typedef struct private_android_service_t private_android_service_t;
-#define TUN_DEFAULT_MTU 1400
-
/**
* private data of Android service
*/
*/
int tunfd;
+ /**
+ * MTU of TUN device
+ */
+ int mtu;
+
/**
* DNS proxy
*/
return JOB_REQUEUE_DIRECT;
}
- raw = chunk_alloc(TUN_DEFAULT_MTU);
+ raw = chunk_alloc(this->mtu);
len = read(tunfd, raw.ptr, raw.len);
if (len < 0)
{
return FALSE;
}
if (!add_routes(builder, child_sa) ||
- !builder->set_mtu(builder, TUN_DEFAULT_MTU))
+ !builder->set_mtu(builder, this->mtu))
{
return FALSE;
}
.settings = settings,
.creds = creds,
.tunfd = -1,
+ .mtu = settings->get_int(settings, "global.mtu", ANDROID_DEFAULT_MTU),
);
/* only allow queries for the VPN gateway */
this->dns_proxy->add_hostname(this->dns_proxy,
#define ANDROID_RETRASNMIT_TRIES 3
#define ANDROID_RETRANSMIT_TIMEOUT 2.0
#define ANDROID_RETRANSMIT_BASE 1.4
-#define ANDROID_FRAGMENT_SIZE 1400
typedef struct private_charonservice_t private_charonservice_t;
lib->settings->set_str(lib->settings,
"charon.plugins.tnc-imc.preferred_language",
settings->get_str(settings, "global.language", "en"));
+ /* this is actually the size of the complete IKE/IP packet, so if the MTU
+ * for the TUN devices has to be reduced to pass traffic the IKE packets
+ * will be a bit smaller than necessary as there is no IPsec overhead like
+ * for the tunneled traffic (but compensating that seems like overkill) */
+ lib->settings->set_int(lib->settings,
+ "charon.fragment_size",
+ settings->get_int(settings, "global.mtu",
+ ANDROID_DEFAULT_MTU));
this->creds->clear(this->creds);
DESTROY_IF(this->service);
"charon.retransmit_timeout", ANDROID_RETRANSMIT_TIMEOUT);
lib->settings->set_double(lib->settings,
"charon.retransmit_base", ANDROID_RETRANSMIT_BASE);
- lib->settings->set_int(lib->settings,
- "charon.fragment_size", ANDROID_FRAGMENT_SIZE);
lib->settings->set_bool(lib->settings,
"charon.initiator_only", TRUE);
lib->settings->set_bool(lib->settings,
Log.i(TAG, "charon started");
SettingsWriter writer = new SettingsWriter();
writer.setValue("global.language", Locale.getDefault().getLanguage());
+ writer.setValue("global.mtu", mCurrentProfile.getMTU());
writer.setValue("connection.type", mCurrentProfile.getVpnType().getIdentifier());
writer.setValue("connection.server", mCurrentProfile.getGateway());
writer.setValue("connection.username", mCurrentProfile.getUsername());
projects / thirdparty / strongswan.git / commitdiff
