Fix --mssfix when using NCP

As reported in trac #716, cipher negotiation (NCP) broke --mssfix.  This
patch now also restores the mssfix value after the crypto negotiation.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1473487872-13119-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12436.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 5b6d2468436ad156e727a9a43fa7fd309855a4c9..c4d904de7db206caa3ec2391c55b2d5d55256828 100644 (file)
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2808,19 +2808,6 @@ do_init_fragment (struct context *c)
 }
 #endif
 
-/*
- * Set the --mssfix option.
- */
-static void
-do_init_mssfix (struct context *c)
-{
-  if (c->options.ce.mssfix)
-    {
-      frame_set_mtu_dynamic (&c->c2.frame,
-                            c->options.ce.mssfix, SET_MTU_UPPER_BOUND);
-    }
-}
-
 /*
  * Allocate our socket object.
  */
@@ -3663,7 +3650,7 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int
 #endif
 
   /* initialize dynamic MTU variable */
-  do_init_mssfix (c);
+  frame_init_mssfix (&c->c2.frame, &c->options);
 
   /* bind the TCP/UDP socket */
   if (c->mode == CM_P2P || c->mode == CM_TOP || c->mode == CM_CHILD_TCP)

diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index 64d1cf3c5a780d6817f0f9d1a88d5e5695b98e8e..8cbaa863b652b7e2bd261d142bf0eec6411f33e8 100644 (file)
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -35,6 +35,7 @@
 #include "error.h"
 #include "integer.h"
 #include "mtu.h"
+#include "options.h"
 
 #include "memdbg.h"
 
@@ -124,6 +125,15 @@ frame_subtract_extra (struct frame *frame, const struct frame *src)
   frame->extra_tun   += src->extra_frame;
 }
 
+void
+frame_init_mssfix (struct frame *frame, const struct options *options)
+{
+  if (options->ce.mssfix)
+    {
+      frame_set_mtu_dynamic (frame, options->ce.mssfix, SET_MTU_UPPER_BOUND);
+    }
+}
+
 void
 frame_print (const struct frame *frame,
             int level,

diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h
index f94de89b73c3f902c30941f5cdb3615ab8a787c8..0320545b15ccc4a2576b7b1060e7e0755e59d804 100644 (file)
--- a/src/openvpn/mtu.h
+++ b/src/openvpn/mtu.h
@@ -135,6 +135,9 @@ struct frame {
   int align_adjust;
 };
 
+/* Forward declarations, to prevent includes */
+struct options;
+
 /* Routines which read struct frame should use the macros below */
 
 /*
@@ -227,6 +230,9 @@ void alloc_buf_sock_tun (struct buffer *buf,
                         const bool tuntap_buffer,
                         const unsigned int align_mask);
 
+/** Set the --mssfix option. */
+void frame_init_mssfix (struct frame *frame, const struct options *options);
+
 /*
  * EXTENDED_SOCKET_ERROR_CAPABILITY functions -- print extra error info
  * on socket errors, such as PMTU size.  As of 2003.05.11, only works

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index a220b79a541d614388449b6b8f3a99b2615dd3d2..caf3b1f6264c0926610101f5a370962dcbeb9b80 100644 (file)
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1691,6 +1691,7 @@ tls_session_update_crypto_params(struct tls_session *session,
       options->use_iv, options->replay, packet_id_long_form);
   frame_finalize(frame, options->ce.link_mtu_defined, options->ce.link_mtu,
       options->ce.tun_mtu_defined, options->ce.tun_mtu);
+  frame_init_mssfix(frame, options);
   frame_print (frame, D_MTU_INFO, "Data Channel MTU parms");
 
   const struct session_id *client_sid = session->opt->server ?