[Openvpn-devel] [PATCH applied] Re: Account for peer-id in frame size calculation

2015-01-23 Thread Gert Doering 
Your patch has been applied to the master and release/2.3 branches.

While the conditions under which this can happen are rare today (git master
server, compression no or an uncompressible max-mtu packet sent from client
to server) it's severe enough to warrant a new 2.3 release.  I'll look
into this soonish, currently traveling.

commit f95010ad247a8998e0c39e394236251fca316849 (master)
commit 4ec70ca227370380011d072c09b739135e236183 (release/2.3)

Author: Steffan Karger
List-Post: openvpn-devel@lists.sourceforge.net
Date:   Fri Jan 23 20:52:41 2015 +0100

 Account for peer-id in frame size calculation

 Signed-off-by: Steffan Karger 
 Acked-by: Lev Stipakov 
 Message-Id: <1422042761-10014-1-git-send-email-stef...@karger.me>
 URL: http://article.gmane.org/gmane.network.openvpn.devel/9418
 Signed-off-by: Gert Doering 


--
kind regards,

Gert Doering

Re: [Openvpn-devel] [PATCH] Account for peer-id in frame size calculation

2015-01-23 Thread Lev Stipakov 
ACK

Reproduced the problem with ping -s 1500 (also no compression) and
patch on both sides have fixed it.

2015-01-23 21:52 GMT+02:00 Steffan Karger :
> Data channel packet using P_DATA_V2 will use three bytes extra for the
> peer-id. This needs to be accounted for, otherwise OpenVPN will throw
>
>   TCP/UDP packet too large on write to [AF_INET]10.1.1.1:1194
>
> warnings.
>
> Signed-off-by: Steffan Karger 
> ---
>  src/openvpn/ssl.c | 10 --
>  1 file changed, 4 insertions(+), 6 deletions(-)
>
> diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
> index 0bca28d..80293ef 100644
> --- a/src/openvpn/ssl.c
> +++ b/src/openvpn/ssl.c
> @@ -264,16 +264,14 @@ tls_get_cipher_name_pair (const char * cipher_name, 
> size_t len) {
>return NULL;
>  }
>
> -/*
> - * Max number of bytes we will add
> - * for data structures common to both
> - * data and control channel packets.
> - * (opcode only).
> +/**
> + * Max number of bytes we will add for data structures common to both data 
> and
> + * control channel packets (1 byte opcode + 3 bytes peer-id).
>   */
>  void
>  tls_adjust_frame_parameters(struct frame *frame)
>  {
> -  frame_add_to_extra_frame (frame, 1); /* space for opcode */
> +  frame_add_to_extra_frame (frame, 1 + 3); /* space for opcode + peer-id */
>  }
>
>  /*
> --
> 1.9.1
>
>
> --
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel



-- 
-Lev

[Openvpn-devel] [PATCH] Account for peer-id in frame size calculation

2015-01-23 Thread Steffan Karger 
Data channel packet using P_DATA_V2 will use three bytes extra for the
peer-id. This needs to be accounted for, otherwise OpenVPN will throw

  TCP/UDP packet too large on write to [AF_INET]10.1.1.1:1194

warnings.

Signed-off-by: Steffan Karger 
---
 src/openvpn/ssl.c | 10 --
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 0bca28d..80293ef 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -264,16 +264,14 @@ tls_get_cipher_name_pair (const char * cipher_name, 
size_t len) {
   return NULL;
 }

-/*
- * Max number of bytes we will add
- * for data structures common to both
- * data and control channel packets.
- * (opcode only). 
+/**
+ * Max number of bytes we will add for data structures common to both data and
+ * control channel packets (1 byte opcode + 3 bytes peer-id).
  */
 void
 tls_adjust_frame_parameters(struct frame *frame)
 {
-  frame_add_to_extra_frame (frame, 1); /* space for opcode */
+  frame_add_to_extra_frame (frame, 1 + 3); /* space for opcode + peer-id */
 }

 /*
-- 
1.9.1