Remove frame.extra_frame and frame.extra_buffer

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20220210162632.3309974-8-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23755.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/comp.c b/src/openvpn/comp.c
index 7fff869baa363d9cd4fc440e3e77e55acae5bdab..099ac0279a0556d74a4790fe39f3de2970f46d55 100644 (file)
--- a/src/openvpn/comp.c
+++ b/src/openvpn/comp.c
@@ -116,13 +116,6 @@ comp_uninit(struct compress_context *compctx)
     }
 }
 
-void
-comp_add_to_extra_frame(struct frame *frame)
-{
-    /* Leave room for our one-byte compressed/didn't-compress prefix byte. */
-    frame_add_to_extra_frame(frame, COMP_PREFIX_LEN);
-}
-
 void
 comp_print_stats(const struct compress_context *compctx, struct status_output *so)
 {

diff --git a/src/openvpn/comp.h b/src/openvpn/comp.h
index 964fbce5429b0ebc59565b1a5768230b7f6ea8f4..874036dce64e4fb92dc6f56fae3493a55dcce511 100644 (file)
--- a/src/openvpn/comp.h
+++ b/src/openvpn/comp.h
@@ -176,8 +176,6 @@ struct compress_context *comp_init(const struct compress_options *opt);
 
 void comp_uninit(struct compress_context *compctx);
 
-void comp_add_to_extra_frame(struct frame *frame);
-
 void comp_print_stats(const struct compress_context *compctx, struct status_output *so);
 
 void comp_generate_peer_info_string(const struct compress_options *opt, struct buffer *out);

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 461cfb8c38405db44616d9c63c662e030131dbeb..c8d2bcca8238a0a76cb37aefbe0b29249e17463b 100644 (file)
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -716,43 +716,6 @@ calculate_crypto_overhead(const struct key_type *kt,
     return crypto_overhead;
 }
 
-void
-crypto_adjust_frame_parameters(struct frame *frame,
-                               const struct key_type *kt,
-                               bool packet_id,
-                               bool packet_id_long_form)
-{
-    unsigned int crypto_overhead = 0;
-
-    if (packet_id)
-    {
-        crypto_overhead += packet_id_size(packet_id_long_form);
-    }
-
-    if (cipher_defined(kt->cipher))
-    {
-        crypto_overhead += cipher_kt_iv_size(kt->cipher);
-
-        if (cipher_kt_mode_aead(kt->cipher))
-        {
-            crypto_overhead += cipher_kt_tag_size(kt->cipher);
-        }
-
-        /* extra block required by cipher_ctx_update() */
-        crypto_overhead += cipher_kt_block_size(kt->cipher);
-    }
-
-    if (md_defined(kt->digest))
-    {
-        crypto_overhead += md_kt_size(kt->digest);
-    }
-
-    frame_add_to_extra_frame(frame, crypto_overhead);
-
-    msg(D_MTU_DEBUG, "%s: Adjusting frame parameters for crypto by %u bytes",
-        __func__, crypto_overhead);
-}
-
 unsigned int
 crypto_max_overhead(void)
 {

diff --git a/src/openvpn/fragment.c b/src/openvpn/fragment.c
index f10fa9ac4300841693ce403715107534f572b302..949db8f52bb9ba46708f8294a061483e26f9221d 100644 (file)
--- a/src/openvpn/fragment.c
+++ b/src/openvpn/fragment.c
@@ -96,9 +96,6 @@ fragment_init(struct frame *frame)
      * fragment_master assume an initial CLEAR */
     ALLOC_OBJ_CLEAR(ret, struct fragment_master);
 
-    /* add in the size of our contribution to the expanded frame size */
-    frame_add_to_extra_frame(frame, sizeof(fragment_header_type));
-
     /*
      * Outgoing sequence ID is randomized to reduce
      * the probability of sequence number collisions

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index fc9273b46ae34d8ef39e52917113cf9987501c22..21adc3cf549782469524abd7a178e45ac82905ca 100644 (file)
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2597,10 +2597,6 @@ do_init_crypto_static(struct context *c, const unsigned int flags)
     /* Get key schedule */
     c->c2.crypto_options.key_ctx_bi = c->c1.ks.static_key;
 
