Hi, On Sat, Jan 01, 2022 at 05:25:20PM +0100, Arne Schwabe wrote: > This commit fixes the MSS calculation in CBC mode. This fix has two parts: > > - Added rounding to a multiple of block size during calculation of overhead > - In CBC mode the packet ID is part of the plaintext (or payload) rather > than part of the header (like for AEAD), adjust the functions to > correctly reflect this. > > OCC link calculation is not affected since it ignores rounding of CBC > block size completely.
I've done a bit of whacking of this, and it is still not fully right, unfortunately. The short form is - BF-CBC, LZ4, --mssfix 1000, over IPv4 v4 TCP -> MSS 923, resulting UDP payload <= 1008 bytes v6 TCP -> MSS 903, resulting UDP payload <= 1008 bytes - BF-CBC, LZ4, --mssfix 1000, over IPv6 v4 TCP -> MSS 923, resulting UDP payload <= 1008 bytes v6 TCP -> MSS 903, resulting UDP payload <= 1008 bytes [so this is clearly wrong!] - BF-CBC, comp no, --mssfix 1000, over IPv4 v4 TCP -> MSS 923, resulting UDP payload <= 1000 bytes [can't test v6 inside in this particular server instance] so, something is wrong with the rounding and the compression opcode in CBC mode. With "comp no" the resulting packets are correct (UDP payload <= 1000 bytes), with "comp lz4" - doing the framing, but not doing actual compression - UDP payload exceeds --mssfix config. So, not merging this, until we've decided how to proceed (fixup patch, or new version of this one). gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel