Re: [Openvpn-devel] [PATCH] Restore pre-NCP frame parameters for new sessions

Tue, 09 May 2017 03:49:13 -0700 

On 08/05/17 23:44, Steffan Karger wrote:
> As reported in trac #879, as of the introduction of NCP we always adjust
> the frame parameters on session negotiations, but do not reset the frame
> state for a new session on an existing state instance.  That caused the
> frame parameters to be reduced for each reconnect, resulting in smaller
> and smaller packet size limits until no traffic could go through the
> tunnel at all.  This patch resolves that omission.


Only glared at the code changes, and it makes sense to me.  I'll try to
run a few tests to see if I can reproduce this issue.  If others can
help test this patch, that will also help tremendously - and I'll try to
remember to add a Tested-by: tag in the commit log too for all those
confirming this fix.

A little nit-pick below though.


> Trac: #879
> Signed-off-by: Steffan Karger <stef...@karger.me>
> ---
>  src/openvpn/forward.c | 7 +++++++
>  src/openvpn/init.c    | 2 ++
>  src/openvpn/openvpn.h | 3 ++-
>  src/openvpn/ssl.c     | 9 +--------
>  src/openvpn/ssl.h     | 8 ++++++++
>  5 files changed, 20 insertions(+), 9 deletions(-)
> 
> diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
> index 8102e94..2f3f3c5 100644
> --- a/src/openvpn/forward.c
> +++ b/src/openvpn/forward.c
> @@ -866,9 +866,16 @@ process_incoming_link_part1(struct context *c, struct 
> link_socket_info *lsi, boo
>               * will load crypto_options with the correct encryption key
>               * and return false.
>               */
> +            uint8_t opcode = *BPTR(&c->c2.buf) >> P_OPCODE_SHIFT;
>              if (tls_pre_decrypt(c->c2.tls_multi, &c->c2.from, &c->c2.buf, 
> &co,
>                                  floated, &ad_start))
>              {

Wouldn't it make more sense to move the opcode declaration to inside the
if (tls_pre_decrypt(...)) block?  I can do that on-the-fly though.


-- 
kind regards,

David Sommerseth
OpenVPN Technologies, Inc

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to