]> git.ipfire.org Git - thirdparty/openvpn.git/blob - src/openvpn/mtu.h
projects / thirdparty / openvpn.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update Copyright statements to 2024
[thirdparty/openvpn.git] / src / openvpn / mtu.h
1 /*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23
24 #ifndef MTU_H
25 #define MTU_H
26
27 #include "buffer.h"
28
29 /*
30 *
31 * Packet manipulation routes such as encrypt, decrypt, compress, decompress
32 * are passed a frame buffer that looks like this:
33 *
34 * [extra_frame bytes] [mtu bytes] [extra_frame_bytes] [compression overflow bytes]
35 * ^
36 * Pointer passed to function points here so that routine
37 * can make use of extra_frame bytes before pointer
38 * to prepend headers, etc.
39 *
40 * extra_frame bytes is large enough for all encryption related overhead.
41 *
42 * mtu bytes will be the MTU size set in the ifconfig statement that configures
43 * the TUN or TAP device such as:
44 *
45 * ifconfig $1 10.1.0.2 pointopoint 10.1.0.1 mtu 1450
46 *
47 * Compression overflow bytes is the worst-case size expansion that would be
48 * expected if we tried to compress mtu + extra_frame bytes of incompressible data.
49 */
50
51 /*
52 * Standard ethernet MTU
53 */
54 #define ETHERNET_MTU 1500
55
56 /*
57 * It is a fatal error if mtu is less than
58 * this value for tun device.
59 */
60 #define TUN_MTU_MIN 100
61
62 /*
63 * Default MTU of network over which tunnel data will pass by TCP/UDP.
64 */
65 #define LINK_MTU_DEFAULT 1500
66
67 /*
68 * Default MTU of tunnel device.
69 */
70 #define TUN_MTU_DEFAULT 1500
71
72 /*
73 * MTU Defaults for TAP devices
74 */
75 #define TAP_MTU_EXTRA_DEFAULT 32
76
77 /*
78 * Default MSSFIX value, used for reducing TCP MTU size
79 */
80 #define MSSFIX_DEFAULT 1492
81
82 /*
83 * Default maximum size of control channel packets
84 */
85 #define TLS_MTU_DEFAULT 1250
86
87 /*
88 * Alignment of payload data such as IP packet or
89 * ethernet frame.
90 */
91 #define PAYLOAD_ALIGN 4
92
93
94 /**************************************************************************/
95 /**
96 * Packet geometry parameters.
97 */
98 struct frame {
99 struct {
100 /* This struct holds all the information about the buffers that are
101 * allocated to match this frame */
102 int payload_size; /**< the maximum size that a payload that our
103 * buffers can hold from either tun device
104 * or network link.
105 */
106
107
108 int headroom; /**< the headroom in the buffer, this is choosen
109 * to allow all potential header to be added
110 * before the packet */
111
112 int tailroom; /**< the tailroom in the buffer. Chosen large
113 * enough to also accompany any extrea header
114 * or work space required by
115 * decryption/encryption or compression. */
116 } buf;
117
118 uint16_t mss_fix; /**< The actual MSS value that should be
119 * written to the payload packets. This
120 * is the value for IPv4 TCP packets. For
121 * IPv6 packets another 20 bytes must
122 * be subtracted */
123
124 int max_fragment_size; /**< The maximum size of a fragment.
125 * Fragmentation is done on the unencrypted
126 * payload after (potential) compression. So
127 * this value specifies the maximum payload
128 * size that can be send in a single fragment
129 */
130
131 int tun_mtu; /**< the (user) configured tun-mtu. This is used
132 * in configuring the tun interface or
133 * in calculations that use the desired size
134 * of the payload in the buffer.
135 *
136 * This variable is also used in control
137 * frame context to set the desired maximum
138 * control frame payload (although most of
139 * code ignores it)
140 */
141 int tun_max_mtu; /**< the maximum tun-mtu size the buffers are
142 * are sized for. This is the upper bound that
143 * a server can push as MTU */
144
145 int extra_tun; /**< Maximum number of bytes in excess of
146 * the tun/tap MTU that might be read
147 * from or written to the virtual
148 * tun/tap network interface.
149 *
150 * Only set with the option --tun-mtu-extra
151 * which defaults to 0 for tun and 32
152 * (\c TAP_MTU_EXTRA_DEFAULT) for tap.
153 * */
154 };
155
156 /* Forward declarations, to prevent includes */
157 struct options;
158
159 /*
160 * Control buffer headroom allocations to allow for efficient prepending.
