[Openvpn-devel,v3,01/14] Deprecate link-mtu

Message ID 20220101162532.2251835-2-arne@rfc2549.org
State Accepted
Headers show
Series Big buffer/frame refactoring patch set v3 | expand

Commit Message

Arne Schwabe Jan. 1, 2022, 5:25 a.m. UTC
This options might have been useful in the past but nowadays it has a very
unclear semantics, so better remove/deprecate it.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
 doc/man-sections/link-options.rst | 7 ++++++-
 src/openvpn/options.c             | 4 +---
 2 files changed, 7 insertions(+), 4 deletions(-)


Gert Doering Jan. 27, 2022, 6:13 a.m. UTC | #1
Acked-by: Gert Doering <gert@greenie.muc.de>

The change is mostly documentation, and it makes sense, for the reasons
given.  The actual code change just reduces the connection between
--ifconfig and --link-mtu, which is confusing at best.

Have not tested beyond a simple compile check.

(For reference: this was 02/21 in v2 of the patchset, and did not see 
an ACK there)

Your patch has been applied to the master branch.

commit 29453c37c1f3aa420a894996dd7be4a4f8393c5a
Author: Arne Schwabe
Date:   Sat Jan 1 17:25:19 2022 +0100

     Deprecate link-mtu

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20220101162532.2251835-2-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23496.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>

kind regards,

Gert Doering


diff --git a/doc/man-sections/link-options.rst b/doc/man-sections/link-options.rst
index 32e72a1b..b1ae4e75 100644
--- a/doc/man-sections/link-options.rst
+++ b/doc/man-sections/link-options.rst
@@ -82,10 +82,15 @@  the local and the remote host.
          ping-restart 60            # Argument: timeout
 --link-mtu n
-  Sets an upper bound on the size of UDP packets which are sent between
+  **DEPRECATED** Sets an upper bound on the size of UDP packets which are sent between
   OpenVPN peers. *It's best not to set this parameter unless you know what
   you're doing.*
+  Due to variable header size of IP header (20 bytes for IPv4 and 40 bytes
+  for IPv6) and dynamically negotiated data channel cipher, this option
+  is not reliable. It is recommended to set tun-mtu with enough headroom
+  instead.
 --local host
   Local host name or IP address for bind. If specified, OpenVPN will bind
   to this address only. If unspecified, OpenVPN will bind to all
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 0529c141..2ca24685 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2111,9 +2111,7 @@  options_postprocess_verify_ce(const struct options *options,
     if (options->ce.tun_mtu_defined && options->ce.link_mtu_defined)
-        msg(M_USAGE,
-            "only one of --tun-mtu or --link-mtu may be defined (note that "
-            "--ifconfig implies --link-mtu %d)", LINK_MTU_DEFAULT);
+        msg(M_USAGE, "only one of --tun-mtu or --link-mtu may be defined");
     if (!proto_is_udp(ce->proto) && options->mtu_test)