/* possibly alter the TCP MSS */
if (flags & PIP_MSSFIX)
{
- mss_fixup_ipv4(&ipbuf, MTU_TO_MSS(TUN_MTU_SIZE_DYNAMIC(&c->c2.frame)));
+ mss_fixup_ipv4(&ipbuf, c->c2.frame.mss_fix);
}
/* possibly do NAT on packet */
/* possibly alter the TCP MSS */
if (flags & PIP_MSSFIX)
{
- mss_fixup_ipv6(&ipbuf,
- MTU_TO_MSS(TUN_MTU_SIZE_DYNAMIC(&c->c2.frame)));
+ mss_fixup_ipv6(&ipbuf, c->c2.frame.mss_fix);
}
if (!(flags & PIP_OUTGOING) && (flags
&(PIPV6_IMCP_NOHOST_CLIENT | PIPV6_IMCP_NOHOST_SERVER)))
#include "tls_crypt.h"
#include "forward.h"
#include "auth_token.h"
+#include "mss.h"
#include "memdbg.h"
#endif
/* initialize dynamic MTU variable */
- frame_init_mssfix(&c->c2.frame, &c->options);
+ frame_calculate_mssfix(&c->c2.frame, &c->c1.ks.key_type, &c->options);
/* bind the TCP/UDP socket */
if (c->mode == CM_P2P || c->mode == CM_TOP || c->mode == CM_CHILD_TCP)
#include "syshead.h"
#include "error.h"
#include "mss.h"
+#include "crypto.h"
+#include "ssl_common.h"
#include "memdbg.h"
/*
}
}
}
+
+void
+frame_calculate_mssfix(struct frame *frame, struct key_type *kt,
+ const struct options *options)
+{
+ if (options->ce.mssfix == 0)
+ {
+ return;
+ }
+
+ unsigned int payload_size;
+ unsigned int overhead;
+
+
+ payload_size = frame_calculate_payload_size(frame, options);
+
+ overhead = frame_calculate_protocol_header_size(kt, options,
+ payload_size, false);
+
+ /* Calculate the number of bytes that the payload differs from the payload
+ * MTU. This are fragment/compression/ethernet headers */
+ unsigned payload_overhead = frame_calculate_payload_overhead(frame, options, true);
+
+ /* We are in a "liberal" position with respect to MSS,
+ * i.e. we assume that MSS can be calculated from MTU
+ * by subtracting out only the IP and TCP header sizes
+ * without options.
+ *
+ * (RFC 879, section 7). */
+
+ /* Add 20 bytes for the IPv4 header and 20 byte for the TCP header of the
+ * payload, the mssfix method will add 20 extra if payload is IPv6 */
+ overhead += 20 + 20;
+
+ /* Calculate the maximum MSS value from the max link layer size specified
+ * by ce.mssfix */
+ frame->mss_fix = options->ce.mssfix - overhead - payload_overhead;
+}
#include "proto.h"
#include "error.h"
+#include "mtu.h"
+#include "ssl_common.h"
void mss_fixup_ipv4(struct buffer *buf, int maxmss);
void mss_fixup_dowork(struct buffer *buf, uint16_t maxmss);
+/** Set the --mssfix option. */
+void frame_calculate_mssfix(struct frame *frame, struct key_type *kt,
+ const struct options *options);
+
#endif
frame->extra_tun += src->extra_frame;
}
-void
-frame_init_mssfix(struct frame *frame, const struct options *options)
-{
- if (options->ce.mssfix)
- {
- frame_set_mtu_dynamic(frame, options->ce.mssfix, SET_MTU_UPPER_BOUND);
- }
-}
-
void
frame_print(const struct frame *frame,
int level,
int link_mtu; /**< Maximum packet size to be sent over
* the external network interface. */
+ unsigned int mss_fix; /**< The actual MSS value that should be
+ * written to the payload packets. This
+ * is the value for IPv4 TCP packets. For
+ * IPv6 packets another 20 bytes must
+ * be subtracted */
+
int link_mtu_dynamic; /**< Dynamic MTU value for the external
* network interface. */
* This is the size to "ifconfig" the tun or tap device.
*/
#define TUN_MTU_SIZE(f) ((f)->link_mtu - TUN_LINK_DELTA(f))
-#define TUN_MTU_SIZE_DYNAMIC(f) ((f)->link_mtu_dynamic - TUN_LINK_DELTA(f))
/*
* This is the maximum packet size that we need to be able to
const struct frame *frame,
const bool tuntap_buffer);
-/** Set the --mssfix option. */
-void frame_init_mssfix(struct frame *frame, const struct options *options);
-
/*
* EXTENDED_SOCKET_ERROR_CAPABILITY functions -- print extra error info
* on socket errors, such as PMTU size. As of 2003.05.11, only works
acc -= (u32) >> 16; \
}
-/*
- * We are in a "liberal" position with respect to MSS,
- * i.e. we assume that MSS can be calculated from MTU
- * by subtracting out only the IP and TCP header sizes
- * without options.
- *
- * (RFC 879, section 7).
- */
-#define MTU_TO_MSS(mtu) (mtu - sizeof(struct openvpn_iphdr) \
- - sizeof(struct openvpn_tcphdr))
-
/*
* This returns an ip protocol version of packet inside tun
* and offset of IP header (via parameter).
#include "ssl_ncp.h"
#include "ssl_util.h"
#include "auth_token.h"
+#include "mss.h"
#include "memdbg.h"
options->replay, packet_id_long_form);
frame_finalize(frame, options->ce.link_mtu_defined, options->ce.link_mtu,
options->ce.tun_mtu_defined, options->ce.tun_mtu);
- frame_init_mssfix(frame, options);
+ frame_calculate_mssfix(frame, &session->opt->key_type, options);
frame_print(frame, D_MTU_INFO, "Data Channel MTU parms");
/*
projects / thirdparty / openvpn.git / commitdiff
