From 8142cb430c3a740ab1ef822532cee70019a2239d Mon Sep 17 00:00:00 2001
From: Dirkjan Bussink <d.bussink@gmail.com>
Date: Fri, 5 May 2017 13:17:40 +0200
Subject: [PATCH] Don't resize the MTU windows on a reused connection

This was causing MTU packet sizes to be shrunk each time a TLS
connection to a client was reused. Reuse happens easily when a client
cleanly restarts.
---
 src/openvpn/crypto.h |  5 +++++
 src/openvpn/ssl.c    | 18 +++++++++++-------
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index afd6fe51..410259f8 100644
--- a/src/openvpn/crypto.h
+++ b/src/openvpn/crypto.h
@@ -257,6 +257,11 @@ struct crypto_options
 #define CO_MUTE_REPLAY_WARNINGS (1<<2)
     /**< Bit-flag indicating not to display
      *   replay warnings. */
+#define CO_TLS_CONNECTION_REUSE (1<<4)
+    /**< Bit-flag indicating if the TLS connection
+     *   is reused. This is needed so that framing
+     *   is not done multiple times on a reused
+     *   connection. */
     unsigned int flags;         /**< Bit-flags determining behavior of
                                  *   security operation functions. */
 };
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index fca1e7c5..7ed928f3 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1976,13 +1976,17 @@ tls_session_update_crypto_params(struct tls_session *session,
         session->opt->crypto_flags |= CO_PACKET_ID_LONG_FORM;
     }
 
-    /* Update frame parameters: undo worst-case overhead, add actual overhead */
-    frame_add_to_extra_frame(frame, -(crypto_max_overhead()));
-    crypto_adjust_frame_parameters(frame, &session->opt->key_type,
-                                   options->replay, packet_id_long_form);
-    frame_finalize(frame, options->ce.link_mtu_defined, options->ce.link_mtu,
-                   options->ce.tun_mtu_defined, options->ce.tun_mtu);
-    frame_init_mssfix(frame, options);
+    if (!BOOL_CAST(session->opt->crypto_flags & CO_TLS_CONNECTION_REUSE))
+    {
+        /* Update frame parameters: undo worst-case overhead, add actual overhead */
+        frame_add_to_extra_frame(frame, -(crypto_max_overhead()));
+        crypto_adjust_frame_parameters(frame, &session->opt->key_type,
+                                       options->replay, packet_id_long_form);
+        frame_finalize(frame, options->ce.link_mtu_defined, options->ce.link_mtu,
+                       options->ce.tun_mtu_defined, options->ce.tun_mtu);
+        frame_init_mssfix(frame, options);
+        session->opt->crypto_flags |= CO_TLS_CONNECTION_REUSE;
+    }
     frame_print(frame, D_MTU_INFO, "Data Channel MTU parms");
 
     return tls_session_generate_data_channel_keys(session);
-- 
2.12.2