[Openvpn-devel] [PATCH applied] Re: Account for peer-id in frame size calculation
Your patch has been applied to the master and release/2.3 branches. While the conditions under which this can happen are rare today (git master server, compression no or an uncompressible max-mtu packet sent from client to server) it's severe enough to warrant a new 2.3 release. I'll look into this soonish, currently traveling. commit f95010ad247a8998e0c39e394236251fca316849 (master) commit 4ec70ca227370380011d072c09b739135e236183 (release/2.3) Author: Steffan Karger List-Post: openvpn-devel@lists.sourceforge.net Date: Fri Jan 23 20:52:41 2015 +0100 Account for peer-id in frame size calculation Signed-off-by: Steffan KargerAcked-by: Lev Stipakov Message-Id: <1422042761-10014-1-git-send-email-stef...@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9418 Signed-off-by: Gert Doering -- kind regards, Gert Doering
Re: [Openvpn-devel] [PATCH] Account for peer-id in frame size calculation
ACK Reproduced the problem with ping -s 1500 (also no compression) and patch on both sides have fixed it. 2015-01-23 21:52 GMT+02:00 Steffan Karger: > Data channel packet using P_DATA_V2 will use three bytes extra for the > peer-id. This needs to be accounted for, otherwise OpenVPN will throw > > TCP/UDP packet too large on write to [AF_INET]10.1.1.1:1194 > > warnings. > > Signed-off-by: Steffan Karger > --- > src/openvpn/ssl.c | 10 -- > 1 file changed, 4 insertions(+), 6 deletions(-) > > diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c > index 0bca28d..80293ef 100644 > --- a/src/openvpn/ssl.c > +++ b/src/openvpn/ssl.c > @@ -264,16 +264,14 @@ tls_get_cipher_name_pair (const char * cipher_name, > size_t len) { >return NULL; > } > > -/* > - * Max number of bytes we will add > - * for data structures common to both > - * data and control channel packets. > - * (opcode only). > +/** > + * Max number of bytes we will add for data structures common to both data > and > + * control channel packets (1 byte opcode + 3 bytes peer-id). > */ > void > tls_adjust_frame_parameters(struct frame *frame) > { > - frame_add_to_extra_frame (frame, 1); /* space for opcode */ > + frame_add_to_extra_frame (frame, 1 + 3); /* space for opcode + peer-id */ > } > > /* > -- > 1.9.1 > > > -- > New Year. New Location. New Benefits. New Data Center in Ashburn, VA. > GigeNET is offering a free month of service with a new server in Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely compliant. > http://p.sf.net/sfu/gigenet > ___ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel -- -Lev
[Openvpn-devel] [PATCH] Account for peer-id in frame size calculation
Data channel packet using P_DATA_V2 will use three bytes extra for the peer-id. This needs to be accounted for, otherwise OpenVPN will throw TCP/UDP packet too large on write to [AF_INET]10.1.1.1:1194 warnings. Signed-off-by: Steffan Karger--- src/openvpn/ssl.c | 10 -- 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 0bca28d..80293ef 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -264,16 +264,14 @@ tls_get_cipher_name_pair (const char * cipher_name, size_t len) { return NULL; } -/* - * Max number of bytes we will add - * for data structures common to both - * data and control channel packets. - * (opcode only). +/** + * Max number of bytes we will add for data structures common to both data and + * control channel packets (1 byte opcode + 3 bytes peer-id). */ void tls_adjust_frame_parameters(struct frame *frame) { - frame_add_to_extra_frame (frame, 1); /* space for opcode */ + frame_add_to_extra_frame (frame, 1 + 3); /* space for opcode + peer-id */ } /* -- 1.9.1