From: Steffan Karger <steffan@karger.me>
Date: Sat, 10 Sep 2016 06:11:12 +0000 (+0200)
Subject: Fix --mssfix when using NCP
X-Git-Tag: v2.4_alpha1~40
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cbc3c5a9831b44ec7f59e8cb21e19ea364e6c0ee;p=thirdparty%2Fopenvpn.git

Fix --mssfix when using NCP

As reported in trac #716, cipher negotiation (NCP) broke --mssfix.  This
patch now also restores the mssfix value after the crypto negotiation.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1473487872-13119-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12436.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 5b6d24684..c4d904de7 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2808,19 +2808,6 @@ do_init_fragment (struct context *c)
 }
 #endif
 
-/*
- * Set the --mssfix option.
- */
-static void
-do_init_mssfix (struct context *c)
-{
-  if (c->options.ce.mssfix)
-    {
-      frame_set_mtu_dynamic (&c->c2.frame,
-			     c->options.ce.mssfix, SET_MTU_UPPER_BOUND);
-    }
-}
-
 /*
  * Allocate our socket object.
  */
@@ -3663,7 +3650,7 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int
 #endif
 
   /* initialize dynamic MTU variable */
-  do_init_mssfix (c);
+  frame_init_mssfix (&c->c2.frame, &c->options);
 
   /* bind the TCP/UDP socket */
   if (c->mode == CM_P2P || c->mode == CM_TOP || c->mode == CM_CHILD_TCP)
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index 64d1cf3c5..8cbaa863b 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -35,6 +35,7 @@
 #include "error.h"
 #include "integer.h"
 #include "mtu.h"
+#include "options.h"
 
 #include "memdbg.h"
 
@@ -124,6 +125,15 @@ frame_subtract_extra (struct frame *frame, const struct frame *src)
   frame->extra_tun   += src->extra_frame;
 }
 
+void
+frame_init_mssfix (struct frame *frame, const struct options *options)
+{
+  if (options->ce.mssfix)
+    {
+      frame_set_mtu_dynamic (frame, options->ce.mssfix, SET_MTU_UPPER_BOUND);
+    }
+}
+
 void
 frame_print (const struct frame *frame,
 	     int level,
diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h
index f94de89b7..0320545b1 100644
--- a/src/openvpn/mtu.h
+++ b/src/openvpn/mtu.h
@@ -135,6 +135,9 @@ struct frame {
   int align_adjust;
 };
 
+/* Forward declarations, to prevent includes */
+struct options;
+
 /* Routines which read struct frame should use the macros below */
 
 /*
@@ -227,6 +230,9 @@ void alloc_buf_sock_tun (struct buffer *buf,
 			 const bool tuntap_buffer,
 			 const unsigned int align_mask);
 
+/** Set the --mssfix option. */
+void frame_init_mssfix (struct frame *frame, const struct options *options);
+
 /*
  * EXTENDED_SOCKET_ERROR_CAPABILITY functions -- print extra error info
  * on socket errors, such as PMTU size.  As of 2003.05.11, only works
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index a220b79a5..caf3b1f62 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1691,6 +1691,7 @@ tls_session_update_crypto_params(struct tls_session *session,
       options->use_iv, options->replay, packet_id_long_form);
   frame_finalize(frame, options->ce.link_mtu_defined, options->ce.link_mtu,
       options->ce.tun_mtu_defined, options->ce.tun_mtu);
+  frame_init_mssfix(frame, options);
   frame_print (frame, D_MTU_INFO, "Data Channel MTU parms");
 
   const struct session_id *client_sid = session->opt->server ?