As reported in trac #716, cipher negotiation (NCP) broke --mssfix. This patch now also restores the mssfix value after the crypto negotiation.
Signed-off-by: Steffan Karger <stef...@karger.me> --- src/openvpn/init.c | 15 +-------------- src/openvpn/mtu.c | 10 ++++++++++ src/openvpn/mtu.h | 6 ++++++ src/openvpn/ssl.c | 1 + 4 files changed, 18 insertions(+), 14 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 5685b69..2d262f0 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2802,19 +2802,6 @@ do_init_fragment (struct context *c) #endif /* - * Set the --mssfix option. - */ -static void -do_init_mssfix (struct context *c) -{ - if (c->options.ce.mssfix) - { - frame_set_mtu_dynamic (&c->c2.frame, - c->options.ce.mssfix, SET_MTU_UPPER_BOUND); - } -} - -/* * Allocate our socket object. */ static void @@ -3656,7 +3643,7 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int #endif /* initialize dynamic MTU variable */ - do_init_mssfix (c); + frame_init_mssfix (&c->c2.frame, &c->options); /* bind the TCP/UDP socket */ if (c->mode == CM_P2P || c->mode == CM_TOP || c->mode == CM_CHILD_TCP) diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 64d1cf3..8cbaa86 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -35,6 +35,7 @@ #include "error.h" #include "integer.h" #include "mtu.h" +#include "options.h" #include "memdbg.h" @@ -125,6 +126,15 @@ frame_subtract_extra (struct frame *frame, const struct frame *src) } void +frame_init_mssfix (struct frame *frame, const struct options *options) +{ + if (options->ce.mssfix) + { + frame_set_mtu_dynamic (frame, options->ce.mssfix, SET_MTU_UPPER_BOUND); + } +} + +void frame_print (const struct frame *frame, int level, const char *prefix) diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h index f94de89..0320545 100644 --- a/src/openvpn/mtu.h +++ b/src/openvpn/mtu.h @@ -135,6 +135,9 @@ struct frame { int align_adjust; }; +/* Forward declarations, to prevent includes */ +struct options; + /* Routines which read struct frame should use the macros below */ /* @@ -227,6 +230,9 @@ void alloc_buf_sock_tun (struct buffer *buf, const bool tuntap_buffer, const unsigned int align_mask); +/** Set the --mssfix option. */ +void frame_init_mssfix (struct frame *frame, const struct options *options); + /* * EXTENDED_SOCKET_ERROR_CAPABILITY functions -- print extra error info * on socket errors, such as PMTU size. As of 2003.05.11, only works diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index a220b79..caf3b1f 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1691,6 +1691,7 @@ tls_session_update_crypto_params(struct tls_session *session, options->use_iv, options->replay, packet_id_long_form); frame_finalize(frame, options->ce.link_mtu_defined, options->ce.link_mtu, options->ce.tun_mtu_defined, options->ce.tun_mtu); + frame_init_mssfix(frame, options); frame_print (frame, D_MTU_INFO, "Data Channel MTU parms"); const struct session_id *client_sid = session->opt->server ? -- 2.7.4 ------------------------------------------------------------------------------ _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel