From patchwork Mon May 23 23:19:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lev Stipakov X-Patchwork-Id: 2492 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.27.255.9]) by backend41.mail.ord1d.rsapps.net with LMTP id sB8FJpejjGLraQAAqwncew (envelope-from ) for ; Tue, 24 May 2022 05:21:27 -0400 Received: from proxy20.mail.iad3a.rsapps.net ([172.27.255.9]) by director7.mail.ord1d.rsapps.net with LMTP id WEkEBZijjGIQZwAAovjBpQ (envelope-from ) for ; Tue, 24 May 2022 05:21:28 -0400 Received: from smtp18.gate.iad3a ([172.27.255.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy20.mail.iad3a.rsapps.net with LMTPS id YH+bOZejjGLNEAAAtfLT2w (envelope-from ) for ; Tue, 24 May 2022 05:21:27 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp18.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: e35bc5ee-db42-11ec-9410-5254008b8116-1-1 Received: from [216.105.38.7] ([216.105.38.7:57098] helo=lists.sourceforge.net) by smtp18.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 0E/64-20949-793AC826; Tue, 24 May 2022 05:21:27 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1ntQiE-0004jg-0P; Tue, 24 May 2022 09:20:22 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ntQiC-0004jZ-Kr for openvpn-devel@lists.sourceforge.net; Tue, 24 May 2022 09:20:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Q7tCHMvaJFE+KqOGPzp0elhJjW25jglG3rgKWmydU/g=; b=kzUqcuM1518EgONL6puByEUs8Q jeUsb5cDvLTPcG+89HtlJSJ1GWddjuHVHt1DCQAPUeqTKVv4k4ZpOOFzV1ZjFOODfElElihNqBoyw yVeeJvsY7WrCmH5HBCNuHt3Z+U06Mu4/eoovvYjCTqBjka42MDiO2ejiXENj5M6T54Vk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Q7tCHMvaJFE+KqOGPzp0elhJjW25jglG3rgKWmydU/g=; b=h6PhIYfgLfiTZ5eTancUSUUj2E yCP0DbfuNPlO8+6rXrsaJyoSwTjtwK7LYIVdVj2PSkO1LeAKrR9qnFECX26xBYrJZOUaiUOBR5uek 0y2wsejr6IFv0UBKX7VqIIc9jAnpvaoDuzeOq0tYTa8N3dggk/oAMOonzPfNy88lX/yk=; Received: from mail-lf1-f44.google.com ([209.85.167.44]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.94.2) id 1ntQiA-0002BX-QE for openvpn-devel@lists.sourceforge.net; Tue, 24 May 2022 09:20:20 +0000 Received: by mail-lf1-f44.google.com with SMTP id w14so29743189lfl.13 for ; Tue, 24 May 2022 02:20:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id; bh=Q7tCHMvaJFE+KqOGPzp0elhJjW25jglG3rgKWmydU/g=; b=haAiZWR8GEc6AoQ9q841z6mj0Kd1G75nBbiXkUS77+pAteZOAKmstHTZ9duS/mNtPZ E/55cm2svxM7FhBqP8A0MP8JVy84lJauRnI62OBmaZZJ2Daz5fRCheNkdyRi70RgBSu3 F8eFJv+KrVNZWrehFdnMaWgaEmby4Q3OGRDNXexyg6c5VkW4hnTOB0mfxNz8OHakMwbZ 6C6EBM9sm/jTJmirih+iNHw5X4TEMowktkLwMFDgV+TJT4+dKPBlzGpHVWW0OUDeJTcT s/zd6CxmIUHdS/qQUFTWVTWrzaaPlkyftSmHPR4uYX6mYXisuzYunmX+27sAe90Bbs+V SHWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Q7tCHMvaJFE+KqOGPzp0elhJjW25jglG3rgKWmydU/g=; b=wbI2OZT2w5xF2JzrKuGmg6pTPdY6kKb5xJpqNwq5lt8IXi6n72FAOh8FYaogPrFBCw elRhakIcIJMufadPHRt8j0d0A5mmq2rb364sLR68VZxBpfwtY+1KFDTk0liR9I4AD1sT 14DUd3kl6IPAhQOKE9QJbsCUIQIBPMq89v9m39r0YkCBCWO6jpSksIylAd7WJ9hVRezr xsQPcssbJ17lD7eVDyrlYQ9eXuCZyvNmO2xyp/6DhK/5nT7+4xr4ikwLmhW3PGogQJL1 tSR+zP2i37DVsRCZEGVGnOUvKWCy8Dry5jT1JJsvOnFZPwiuU9SM0yG3ojfsvNtU6jve 7f/A== X-Gm-Message-State: AOAM5312K1JZ2qD7wRKQ+pq19H330jaadt9Z2sdusNpEgWtlZaHupEn5 Ii4c6ugWj2sOwB8NU4NDr/mUIyKUmstznw== X-Google-Smtp-Source: ABdhPJybxTFAX1NWmgzdE5j8I7rtAbkDi0HDUuoPYQrsp7bPJ+D6rmVfB5XTtDA+6HQJMvi56JMKgw== X-Received: by 2002:a05:6512:280b:b0:477:b181:223d with SMTP id cf11-20020a056512280b00b00477b181223dmr18976139lfb.146.1653384011387; Tue, 24 May 2022 02:20:11 -0700 (PDT) Received: from LAPTOP-4L3N7KFS.localdomain (81-175-157-115.bb.dnainternet.fi. [81.175.157.115]) by smtp.gmail.com with ESMTPSA id u26-20020a2e9b1a000000b00253d5618718sm2377136lji.34.2022.05.24.02.20.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 May 2022 02:20:10 -0700 (PDT) From: Lev Stipakov To: openvpn-devel@lists.sourceforge.net Date: Tue, 24 May 2022 12:19:16 +0300 Message-Id: <20220524091916.145-1-lstipakov@gmail.com> X-Mailer: git-send-email 2.17.1 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Lev Stipakov There are two flags to indicate peer-id usage, one is in tls_multi struct and another one is in options. For P2P mode we don't set this flag in options, which is used in MTU calculation. As a result, automatically calculated MSS value in P2P mode is wrong, Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.167.44 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [lstipakov[at]gmail.com] -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.167.44 listed in wl.mailspike.net] X-Headers-End: 1ntQiA-0002BX-QE Subject: [Openvpn-devel] [PATCH] Set o->use_peer_id flag for p2p mode X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lev Stipakov MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Lev Stipakov There are two flags to indicate peer-id usage, one is in tls_multi struct and another one is in options. For P2P mode we don't set this flag in options, which is used in MTU calculation. As a result, automatically calculated MSS value in P2P mode is wrong, Fix by bring use_peer_id flag in options and tls_multi into sync for P2P. Signed-off-by: Lev Stipakov Acked-by: Antonio Quartulli --- src/openvpn/init.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index b0c62a85..bf01d3d6 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2144,6 +2144,8 @@ do_deferred_p2p_ncp(struct context *c) return true; } + c->options.use_peer_id = c->c2.tls_multi->use_peer_id; + struct tls_session *session = &c->c2.tls_multi->session[TM_ACTIVE]; const char *ncp_cipher = get_p2p_ncp_cipher(session, c->c2.tls_multi->peer_info,