From: Steffan Karger Date: Wed, 8 Jun 2016 12:20:39 +0000 (+0200) Subject: Don't limit max incoming message size based on c2->frame X-Git-Tag: v2.4_alpha1~74 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3c1b19e04745177185decd14da82c71458442b82;p=thirdparty%2Fopenvpn.git Don't limit max incoming message size based on c2->frame "Be conservative in what you send, be liberal in what you accept" When receiving packets, the real limitation of how much data we can accept is the size of our internal buffers, not the maximum size we expect incoming packets to have. I ran into this while working on cipher negotiation, which will need separate bookkeeping for the required internal buffer size, and the link/tun MTU. Basing this code on the buffer size instead of c2->frame makes that easier. A nice side-effect of this change is that it simplifies the code. This should also reduce the impact of using asymmetric tun/link MTU's, such as in trac ticket #647. Signed-off-by: Steffan Karger Acked-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <1465388443-15484-2-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/11850 Signed-off-by: Gert Doering --- diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 4a91f9206..2c9a0826f 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -669,7 +669,6 @@ read_incoming_link (struct context *c) status = link_socket_read (c->c2.link_socket, &c->c2.buf, - MAX_RW_SIZE_LINK (&c->c2.frame), &c->c2.from); if (socket_connection_reset (c->c2.link_socket, status)) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index f7264ef62..d2872bedf 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -2886,7 +2886,6 @@ union openvpn_pktinfo { static socklen_t link_socket_read_udp_posix_recvmsg (struct link_socket *sock, struct buffer *buf, - int maxsize, struct link_socket_actual *from) { struct iovec iov; @@ -2895,7 +2894,7 @@ link_socket_read_udp_posix_recvmsg (struct link_socket *sock, socklen_t fromlen = sizeof (from->dest.addr); iov.iov_base = BPTR (buf); - iov.iov_len = maxsize; + iov.iov_len = buf_forward_capacity_total (buf); mesg.msg_iov = &iov; mesg.msg_iovlen = 1; mesg.msg_name = &from->dest.addr; @@ -2954,20 +2953,18 @@ link_socket_read_udp_posix_recvmsg (struct link_socket *sock, int link_socket_read_udp_posix (struct link_socket *sock, struct buffer *buf, - int maxsize, struct link_socket_actual *from) { socklen_t fromlen = sizeof (from->dest.addr); socklen_t expectedlen = af_addr_size(sock->info.af); addr_zero_host(&from->dest); - ASSERT (buf_safe (buf, maxsize)); #if ENABLE_IP_PKTINFO /* Both PROTO_UDPv4 and PROTO_UDPv6 */ if (sock->info.proto == PROTO_UDP && sock->sockflags & SF_USE_IP_PKTINFO) - fromlen = link_socket_read_udp_posix_recvmsg (sock, buf, maxsize, from); + fromlen = link_socket_read_udp_posix_recvmsg (sock, buf, from); else #endif - buf->len = recvfrom (sock->sd, BPTR (buf), maxsize, 0, + buf->len = recvfrom (sock->sd, BPTR (buf), buf_forward_capacity(buf), 0, &from->dest.addr.sa, &fromlen); /* FIXME: won't do anything when sock->info.af == AF_UNSPEC */ if (buf->len >= 0 && expectedlen && fromlen != expectedlen) diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index b154bc021..6f4d34f12 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -961,7 +961,6 @@ link_socket_read_udp_win32 (struct link_socket *sock, int link_socket_read_udp_posix (struct link_socket *sock, struct buffer *buf, - int maxsize, struct link_socket_actual *from); #endif @@ -970,7 +969,6 @@ int link_socket_read_udp_posix (struct link_socket *sock, static inline int link_socket_read (struct link_socket *sock, struct buffer *buf, - int maxsize, struct link_socket_actual *from) { if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */ @@ -980,7 +978,7 @@ link_socket_read (struct link_socket *sock, #ifdef WIN32 res = link_socket_read_udp_win32 (sock, buf, from); #else - res = link_socket_read_udp_posix (sock, buf, maxsize, from); + res = link_socket_read_udp_posix (sock, buf, from); #endif return res; }