-    /* Compute MTU parameters */
-    crypto_adjust_frame_parameters(&c->c2.frame, &c->c1.ks.key_type,
-                                   options->replay, true);
-
     /* Sanity check on sequence number, and cipher mode options */
     check_replay_consistency(&c->c1.ks.key_type, options->replay);
 }
@@ -2792,19 +2788,6 @@ do_init_crypto_tls(struct context *c, const unsigned int flags)
     /* In short form, unique datagram identifier is 32 bits, in long form 64 bits */
     packet_id_long_form = cipher_kt_mode_ofb_cfb(c->c1.ks.key_type.cipher);
 
-    /* Compute MTU parameters (postpone if we push/pull options) */
-    if (c->options.pull || c->options.mode == MODE_SERVER)
-    {
-        /* Account for worst-case crypto overhead before allocating buffers */
-        frame_add_to_extra_frame(&c->c2.frame, crypto_max_overhead());
-    }
-    else
-    {
-        crypto_adjust_frame_parameters(&c->c2.frame, &c->c1.ks.key_type,
-                                       options->replay, packet_id_long_form);
-    }
-    tls_adjust_frame_parameters(&c->c2.frame);
-
     /* Set all command-line TLS-related options */
     CLEAR(to);
 
@@ -2957,8 +2940,6 @@ do_init_crypto_tls(struct context *c, const unsigned int flags)
         to.tls_wrap.opt.key_ctx_bi = c->c1.ks.tls_wrap_key;
         to.tls_wrap.opt.pid_persist = &c->c1.pid_persist;
         to.tls_wrap.opt.flags |= CO_PACKET_ID_LONG_FORM;
-        crypto_adjust_frame_parameters(&to.frame, &c->c1.ks.tls_auth_key_type,
-                                       true, true);
     }
 
     /* TLS handshake encryption (--tls-crypt) */
@@ -2969,7 +2950,6 @@ do_init_crypto_tls(struct context *c, const unsigned int flags)
         to.tls_wrap.opt.key_ctx_bi = c->c1.ks.tls_wrap_key;
         to.tls_wrap.opt.pid_persist = &c->c1.pid_persist;
         to.tls_wrap.opt.flags |= CO_PACKET_ID_LONG_FORM;
-        tls_crypt_adjust_frame_parameters(&to.frame);
 
         if (options->ce.tls_crypt_v2_file)
         {
@@ -2987,10 +2967,6 @@ do_init_crypto_tls(struct context *c, const unsigned int flags)
         }
     }
 
-    /* If we are running over TCP, allow for
-     * length prefix */
-    socket_adjust_frame_parameters(&to.frame, options->ce.proto);
-
     /*
      * Initialize OpenVPN's master TLS-mode object.
      */
@@ -3064,20 +3040,6 @@ do_init_crypto(struct context *c, const unsigned int flags)
 static void
 do_init_frame(struct context *c)
 {
-#ifdef USE_COMP
-    /*
-     * modify frame parameters if compression is enabled
-     */
-    if (comp_enabled(&c->options.comp))
-    {
-        comp_add_to_extra_frame(&c->c2.frame);
-
-#ifdef ENABLE_FRAGMENT
-        comp_add_to_extra_frame(&c->c2.frame_fragment_omit); /* omit compression frame delta from final frame_fragment */
-#endif
-    }
-#endif /* USE_COMP */
-
     /*
      * Adjust frame size based on the --tun-mtu-extra parameter.
      */
@@ -3086,29 +3048,12 @@ do_init_frame(struct context *c)
         frame_add_to_extra_tun(&c->c2.frame, c->options.ce.tun_mtu_extra);
     }
 
-    /*
-     * Adjust frame size based on link socket parameters.
-     * (Since TCP is a stream protocol, we need to insert
-     * a packet length uint16_t in the buffer.)
-     */
-    socket_adjust_frame_parameters(&c->c2.frame, c->options.ce.proto);
-
     /*
      * Fill in the blanks in the frame parameters structure,
      * make sure values are rational, etc.
      */
     frame_finalize_options(c, NULL);
 