161 */
162
163 /*
164 * Max size of a buffer used to build a packet for output to
165 * the TCP/UDP port or to read a packet from a tap/tun device.
166 *
167 * Most of our code only prepends headers but compression needs the extra bytes
168 * *after* the data as compressed data might end up larger than the original
169 * data. Also crypto needs an extra block for encryption. Therefore tailroom is
170 * larger than the headroom.
171 */
172 #define BUF_SIZE(f) ((f)->buf.headroom + (f)->buf.payload_size + (f)->buf.tailroom)
173
174 /*
175 * Function prototypes.
176 */
177
178 void frame_print(const struct frame *frame,
179 int level,
180 const char *prefix);
181
182 void set_mtu_discover_type(socket_descriptor_t sd, int mtu_type, sa_family_t proto_af);
183
184 int translate_mtu_discover_type_name(const char *name);
185
186 /* forward declaration of key_type */
187 struct key_type;
188
189 /**
190 * Calculates the size of the payload according to tun-mtu and tap overhead. In
191 * this context payload is identical to the size of the plaintext.
192 * This also includes compression, fragmentation overhead, and packet id in CBC
193 * mode if these options are used.
194 *
195 *
196 * * [IP][UDP][OPENVPN PROTOCOL HEADER][ **PAYLOAD incl compression header** ]
197 */
198 size_t
199 frame_calculate_payload_size(const struct frame *frame,
200 const struct options *options,
201 const struct key_type *kt);
202
203 /**
204 * Calculates the size of the payload overhead according to tun-mtu and
205 * tap overhead. This all the overhead that is considered part of the payload
206 * itself. The compression and fragmentation header and extra header from tap
207 * are considered part of this overhead that increases the payload larger than
208 * tun-mtu.
209 *
210 * In CBC mode, the IV is part of the payload instead of part of the OpenVPN
211 * protocol header and is included in the returned value.
212 *
213 * In this context payload is identical to the size of the plaintext and this
214 * method can be also understand as number of bytes that are added to the
215 * plaintext before encryption.
216 *
217 * * [IP][UDP][OPENVPN PROTOCOL HEADER][ **PAYLOAD incl compression header** ]
218 */
219 size_t
220 frame_calculate_payload_overhead(size_t extra_tun,
221 const struct options *options,
222 const struct key_type *kt);
223
224
225 /**
226 * Calculates the size of the OpenVPN protocol header. This includes
227 * the crypto IV/tag/HMAC but does not include the IP encapsulation
228 *
229 * This does NOT include the padding and rounding of CBC size
230 * as the users (mssfix/fragment) of this function need to adjust for
231 * this and add it themselves.
232 *
233 * [IP][UDP][ **OPENVPN PROTOCOL HEADER**][PAYLOAD incl compression header]
234 *
235 * @param kt the key_type to use to calculate the crypto overhead
236 * @param options the options struct to be used to calculate
237 * @param occ Use the calculation for the OCC link-mtu
238 * @return size of the overhead in bytes
239 */
240 size_t
241 frame_calculate_protocol_header_size(const struct key_type *kt,
242 const struct options *options,
243 bool occ);
244
245 /**
246 * Calculate the link-mtu to advertise to our peer. The actual value is not
247 * relevant, because we will possibly perform data channel cipher negotiation
248 * after this, but older clients will log warnings if we do not supply them the
249 * value they expect. This assumes that the traditional cipher/auth directives
250 * in the config match the config of the peer.
251 */
252 size_t
253 calc_options_string_link_mtu(const struct options *options,
254 const struct frame *frame);
255
256 /**
257 * Return the size of the packet ID size that is currently in use by cipher and
258 * options for the data channel.
259 */
260 unsigned int
261 calc_packet_id_size_dc(const struct options *options,
262 const struct key_type *kt);
263
264 /*
265 * allocate a buffer for socket or tun layer
266 */
267 void alloc_buf_sock_tun(struct buffer *buf,
268 const struct frame *frame);
269
270 /*
271 * EXTENDED_SOCKET_ERROR_CAPABILITY functions -- print extra error info
272 * on socket errors, such as PMTU size. As of 2003.05.11, only works
273 * on Linux 2.4+.
274 */
275
276 #if EXTENDED_SOCKET_ERROR_CAPABILITY
277
278 void set_sock_extended_error_passing(int sd, sa_family_t proto_af);
279
280 const char *format_extended_socket_error(int fd, int *mtu, struct gc_arena *gc);
281
282 #endif
283
284 #endif /* ifndef MTU_H */
Mirror of https://github.com/OpenVPN/openvpn.git