Implementation with multiple threads needs that to be able run encryption in 
parallel. Tested with James' OpenVPN 3 server.
---
 src/openvpn/comp.c      | 1 +
 src/openvpn/forward.c   | 2 +-
 src/openvpn/init.c      | 1 -
 src/openvpn/options.c   | 5 -----
 src/openvpn/packet_id.c | 7 +++----
 src/openvpn/packet_id.h | 2 +-
 src/openvpn/ssl.c       | 3 +--
 7 files changed, 7 insertions(+), 14 deletions(-)

diff --git a/src/openvpn/comp.c b/src/openvpn/comp.c
index 3a32c62..61f6f08 100644
--- a/src/openvpn/comp.c
+++ b/src/openvpn/comp.c
@@ -160,6 +160,7 @@ comp_generate_peer_info_string(const struct 
compress_options *opt, struct buffer
        buf_printf (out, "IV_LZO_STUB=1\n");
       buf_printf (out, "IV_COMP_STUB=1\n");
       buf_printf (out, "IV_COMP_STUBv2=1\n");
+    buf_printf (out, "IV_TCPNL=1\n");
     }
 }
 
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 6c11439..b3077ed 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -391,7 +391,7 @@ check_fragment_dowork (struct context *c)
   struct link_socket_info *lsi = get_link_socket_info (c);
 
   /* OS MTU Hint? */
-  if (lsi->mtu_changed && c->c2.ipv4_tun)
+  if (lsi->mtu_changed)
     {
       frame_adjust_path_mtu (&c->c2.frame_fragment, c->c2.link_socket->mtu,
                             c->options.ce.proto);
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 9cd3d9f..fdeaf95 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2143,7 +2143,6 @@ do_init_crypto_static (struct context *c, const unsigned 
int flags)
   if (options->replay)
     {
       packet_id_init (&c->c2.crypto_options.packet_id,
-                     link_socket_proto_connection_oriented (options->ce.proto),
                      options->replay_window,
                      options->replay_time,
                      "STATIC", 0);
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index dd7d461..1be32ff 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2215,11 +2215,6 @@ options_postprocess_verify_ce (const struct options 
*options, const struct conne
   /*
    * Check consistency of replay options
    */
-  if ((!proto_is_udp(ce->proto))
-      && (options->replay_window != defaults.replay_window
-         || options->replay_time != defaults.replay_time))
-    msg (M_USAGE, "--replay-window only makes sense with --proto udp");
-
   if (!options->replay
       && (options->replay_window != defaults.replay_window
          || options->replay_time != defaults.replay_time))
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index baa4966..9874519 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -76,10 +76,9 @@ packet_id_debug (int msglevel,
 }
 
 void
-packet_id_init (struct packet_id *p, bool tcp_mode, int seq_backtrack, int 
time_backtrack, const char *name, int unit)
+packet_id_init (struct packet_id *p, int seq_backtrack, int time_backtrack, 
const char *name, int unit)
 {
-  dmsg (D_PID_DEBUG, "PID packet_id_init tcp_mode=%d seq_backtrack=%d 
time_backtrack=%d",
-       tcp_mode,
+  dmsg (D_PID_DEBUG, "PID packet_id_init seq_backtrack=%d time_backtrack=%d",
        seq_backtrack,
        time_backtrack);
 
@@ -88,7 +87,7 @@ packet_id_init (struct packet_id *p, bool tcp_mode, int 
seq_backtrack, int time_
 
   p->rec.name = name;
   p->rec.unit = unit;
-  if (seq_backtrack && !tcp_mode)
+  if (seq_backtrack)
     {
       ASSERT (MIN_SEQ_BACKTRACK <= seq_backtrack && seq_backtrack <= 
MAX_SEQ_BACKTRACK);
       ASSERT (MIN_TIME_BACKTRACK <= time_backtrack && time_backtrack <= 
MAX_TIME_BACKTRACK);
diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
index 5eb501d..fb059b7 100644
--- a/src/openvpn/packet_id.h
+++ b/src/openvpn/packet_id.h
@@ -210,7 +210,7 @@ struct packet_id
   struct packet_id_rec rec;
 };
 
-void packet_id_init (struct packet_id *p, bool tcp_mode, int seq_backtrack, 
int time_backtrack, const char *name, int unit);
+void packet_id_init (struct packet_id *p, int seq_backtrack, int 
time_backtrack, const char *name, int unit);
 void packet_id_free (struct packet_id *p);
 
 /* should we accept an incoming packet id ? */
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 8717324..c7823b2 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -799,7 +799,7 @@ key_state_init (struct tls_session *session, struct 
key_state *ks)
   /* init packet ID tracker */
   if (session->opt->replay)
     {
-      packet_id_init (&ks->crypto_options.packet_id, session->opt->tcp_mode,
+      packet_id_init (&ks->crypto_options.packet_id,
          session->opt->replay_window, session->opt->replay_time, "SSL",
          ks->key_id);
     }
@@ -948,7 +948,6 @@ tls_session_init (struct tls_multi *multi, struct 
tls_session *session)
 
   /* initialize packet ID replay window for --tls-auth */
   packet_id_init (&session->tls_auth.packet_id,
-                 session->opt->tcp_mode,
                  session->opt->replay_window,
                  session->opt->replay_time,
                  "TLS_AUTH", session->key_id);
-- 
2.8.4 (Apple Git-73)


------------------------------------------------------------------------------
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to