-#ifdef USE_COMP
-    /*
-     * Modify frame parameters if compression is compiled in.
-     * Should be called after frame_finalize_options.
-     */
-#ifdef ENABLE_FRAGMENT
-    /*TODO:frame comp_add_to_extra_buffer(&c->c2.frame_fragment_omit);  omit compression frame delta from final frame_fragment */
-#endif
-#endif /* USE_COMP */
-
 #ifdef ENABLE_FRAGMENT
     /*
      * Set frame parameter for fragment code.  This is necessary because
@@ -3116,7 +3061,6 @@ do_init_frame(struct context *c)
      * passed through the compression code.
      */
     c->c2.frame_fragment = c->c2.frame;
-    frame_subtract_extra(&c->c2.frame_fragment, &c->c2.frame_fragment_omit);
     c->c2.frame_fragment_initial = c->c2.frame_fragment;
 #endif
 

diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index c9cd0e38f7d5e6c2445ed19aab7310cfc3bc24e4..3e48d2753dfc2f04778d33ed886e708561f0b29d 100644 (file)
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -205,18 +205,6 @@ calc_options_string_link_mtu(const struct options *o, const struct frame *frame)
     return payload + overhead;
 }
 
-/*
- * Move extra_frame octets into extra_tun.  Used by fragmenting code
- * to adjust frame relative to its position in the buffer processing
- * queue.
- */
-void
-frame_subtract_extra(struct frame *frame, const struct frame *src)
-{
-    frame->extra_frame -= src->extra_frame;
-    frame->extra_tun   += src->extra_frame;
-}
-
 void
 frame_print(const struct frame *frame,
             int level,
@@ -237,8 +225,6 @@ frame_print(const struct frame *frame,
     buf_printf(&out, " headroom:%d", frame->buf.headroom);
     buf_printf(&out, " payload:%d", frame->buf.payload_size);
     buf_printf(&out, " tailroom:%d", frame->buf.tailroom);
-    buf_printf(&out, " EF:%d", frame->extra_frame);
-    buf_printf(&out, " EB:%d", frame->extra_buffer);
     buf_printf(&out, " ET:%d", frame->extra_tun);
     buf_printf(&out, " ]");
 

diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h
index 86c0f2ac19db5a86ff1a8b4608f5cd6190ed1cb2..dddbf4fc6e280576a05f851501f47d166232265b 100644 (file)
--- a/src/openvpn/mtu.h
+++ b/src/openvpn/mtu.h
@@ -123,13 +123,6 @@ struct frame {
                                  * size that can be send in a single fragment
                                  */
 
-    int extra_frame;            /**< Maximum number of bytes that all
-                                 *   processing steps together could add.
-                                 *   @code
-                                 *   frame.link_mtu = "socket MTU" - extra_frame;
-                                 *   @endcode
-                                 */
-
     int tun_mtu;                /**< the (user) configured tun-mtu. This is used
                                  *   in configuring the tun interface or
                                  *   in calculations that use the desired size
@@ -141,16 +134,6 @@ struct frame {
                                  *   code ignores it)
                                  */
 
-    int extra_buffer;           /**< Maximum number of bytes that
-                                 *   processing steps could expand the
-                                 *   internal work buffer.
-                                 *
-                                 *   This is used by the \link compression
-                                 *   Data Channel Compression
-                                 *   module\endlink to give enough working
-                                 *   space for worst-case expansion of
-                                 *   incompressible content. */
-
     int extra_tun;              /**< Maximum number of bytes in excess of
                                  *   the tun/tap MTU that might be read
                                  *   from or written to the virtual
@@ -196,9 +179,8 @@ struct options;
  *
  * Most of our code only prepends headers but compression needs the extra bytes
  * *after* the data as compressed data might end up larger than the original
- * data (and max compression overhead is part of extra_buffer). Also crypto
- * needs an extra block for encryption. Therefore tailroom is larger than the
- * headroom.
+ * data. Also crypto needs an extra block for encryption. Therefore tailroom is
+ * larger than the headroom.
  */
 #define BUF_SIZE(f) ((f)->buf.headroom + (f)->buf.payload_size + (f)->buf.tailroom)
 
@@ -208,8 +190,6 @@ struct options;
  * Function prototypes.
  */
 
-void frame_subtract_extra(struct frame *frame, const struct frame *src);
-
 void frame_print(const struct frame *frame,
                  int level,
                  const char *prefix);
@@ -331,30 +311,12 @@ const char *format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc);
  * frame member adjustment functions
  */
 
-static inline void
-frame_add_to_extra_frame(struct frame *frame, const unsigned int increment)
-{
-    frame->extra_frame += increment;
-}
-
-static inline void
-frame_remove_from_extra_frame(struct frame *frame, const unsigned int decrement)
-{
-    frame->extra_frame -= decrement;
-}
-
 static inline void
 frame_add_to_extra_tun(struct frame *frame, const int increment)
 {
     frame->extra_tun += increment;
 }
 
-static inline void
-frame_add_to_extra_buffer(struct frame *frame, const int increment)
-{
-    frame->extra_buffer += increment;
-}
-
 static inline bool
 frame_defined(const struct frame *frame)
 {

diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c
index c2f0ca012e0e2a9fe760402870f4cdfbdf27bf92..10a798a59f12b85f865aeaf624702dfd4b93a23b 100644 (file)
--- a/src/openvpn/reliable.c
+++ b/src/openvpn/reliable.c
@@ -251,13 +251,6 @@ error:
     return false;
 }
 
-/* add to extra_frame the maximum number of bytes we will need for reliable_ack_write */
-void
-reliable_ack_adjust_frame_parameters(struct frame *frame, int max)
-{
-    frame_add_to_extra_frame(frame, ACK_SIZE(max));
-}
-
 /* print a reliable ACK record coming off the wire */
 const char *
 reliable_ack_print(struct buffer *buf, bool verbose, struct gc_arena *gc)

diff --git a/src/openvpn/reliable.h b/src/openvpn/reliable.h
index 99a4bc6d1c23c0170d17af199cbdf0d53ac957ab..cd80bbfb2371c8141527ea5d4f9bd8153d62e0d9 100644 (file)
--- a/src/openvpn/reliable.h
+++ b/src/openvpn/reliable.h
@@ -210,9 +210,6 @@ void reliable_init(struct reliable *rel, int buf_size, int offset, int array_siz
  */
 void reliable_free(struct reliable *rel);
 
-/* add to extra_frame the maximum number of bytes we will need for reliable_ack_write */
-void reliable_ack_adjust_frame_parameters(struct frame *frame, int max);
-
 /** @} name Functions for initialization and cleanup */
 
 

diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index be66994f04ecd90cc20c202dfb496629f15eca60..0f34a5de8366ecdcf971e6adcefc56a6c40e4363 100644 (file)
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -2285,16 +2285,6 @@ link_socket_close(struct link_socket *sock)
     }
 }
 
-/* for stream protocols, allow for packet length prefix */
-void
-socket_adjust_frame_parameters(struct frame *frame, int proto)
-{
-    if (link_socket_proto_connection_oriented(proto))
-    {
-        frame_add_to_extra_frame(frame, sizeof(packet_size_type));
-    }
-}
-
 void
 setenv_trusted(struct env_set *es, const struct link_socket_info *info)
 {

diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h
index 51f28ba5ad8067db0a5da9c9321f391f0b9c6676..e9f1524dc206019c7757cbccef8b6dc7eee8f9f4 100644 (file)
--- a/src/openvpn/socket.h
+++ b/src/openvpn/socket.h
@@ -331,8 +331,6 @@ void link_socket_init_phase2(struct context *c);
 
 void do_preresolve(struct context *c);
 
-void socket_adjust_frame_parameters(struct frame *frame, int proto);
-
 void link_socket_close(struct link_socket *sock);
 
 void sd_close(socket_descriptor_t *sd);

