diff options
| author | Steffan Karger | 2017-11-24 14:58:23 +0100 |
|---|---|---|
| committer | Gert Doering | 2017-11-24 15:04:20 +0100 |
| commit | 3b9cce657b0ba876c56ee6f14664a8a77f5b82d5 (patch) | |
| tree | fe06b265f4eed0af0ffd04118498e57cd44e8d43 /src/openvpn/forward.c | |
| parent | bd89ebd6a82856c7939b4ade35d14d0178a96986 (diff) | |
| download | openvpn-3b9cce657b0ba876c56ee6f14664a8a77f5b82d5.zip openvpn-3b9cce657b0ba876c56ee6f14664a8a77f5b82d5.tar.gz | |
Use P_DATA_V2 for server->client packets too
P_DATA_V2 introduced the peer-id. This allows clients to float, but as a
side-effect 32-bit aligns the encrypted data. That alignment improves
performance particularly on cheaper/older CPUs. So although servers don't
actually have a peer-id, still use the V2 packet format (with a zero-id)
for server->client traffic too.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1511531903-19349-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/search?l=mid&q=1511531903-19349-1-git-send-email-steffan.karger@fox-it.com
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/forward.c')
| -rw-r--r-- | src/openvpn/forward.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 1b7455b..a868a8f 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -496,7 +496,7 @@ encrypt_sign(struct context *c, bool comp_frag) /* If using P_DATA_V2, prepend the 1-byte opcode and 3-byte peer-id to the * packet before openvpn_encrypt(), so we can authenticate the opcode too. */ - if (c->c2.buf.len > 0 && !c->c2.tls_multi->opt.server && c->c2.tls_multi->use_peer_id) + if (c->c2.buf.len > 0 && c->c2.tls_multi->use_peer_id) { tls_prepend_opcode_v2(c->c2.tls_multi, &b->encrypt_buf); } @@ -512,7 +512,7 @@ encrypt_sign(struct context *c, bool comp_frag) /* Do packet administration */ if (c->c2.tls_multi) { - if (c->c2.buf.len > 0 && (c->c2.tls_multi->opt.server || !c->c2.tls_multi->use_peer_id)) + if (c->c2.buf.len > 0 && !c->c2.tls_multi->use_peer_id) { tls_prepend_opcode_v1(c->c2.tls_multi, &c->c2.buf); } |