Implementation with multiple threads needs that to be able run encryption in parallel. Tested with James' OpenVPN 3 server. --- src/openvpn/comp.c | 1 + src/openvpn/forward.c | 2 +- src/openvpn/init.c | 1 - src/openvpn/options.c | 5 ----- src/openvpn/packet_id.c | 7 +++---- src/openvpn/packet_id.h | 2 +- src/openvpn/ssl.c | 3 +-- 7 files changed, 7 insertions(+), 14 deletions(-)
diff --git a/src/openvpn/comp.c b/src/openvpn/comp.c index 3a32c62..61f6f08 100644 --- a/src/openvpn/comp.c +++ b/src/openvpn/comp.c @@ -160,6 +160,7 @@ comp_generate_peer_info_string(const struct compress_options *opt, struct buffer buf_printf (out, "IV_LZO_STUB=1\n"); buf_printf (out, "IV_COMP_STUB=1\n"); buf_printf (out, "IV_COMP_STUBv2=1\n"); + buf_printf (out, "IV_TCPNL=1\n"); } } diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 6c11439..b3077ed 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -391,7 +391,7 @@ check_fragment_dowork (struct context *c) struct link_socket_info *lsi = get_link_socket_info (c); /* OS MTU Hint? */ - if (lsi->mtu_changed && c->c2.ipv4_tun) + if (lsi->mtu_changed) { frame_adjust_path_mtu (&c->c2.frame_fragment, c->c2.link_socket->mtu, c->options.ce.proto); diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 9cd3d9f..fdeaf95 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2143,7 +2143,6 @@ do_init_crypto_static (struct context *c, const unsigned int flags) if (options->replay) { packet_id_init (&c->c2.crypto_options.packet_id, - link_socket_proto_connection_oriented (options->ce.proto), options->replay_window, options->replay_time, "STATIC", 0); diff --git a/src/openvpn/options.c b/src/openvpn/options.c index dd7d461..1be32ff 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2215,11 +2215,6 @@ options_postprocess_verify_ce (const struct options *options, const struct conne /* * Check consistency of replay options */ - if ((!proto_is_udp(ce->proto)) - && (options->replay_window != defaults.replay_window - || options->replay_time != defaults.replay_time)) - msg (M_USAGE, "--replay-window only makes sense with --proto udp"); - if (!options->replay && (options->replay_window != defaults.replay_window || options->replay_time != defaults.replay_time)) diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c index baa4966..9874519 100644 --- a/src/openvpn/packet_id.c +++ b/src/openvpn/packet_id.c @@ -76,10 +76,9 @@ packet_id_debug (int msglevel, } void -packet_id_init (struct packet_id *p, bool tcp_mode, int seq_backtrack, int time_backtrack, const char *name, int unit) +packet_id_init (struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit) { - dmsg (D_PID_DEBUG, "PID packet_id_init tcp_mode=%d seq_backtrack=%d time_backtrack=%d", - tcp_mode, + dmsg (D_PID_DEBUG, "PID packet_id_init seq_backtrack=%d time_backtrack=%d", seq_backtrack, time_backtrack); @@ -88,7 +87,7 @@ packet_id_init (struct packet_id *p, bool tcp_mode, int seq_backtrack, int time_ p->rec.name = name; p->rec.unit = unit; - if (seq_backtrack && !tcp_mode) + if (seq_backtrack) { ASSERT (MIN_SEQ_BACKTRACK <= seq_backtrack && seq_backtrack <= MAX_SEQ_BACKTRACK); ASSERT (MIN_TIME_BACKTRACK <= time_backtrack && time_backtrack <= MAX_TIME_BACKTRACK); diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h index 5eb501d..fb059b7 100644 --- a/src/openvpn/packet_id.h +++ b/src/openvpn/packet_id.h @@ -210,7 +210,7 @@ struct packet_id struct packet_id_rec rec; }; -void packet_id_init (struct packet_id *p, bool tcp_mode, int seq_backtrack, int time_backtrack, const char *name, int unit); +void packet_id_init (struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit); void packet_id_free (struct packet_id *p); /* should we accept an incoming packet id ? */ diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 8717324..c7823b2 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -799,7 +799,7 @@ key_state_init (struct tls_session *session, struct key_state *ks) /* init packet ID tracker */ if (session->opt->replay) { - packet_id_init (&ks->crypto_options.packet_id, session->opt->tcp_mode, + packet_id_init (&ks->crypto_options.packet_id, session->opt->replay_window, session->opt->replay_time, "SSL", ks->key_id); } @@ -948,7 +948,6 @@ tls_session_init (struct tls_multi *multi, struct tls_session *session) /* initialize packet ID replay window for --tls-auth */ packet_id_init (&session->tls_auth.packet_id, - session->opt->tcp_mode, session->opt->replay_window, session->opt->replay_time, "TLS_AUTH", session->key_id); -- 2.8.4 (Apple Git-73) ------------------------------------------------------------------------------ _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel