]>
git.ipfire.org Git - thirdparty/openvpn.git/blob - src/openvpn/mtu.h
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
8 * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
31 * Packet manipulation routes such as encrypt, decrypt, compress, decompress
32 * are passed a frame buffer that looks like this:
34 * [extra_frame bytes] [mtu bytes] [extra_frame_bytes] [compression overflow bytes]
36 * Pointer passed to function points here so that routine
37 * can make use of extra_frame bytes before pointer
38 * to prepend headers, etc.
40 * extra_frame bytes is large enough for all encryption related overhead.
42 * mtu bytes will be the MTU size set in the ifconfig statement that configures
43 * the TUN or TAP device such as:
45 * ifconfig $1 10.1.0.2 pointopoint 10.1.0.1 mtu 1450
47 * Compression overflow bytes is the worst-case size expansion that would be
48 * expected if we tried to compress mtu + extra_frame bytes of incompressible data.
52 * Standard ethernet MTU
54 #define ETHERNET_MTU 1500
57 * It is a fatal error if mtu is less than
58 * this value for tun device.
60 #define TUN_MTU_MIN 100
63 * Default MTU of network over which tunnel data will pass by TCP/UDP.
65 #define LINK_MTU_DEFAULT 1500
68 * Default MTU of tunnel device.
70 #define TUN_MTU_DEFAULT 1500
73 * MTU Defaults for TAP devices
75 #define TAP_MTU_EXTRA_DEFAULT 32
78 * Default MSSFIX value, used for reducing TCP MTU size
80 #define MSSFIX_DEFAULT 1492
83 * Default maximum size of control channel packets
85 #define TLS_MTU_DEFAULT 1250
88 * Alignment of payload data such as IP packet or
91 #define PAYLOAD_ALIGN 4
94 /**************************************************************************/
96 * Packet geometry parameters.
100 /* This struct holds all the information about the buffers that are
101 * allocated to match this frame */
102 int payload_size
; /**< the maximum size that a payload that our
103 * buffers can hold from either tun device
108 int headroom
; /**< the headroom in the buffer, this is choosen
109 * to allow all potential header to be added
110 * before the packet */
112 int tailroom
; /**< the tailroom in the buffer. Chosen large
113 * enough to also accompany any extrea header
114 * or work space required by
115 * decryption/encryption or compression. */
118 uint16_t mss_fix
; /**< The actual MSS value that should be
119 * written to the payload packets. This
120 * is the value for IPv4 TCP packets. For
121 * IPv6 packets another 20 bytes must
124 int max_fragment_size
; /**< The maximum size of a fragment.
125 * Fragmentation is done on the unencrypted
126 * payload after (potential) compression. So
127 * this value specifies the maximum payload
128 * size that can be send in a single fragment
131 int tun_mtu
; /**< the (user) configured tun-mtu. This is used
132 * in configuring the tun interface or
133 * in calculations that use the desired size
134 * of the payload in the buffer.
136 * This variable is also used in control
137 * frame context to set the desired maximum
138 * control frame payload (although most of
141 int tun_max_mtu
; /**< the maximum tun-mtu size the buffers are
142 * are sized for. This is the upper bound that
143 * a server can push as MTU */
145 int extra_tun
; /**< Maximum number of bytes in excess of
146 * the tun/tap MTU that might be read
147 * from or written to the virtual
148 * tun/tap network interface.
150 * Only set with the option --tun-mtu-extra
151 * which defaults to 0 for tun and 32
152 * (\c TAP_MTU_EXTRA_DEFAULT) for tap.
156 /* Forward declarations, to prevent includes */
160 * Control buffer headroom allocations to allow for efficient prepending.
164 * Max size of a buffer used to build a packet for output to
165 * the TCP/UDP port or to read a packet from a tap/tun device.
167 * Most of our code only prepends headers but compression needs the extra bytes
168 * *after* the data as compressed data might end up larger than the original
169 * data. Also crypto needs an extra block for encryption. Therefore tailroom is
170 * larger than the headroom.
172 #define BUF_SIZE(f) ((f)->buf.headroom + (f)->buf.payload_size + (f)->buf.tailroom)
175 * Function prototypes.
178 void frame_print(const struct frame
*frame
,
182 void set_mtu_discover_type(socket_descriptor_t sd
, int mtu_type
, sa_family_t proto_af
);
184 int translate_mtu_discover_type_name(const char *name
);
186 /* forward declaration of key_type */
190 * Calculates the size of the payload according to tun-mtu and tap overhead. In
191 * this context payload is identical to the size of the plaintext.
192 * This also includes compression, fragmentation overhead, and packet id in CBC
193 * mode if these options are used.
196 * * [IP][UDP][OPENVPN PROTOCOL HEADER][ **PAYLOAD incl compression header** ]
199 frame_calculate_payload_size(const struct frame
*frame
,
200 const struct options
*options
,
201 const struct key_type
*kt
);
204 * Calculates the size of the payload overhead according to tun-mtu and
205 * tap overhead. This all the overhead that is considered part of the payload
206 * itself. The compression and fragmentation header and extra header from tap
207 * are considered part of this overhead that increases the payload larger than
210 * In CBC mode, the IV is part of the payload instead of part of the OpenVPN
211 * protocol header and is included in the returned value.
213 * In this context payload is identical to the size of the plaintext and this
214 * method can be also understand as number of bytes that are added to the
215 * plaintext before encryption.
217 * * [IP][UDP][OPENVPN PROTOCOL HEADER][ **PAYLOAD incl compression header** ]
220 frame_calculate_payload_overhead(size_t extra_tun
,
221 const struct options
*options
,
222 const struct key_type
*kt
);
226 * Calculates the size of the OpenVPN protocol header. This includes
227 * the crypto IV/tag/HMAC but does not include the IP encapsulation
229 * This does NOT include the padding and rounding of CBC size
230 * as the users (mssfix/fragment) of this function need to adjust for
231 * this and add it themselves.
233 * [IP][UDP][ **OPENVPN PROTOCOL HEADER**][PAYLOAD incl compression header]
235 * @param kt the key_type to use to calculate the crypto overhead
236 * @param options the options struct to be used to calculate
237 * @param occ Use the calculation for the OCC link-mtu
238 * @return size of the overhead in bytes
241 frame_calculate_protocol_header_size(const struct key_type
*kt
,
242 const struct options
*options
,
246 * Calculate the link-mtu to advertise to our peer. The actual value is not
247 * relevant, because we will possibly perform data channel cipher negotiation
248 * after this, but older clients will log warnings if we do not supply them the
249 * value they expect. This assumes that the traditional cipher/auth directives
250 * in the config match the config of the peer.
253 calc_options_string_link_mtu(const struct options
*options
,
254 const struct frame
*frame
);
257 * Return the size of the packet ID size that is currently in use by cipher and
258 * options for the data channel.
261 calc_packet_id_size_dc(const struct options
*options
,
262 const struct key_type
*kt
);
265 * allocate a buffer for socket or tun layer
267 void alloc_buf_sock_tun(struct buffer
*buf
,
268 const struct frame
*frame
);
271 * EXTENDED_SOCKET_ERROR_CAPABILITY functions -- print extra error info
272 * on socket errors, such as PMTU size. As of 2003.05.11, only works
276 #if EXTENDED_SOCKET_ERROR_CAPABILITY
278 void set_sock_extended_error_passing(int sd
, sa_family_t proto_af
);
280 const char *format_extended_socket_error(int fd
, int *mtu
, struct gc_arena
*gc
);
284 #endif /* ifndef MTU_H */