Hi,
On Thu, Dec 30, 2021 at 07:16:25PM +0100, Steffan Karger wrote:
> On 30-12-2021 18:28, Arne Schwabe wrote:
> > That BF-CBC seems have an extra 8 bytes that I somehow missed. CBC is a
> > odd since it always gives you a multiple of the blocksize (64 bit or 8
> > byte) and if you evenly divide
Hi,
On 30-12-2021 18:28, Arne Schwabe wrote:
> That BF-CBC seems have an extra 8 bytes that I somehow missed. CBC is a
> odd since it always gives you a multiple of the blocksize (64 bit or 8
> byte) and if you evenly divide by the blocksize you get an extra block
> just for the padding. I need
Am 30.12.21 um 17:38 schrieb Gert Doering:
I've stared at the code (nice, things get simpler :-) ) and done
a few tests (v4 over v4, v4 over v6, ...) with "--mssfix 1000" and
looked at the resulting MSS values. These are way different from
"master without this" - but arguably, closer to reality
Use the functions that directly compute the link mtu instead relying on the
frame logic.
Patch V2: rebase on master
Signed-off-by: Arne Schwabe
---
src/openvpn/mtu.c | 43 +
src/openvpn/mtu.h | 11 +++
src/openvpn/options.c |
Hi,
On Tue, Dec 07, 2021 at 06:01:59PM +0100, Arne Schwabe wrote:
> Use the functions that directly compute the link mtu instead relying on the
> frame logic.
[..]
> --- a/src/openvpn/mtu.c
> +++ b/src/openvpn/mtu.c
> @@ -61,6 +61,8 @@ frame_calculate_protocol_header_size(const struct key_type
>
I've stared at the code (nice, things get simpler :-) ) and done
a few tests (v4 over v4, v4 over v6, ...) with "--mssfix 1000" and
looked at the resulting MSS values. These are way different from
"master without this" - but arguably, closer to reality than what
we had before.
Old: BF-CBC,
Acked-by: Gert Doering
With the latest comment changes (v2/2) and wiscii's grammar fix these
code parts are now much easier to understand.
There is not much to actually test yet, as the new functions are not
called. I have visually compared with crypto_adjust_frame_parameters()
and "it seems
