diff options
| author | Steffan Karger | 2016-06-08 14:20:39 +0200 |
|---|---|---|
| committer | Gert Doering | 2016-06-08 20:17:27 +0200 |
| commit | 358f513c008bf01fadb82759ac75ffb8613fc785 (patch) | |
| tree | 372bd6ca51cae54da78cc6183f314520f76f4154 | |
| parent | 859c9f412455665635964519f3e44a0b4151a787 (diff) | |
| download | openvpn-358f513c008bf01fadb82759ac75ffb8613fc785.zip openvpn-358f513c008bf01fadb82759ac75ffb8613fc785.tar.gz | |
Don't limit max incoming message size based on c2->frame
"Be conservative in what you send, be liberal in what you accept"
When receiving packets, the real limitation of how much data we can accept
is the size of our internal buffers, not the maximum size we expect
incoming packets to have.
I ran into this while working on cipher negotiation, which will need
separate bookkeeping for the required internal buffer size, and the
link/tun MTU. Basing this code on the buffer size instead of c2->frame
makes that easier. A nice side-effect of this change is that it
simplifies the code.
This should also reduce the impact of using asymmetric tun/link MTU's,
such as in trac ticket #647.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1465388443-15484-2-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11850
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 3c1b19e04745177185decd14da82c71458442b82)
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Conflicts:
src/openvpn/socket.c
| -rw-r--r-- | src/openvpn/forward.c | 1 | ||||
| -rw-r--r-- | src/openvpn/socket.c | 9 | ||||
| -rw-r--r-- | src/openvpn/socket.h | 4 |
3 files changed, 4 insertions, 10 deletions
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index d55fa3b..5ba6fcb 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -674,7 +674,6 @@ read_incoming_link (struct context *c) status = link_socket_read (c->c2.link_socket, &c->c2.buf, - MAX_RW_SIZE_LINK (&c->c2.frame), &c->c2.from); if (socket_connection_reset (c->c2.link_socket, status)) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index b7ac339..c76fd36 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -2697,7 +2697,6 @@ union openvpn_pktinfo { static socklen_t link_socket_read_udp_posix_recvmsg (struct link_socket *sock, struct buffer *buf, - int maxsize, struct link_socket_actual *from) { struct iovec iov; @@ -2706,7 +2705,7 @@ link_socket_read_udp_posix_recvmsg (struct link_socket *sock, socklen_t fromlen = sizeof (from->dest.addr); iov.iov_base = BPTR (buf); - iov.iov_len = maxsize; + iov.iov_len = buf_forward_capacity_total (buf); mesg.msg_iov = &iov; mesg.msg_iovlen = 1; mesg.msg_name = &from->dest.addr; @@ -2760,20 +2759,18 @@ link_socket_read_udp_posix_recvmsg (struct link_socket *sock, int link_socket_read_udp_posix (struct link_socket *sock, struct buffer *buf, - int maxsize, struct link_socket_actual *from) { socklen_t fromlen = sizeof (from->dest.addr); socklen_t expectedlen = af_addr_size(proto_sa_family(sock->info.proto)); addr_zero_host(&from->dest); - ASSERT (buf_safe (buf, maxsize)); #if ENABLE_IP_PKTINFO /* Both PROTO_UDPv4 and PROTO_UDPv6 */ if (proto_is_udp(sock->info.proto) && sock->sockflags & SF_USE_IP_PKTINFO) - fromlen = link_socket_read_udp_posix_recvmsg (sock, buf, maxsize, from); + fromlen = link_socket_read_udp_posix_recvmsg (sock, buf, from); else #endif - buf->len = recvfrom (sock->sd, BPTR (buf), maxsize, 0, + buf->len = recvfrom (sock->sd, BPTR (buf), buf_forward_capacity(buf), 0, &from->dest.addr.sa, &fromlen); if (buf->len >= 0 && expectedlen && fromlen != expectedlen) bad_address_length (fromlen, expectedlen); diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index b7a4e01..22eac54 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -865,7 +865,6 @@ link_socket_read_udp_win32 (struct link_socket *sock, int link_socket_read_udp_posix (struct link_socket *sock, struct buffer *buf, - int maxsize, struct link_socket_actual *from); #endif @@ -874,7 +873,6 @@ int link_socket_read_udp_posix (struct link_socket *sock, static inline int link_socket_read (struct link_socket *sock, struct buffer *buf, - int maxsize, struct link_socket_actual *from) { if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */ @@ -884,7 +882,7 @@ link_socket_read (struct link_socket *sock, #ifdef WIN32 res = link_socket_read_udp_win32 (sock, buf, from); #else - res = link_socket_read_udp_posix (sock, buf, maxsize, from); + res = link_socket_read_udp_posix (sock, buf, from); #endif return res; } |