Hi, On Mon, Jan 24, 2022 at 03:54:59AM +0100, Arne Schwabe wrote: > Currently we use half dynamic buffer sizes where we use have a fixed > overhead for crypto (crypto_max_overhead) but use a dynamic overhead > for the the other small header sizes. > > Patch v3: rebase > Patch v4: add size of ack array to control channel frame size > Patch v5: fix calculation of compression overhead calculated over 0 instead > of payload size
Generally this looks okayish, and *most* t_client / t_server tests work
beautifully.
It does break --tls-client --proto tcp for me, for big packets, though...
The client is called like this:
openvpn --ca ... --cert ... --key ... --comp-lzo --verb 3 --tls-client --dev
tap --proto tcp-client --remote gentoo.ov.greenie.net 51204 --ifconfig
10.204.9.2 255.255.255.0 --comp-lzo --tun-ipv6 --ifconfig-ipv6
fd00:abcd:204:9::2/64 fd00:abcd:204:9::1 --route 10.204.0.0 255.255.0.0
10.204.9.1 --route-ipv6 fd00:abcd:204::/48 --data-ciphers BF-CBC
and will do
2022-02-02 12:56:52 peer info: IV_CIPHERS=BF-CBC:AES-256-GCM:AES-128-GCM
2022-02-02 12:56:52 peer info: IV_PROTO=42
2022-02-02 12:56:52 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu
1500', remote='tun-mtu 1532'
2022-02-02 12:56:52 P2P mode NCP negotiation result: TLS_export=1, DATA_v2=1,
peer-id 897556, cipher=BF-CBC
2022-02-02 12:56:52 Control Channel: TLSv1.3, cipher TLSv1.3
TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA1
2022-02-02 12:56:52 [server] Peer Connection Initiated with
[AF_INET6]2001:608:0:814::f000:11:51204
2022-02-02 12:56:53 OPTIONS IMPORT: adjusting link_mtu to 1579
2022-02-02 12:56:53 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128
bit key
2022-02-02 12:56:53 Outgoing Data Channel: Using 160 bit message hash 'SHA1'
for HMAC authentication
when sending 1440 byte pings (t_client test) it will complain
2022-02-02 12:56:15 TCP/UDP packet too large on write to
[AF_INET6]2001:608:0:814::f000:11:51204 (tried=1520,max=1499)
2022-02-02 12:56:15 TCP/UDP packet too large on write to
[AF_INET6]2001:608:0:814::f000:11:51204 (tried=1520,max=1499)
2022-02-02 12:56:15 TCP/UDP packet too large on write to
[AF_INET6]2001:608:0:814::f000:11:51204 (tried=1520,max=1499)
soo... is this something that "should be fixed" by a later patch in the
series, or do we need a v6 of this one?
The same test works correctly with master as of right now (5b3c8ca86976).
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
