init_key(struct key_ctx_bi *key, const char *key_file, "Control Channel Encryption", "tls-crypt"); } -void -tls_crypt_adjust_frame_parameters(struct frame *frame) -{ - frame_add_to_extra_frame(frame, tls_crypt_buf_overhead()); - - msg(D_MTU_DEBUG, "%s: Adjusting frame parameters for tls-crypt by %i bytes", - __func__, tls_crypt_buf_overhead()); -} - - bool tls_crypt_wrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt) diff --git a/src/openvpn/tls_crypt.h b/src/openvpn/tls_crypt.h index 81d0a10ee..928ff5475 100644 --- a/src/openvpn/tls_crypt.h +++ b/src/openvpn/tls_crypt.h @@ -123,11 +123,6 @@ void tls_crypt_init_key(struct key_ctx_bi *key, const char *key_file, */ int tls_crypt_buf_overhead(void); -/** - * Adjust frame parameters for --tls-crypt overhead. - */ -void tls_crypt_adjust_frame_parameters(struct frame *frame); - /** * Wrap a control channel packet (both authenticates and encrypts the data). *