From patchwork Tue Mar 1 02:50:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lev Stipakov X-Patchwork-Id: 2325 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id 8Fv3KsJtH2KBewAAqwncew (envelope-from ) for ; Wed, 02 Mar 2022 08:14:42 -0500 Received: from proxy1.mail.ord1d.rsapps.net ([172.30.191.6]) by director11.mail.ord1d.rsapps.net with LMTP id 0MRMN8JtH2LCFAAAvGGmqA (envelope-from ) for ; Wed, 02 Mar 2022 08:14:42 -0500 Received: from smtp34.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy1.mail.ord1d.rsapps.net with LMTPS id gGKqNsJtH2L5XAAAasrz9Q (envelope-from ) for ; Wed, 02 Mar 2022 08:14:42 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp34.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: b88b6cce-9a2a-11ec-ab74-5254008bd48f-1-1 Received: from [216.105.38.7] ([216.105.38.7:53028] helo=lists.sourceforge.net) by smtp34.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id A7/C4-02356-2CD6F126; Wed, 02 Mar 2022 08:14:42 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nPOnh-0000B5-1p; Wed, 02 Mar 2022 13:13:51 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nPOnf-0000Az-NW for openvpn-devel@lists.sourceforge.net; Wed, 02 Mar 2022 13:13:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=TjXGLqdnTtqtJSTP7vL30O3sSPryNj7gkSYyuiuLqVk=; b=QE8oKmf6MMhEdtXZtmCRHRsIBz qQMlsspu4iqI4T/q7hnlpdwlnWmmcmt77BX0dU7vXGmTyTZUvPxQ8X4CFYHjBatkJcvrD5WYOErd2 UHFxYudTjOd278RW4y7lJPrQ32kG4IY72vUOjPl57F0m7ZsPd85KySU4KOFbKNjFlKfU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=TjXGLqdnTtqtJSTP7vL30O3sSPryNj7gkSYyuiuLqVk=; b=PY6kbV6VR62mgoXgTiCv8j5PWH YtrEjj+YNhIVr78ppfgcRdaySIw7PzKFACRBR21xQGIGHxc4axURZF7hEbNmaMMdDNh8PQK/qKQY2 GCIFci44XuT590Dtgg8/HV81zNphYLAVdBSHEg5VpEpLMwZV5aUwwASrEdcaSGCeZFAo=; Received: from mail-wr1-f46.google.com ([209.85.221.46]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.94.2) id 1nPOnd-0004cg-Po for openvpn-devel@lists.sourceforge.net; Wed, 02 Mar 2022 13:13:50 +0000 Received: by mail-wr1-f46.google.com with SMTP id i8so2729860wrr.8 for ; Wed, 02 Mar 2022 05:13:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id; bh=TjXGLqdnTtqtJSTP7vL30O3sSPryNj7gkSYyuiuLqVk=; b=BbHPE+0rfIIvL9xDWaUN2vt5phptU1V5AytrHx34+ui/37tan99Wp+tbmld/XGolGp Rt/xdCfDv1mwxiykKuduvpivAbRrmtj9hMb+0nHidfKCVZu/tyU7QjoIVAAFn4euu5Hb c/sY/xTmBy3+tzmHlp8MG7qVlC/j76t4EJTOiY2NQG9vbcoPSAYqtbNCw8N2+6iK9tYZ lNa0N+/2eo+bYTPVi6pKUFDQBZzJ+xoHPlgCLHjWwF9BtWee6DYXq3dXfd4QsHGSsn9n nZm2BURADOyG0sJWlenvRlj5qLu8n6CjNLYUtPymVEh9WG2rhCpZ1qSxTWx9r+2F0uOE aTFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=TjXGLqdnTtqtJSTP7vL30O3sSPryNj7gkSYyuiuLqVk=; b=qNdnJDZMA1G5E03TIb/iBCA+GoX59RLOB3SESjQ0l/PP+4jYkBU6gJCC8/haFAR8Dz crwQqyvk6nMMYMN8j1q0XzhGb9ec9jSxrlWFr+MnMeCRhSt2/Zqn5cPnMvGgfAejcTJl /7qA5EjtNp8N/SjgFsgt76tQxhWRGG+Schon7M/S7U7IEMNqalNGKK+hvKudEQAebqas IkkxYMh77xPMTSd1rSFrZYtfiS9lEVVGPpY3ojBa6U6edaGm1YoCsmhcO2HmbUON9tdd 1BV+jGOVdgvCeun3q9MZgySVfmGX8WnpZtwfvv9y9mgtJs12FHgVUTfo4P5lRI4ZVlU9 iJHg== X-Gm-Message-State: AOAM530OzjSq0+wTTfbMOaWPGSDlZICwLnXmxIBcnqUf/paIBsgMNSHs rlbWm5paYmDoQn8z5b5SVYGwr8psZTyRWg== X-Google-Smtp-Source: ABdhPJzUPZmdy8z8oMy5zdz/SGn0JOPkQow5UXUTGMyKD3oy3w/6wB00ZrOguEyHm+12km21NxH7Sw== X-Received: by 2002:a5d:52c8:0:b0:1ed:e591:be70 with SMTP id r8-20020a5d52c8000000b001ede591be70mr22872378wrv.436.1646226822793; Wed, 02 Mar 2022 05:13:42 -0800 (PST) Received: from LAPTOP-4L3N7KFS.localdomain (nat2.panoulu.net. [185.38.2.2]) by smtp.gmail.com with ESMTPSA id z10-20020a056000110a00b001ea75c5c218sm16576898wrw.89.2022.03.02.05.13.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Mar 2022 05:13:42 -0800 (PST) From: Lev Stipakov To: openvpn-devel@lists.sourceforge.net Date: Tue, 1 Mar 2022 15:50:54 +0200 Message-Id: <20220301135054.277-1-lstipakov@gmail.com> X-Mailer: git-send-email 2.17.1 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Lev Stipakov When calculating default mssfix, we take into account protocol overhead, which usually includes 3 bytes peer-id. Peer-id usage is indicated by options->use_peer_id flag. In client mode it is set when applying pushed options. In server mode it is not set and as a result mssfix value is 3 bytes off. Content analysis details: (0.6 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.8 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [lstipakov[at]gmail.com] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.46 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.46 listed in wl.mailspike.net] -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1nPOnd-0004cg-Po Subject: [Openvpn-devel] [PATCH] Fix incorrect default mssfix value in server mode X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lev Stipakov MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Lev Stipakov When calculating default mssfix, we take into account protocol overhead, which usually includes 3 bytes peer-id. Peer-id usage is indicated by options->use_peer_id flag. In client mode it is set when applying pushed options. In server mode it is not set and as a result mssfix value is 3 bytes off. Fix by setting this flag in multi.c when calculating tunnel-specific options. Signed-off-by: Lev Stipakov Acked-By: Arne Schwabe --- src/openvpn/multi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index d8d44f96..ea19c539 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1772,6 +1772,7 @@ multi_client_set_protocol_options(struct context *c) if (proto & IV_PROTO_DATA_V2) { tls_multi->use_peer_id = true; + o->use_peer_id = true; } else if (dco_enabled(o)) {