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 306c2efd7a8ae21eb399e5bf3f4129dd8375ea97..ae6a99144ae6e312c53edc00a25edca67c00943e 100644 (file)
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -295,18 +295,6 @@ tls_limit_reneg_bytes(const char *ciphername, int *reneg_bytes)
     }
 }
 
-/*
- * Max number of bytes we will add
- * for data structures common to both
- * data and control channel packets.
- * (opcode only).
- */
-void
-tls_adjust_frame_parameters(struct frame *frame)
-{
-    frame_add_to_extra_frame(frame, 1); /* space for opcode */
-}
-
 /*
  * Max number of bytes we will add
  * to control channel packet.
@@ -320,11 +308,6 @@ tls_init_control_channel_frame_parameters(const struct frame *data_channel_frame
      * if --tls-auth is enabled.
      */
 
-    /* set extra_frame */
-    tls_adjust_frame_parameters(frame);
-    reliable_ack_adjust_frame_parameters(frame, CONTROL_SEND_ACK_MAX);
-    frame_add_to_extra_frame(frame, SID_SIZE + sizeof(packet_id_type));
-
     /* calculate the maximum overhead that control channel frames may have */
     int overhead = 0;
 
@@ -1908,10 +1891,6 @@ tls_session_update_crypto_params_do_work(struct tls_session *session,
         session->opt->crypto_flags |= CO_PACKET_ID_LONG_FORM;
     }
 
-    /* Update frame parameters: undo worst-case overhead, add actual overhead */
-    frame_remove_from_extra_frame(frame, crypto_max_overhead());
-    crypto_adjust_frame_parameters(frame, &session->opt->key_type,
-                                   options->replay, packet_id_long_form);
     frame_calculate_dynamic(frame, &session->opt->key_type, options, lsi);
 
     frame_print(frame, D_MTU_INFO, "Data Channel MTU parms");

diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h
index bc8842d33d5c7cfad431854b1b4a8c75e2499a59..cf754ad283cddc08042d7d19b0cdde90fc317f78 100644 (file)
--- a/src/openvpn/ssl.h
+++ b/src/openvpn/ssl.h
@@ -471,11 +471,6 @@ void ssl_put_auth_challenge(const char *cr_str);
 
 #endif
 
-/*
- * Reserve any extra space required on frames.
- */
-void tls_adjust_frame_parameters(struct frame *frame);
-
 /*
  * Send a payload over the TLS control channel
  */

diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index d940ec303e51daabfd2754a4530840ec65ff6a45..610168b0a335d2203277d0f0e25397858c8c891b 100644 (file)
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -89,16 +89,6 @@ tls_crypt_init_key(struct key_ctx_bi *key, const char *key_file,
                             "Control Channel Encryption", "tls-crypt");
 }
 
-void
-tls_crypt_adjust_frame_parameters(struct frame *frame)
-{
-    frame_add_to_extra_frame(frame, tls_crypt_buf_overhead());
-
-    msg(D_MTU_DEBUG, "%s: Adjusting frame parameters for tls-crypt by %i bytes",
-        __func__, tls_crypt_buf_overhead());
-}
-
-
 bool
 tls_crypt_wrap(const struct buffer *src, struct buffer *dst,
                struct crypto_options *opt)

diff --git a/src/openvpn/tls_crypt.h b/src/openvpn/tls_crypt.h
index 81d0a10eee3026eca0718b4384b3b4f699fda765..928ff5475836623ecb834a6a889a7bc231e0188d 100644 (file)
--- a/src/openvpn/tls_crypt.h
+++ b/src/openvpn/tls_crypt.h
@@ -123,11 +123,6 @@ void tls_crypt_init_key(struct key_ctx_bi *key, const char *key_file,
  */
 int tls_crypt_buf_overhead(void);
 
-/**
- * Adjust frame parameters for --tls-crypt overhead.
- */
-void tls_crypt_adjust_frame_parameters(struct frame *frame);
-
 /**
  * Wrap a control channel packet (both authenticates and encrypts the data).
  *