Re: [Openvpn-devel] [PATCH v2 08/21] Decouple MSS fix calculation from frame calculation

Frank Lichtenheld Wed, 15 Dec 2021 01:59:20 -0800


> Arne Schwabe <a...@rfc2549.org> hat am 14.12.2021 23:38 geschrieben:
> Am 14.12.21 um 18:10 schrieb Frank Lichtenheld:
> > 
> > 
> >> Arne Schwabe <a...@rfc2549.org> hat am 14.12.2021 16:09 geschrieben:
> >> diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
> >> index 29efcd3b9..f82386a1d 100644
> >> --- a/src/openvpn/forward.c
> >> +++ b/src/openvpn/forward.c
> >> @@ -1493,7 +1493,7 @@ process_ip_header(struct context *c, unsigned int 
> >> flags, struct buffer *buf)
> >>                   /* possibly alter the TCP MSS */
> >>                   if (flags & PIP_MSSFIX)
> >>                   {
> >> -                    mss_fixup_ipv4(&ipbuf, 
> >> MTU_TO_MSS(TUN_MTU_SIZE_DYNAMIC(&c->c2.frame)));
> >> +                    mss_fixup_ipv4(&ipbuf, c->c2.frame.mss_fix);
> > 
> > I still think this will badly explode in the ce.mssfix == 0 code path. In 
> > that case frame.mss_fix == 0 AFAICT
> > and I see no handling of that possibility in mss_fixup_ipv4/6.
> 
> I won't. This is part of the older parts of OpenVPN that are more 
> obscure. You overlooking the implicit assumption that PIP_MSSFIX is only 
> set if also c->c2.frame.mssfix is != 0
> 
> See the top of the function. If ce.mssfix is 0 then you never have the 
> PIP_MSSFIX flag in the flags:

You're right. Should've not only looked at mss_fixup_*, but also at 
process_ip_header...

Regards,
--
Frank Lichtenheld


_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v2 08/21] Decouple MSS fix calculation from frame calculation

Reply via email to