From f698002d815b72633195397282cd7714b208daec Mon Sep 17 00:00:00 2001
From: Steffan Karger <steffan@karger.me>
Date: Mon, 15 Aug 2016 22:53:09 +0200
Subject: [PATCH 1/2] Fix --mssfix when using NCP
As reported in #716, cipher negotiation (NCP) broke --mssfix. This patch
now also restores the mssfix value after the crypto negotiation.
Signed-off-by: Steffan Karger <steffan@karger.me>
---
src/openvpn/init.c | 15 +--------------
src/openvpn/mtu.c | 10 ++++++++++
src/openvpn/mtu.h | 6 ++++++
src/openvpn/ssl.c | 1 +
4 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 5685b69..2d262f0 100644
a
|
b
|
do_init_fragment (struct context *c) |
2802 | 2802 | #endif |
2803 | 2803 | |
2804 | 2804 | /* |
2805 | | * Set the --mssfix option. |
2806 | | */ |
2807 | | static void |
2808 | | do_init_mssfix (struct context *c) |
2809 | | { |
2810 | | if (c->options.ce.mssfix) |
2811 | | { |
2812 | | frame_set_mtu_dynamic (&c->c2.frame, |
2813 | | c->options.ce.mssfix, SET_MTU_UPPER_BOUND); |
2814 | | } |
2815 | | } |
2816 | | |
2817 | | /* |
2818 | 2805 | * Allocate our socket object. |
2819 | 2806 | */ |
2820 | 2807 | static void |
… |
… |
init_instance (struct context *c, const struct env_set *env, const unsigned int |
3656 | 3643 | #endif |
3657 | 3644 | |
3658 | 3645 | /* initialize dynamic MTU variable */ |
3659 | | do_init_mssfix (c); |
| 3646 | frame_init_mssfix (&c->c2.frame, &c->options); |
3660 | 3647 | |
3661 | 3648 | /* bind the TCP/UDP socket */ |
3662 | 3649 | if (c->mode == CM_P2P || c->mode == CM_TOP || c->mode == CM_CHILD_TCP) |
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index 64d1cf3..8cbaa86 100644
a
|
b
|
|
35 | 35 | #include "error.h" |
36 | 36 | #include "integer.h" |
37 | 37 | #include "mtu.h" |
| 38 | #include "options.h" |
38 | 39 | |
39 | 40 | #include "memdbg.h" |
40 | 41 | |
… |
… |
frame_subtract_extra (struct frame *frame, const struct frame *src) |
125 | 126 | } |
126 | 127 | |
127 | 128 | void |
| 129 | frame_init_mssfix (struct frame *frame, const struct options *options) |
| 130 | { |
| 131 | if (options->ce.mssfix) |
| 132 | { |
| 133 | frame_set_mtu_dynamic (frame, options->ce.mssfix, SET_MTU_UPPER_BOUND); |
| 134 | } |
| 135 | } |
| 136 | |
| 137 | void |
128 | 138 | frame_print (const struct frame *frame, |
129 | 139 | int level, |
130 | 140 | const char *prefix) |
diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h
index f94de89..0320545 100644
a
|
b
|
struct frame { |
135 | 135 | int align_adjust; |
136 | 136 | }; |
137 | 137 | |
| 138 | /* Forward declarations, to prevent includes */ |
| 139 | struct options; |
| 140 | |
138 | 141 | /* Routines which read struct frame should use the macros below */ |
139 | 142 | |
140 | 143 | /* |
… |
… |
void alloc_buf_sock_tun (struct buffer *buf, |
227 | 230 | const bool tuntap_buffer, |
228 | 231 | const unsigned int align_mask); |
229 | 232 | |
| 233 | /** Set the --mssfix option. */ |
| 234 | void frame_init_mssfix (struct frame *frame, const struct options *options); |
| 235 | |
230 | 236 | /* |
231 | 237 | * EXTENDED_SOCKET_ERROR_CAPABILITY functions -- print extra error info |
232 | 238 | * on socket errors, such as PMTU size. As of 2003.05.11, only works |
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index a220b79..caf3b1f 100644
a
|
b
|
tls_session_update_crypto_params(struct tls_session *session, |
1691 | 1691 | options->use_iv, options->replay, packet_id_long_form); |
1692 | 1692 | frame_finalize(frame, options->ce.link_mtu_defined, options->ce.link_mtu, |
1693 | 1693 | options->ce.tun_mtu_defined, options->ce.tun_mtu); |
| 1694 | frame_init_mssfix(frame, options); |
1694 | 1695 | frame_print (frame, D_MTU_INFO, "Data Channel MTU parms"); |
1695 | 1696 | |
1696 | 1697 | const struct session_id *client_sid = session->opt->server ? |