From f4bfdec21f3400d8de3872cad3b8f00c3499471b Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 5 Nov 2021 08:46:48 +0100 Subject: [PATCH] kernel-pfroute: Set lower MTU on TUN devices The default MTU of 1500 is too high if kernel-libipsec is used (considering the overhead of UDP-encapsulated ESP), but might also have an effect if a TUN device is only used to install a virtual IP (the route points to it, so the system might use its MTU and 1500 would still be too high). This also works around an issue on macOS 12 where no RTM_IFINFO event is sent for the newly created TUN device (neither for the creation, setting it "up", nor adding the address). Changing the MTU, however, triggers such an event and we can detect the virtual IP. Closes strongswan/strongswan#707 --- conf/plugins/kernel-pfroute.opt | 3 +++ .../plugins/kernel_pfroute/kernel_pfroute_net.c | 13 ++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/conf/plugins/kernel-pfroute.opt b/conf/plugins/kernel-pfroute.opt index 8b9bb9169a..4642035454 100644 --- a/conf/plugins/kernel-pfroute.opt +++ b/conf/plugins/kernel-pfroute.opt @@ -1,3 +1,6 @@ +charon.plugins.kernel-pfroute.mtu = 1400 + MTU to set on TUN devices created for virtual IPs. + charon.plugins.kernel-pfroute.vip_wait = 1000 Time in ms to wait until virtual IP addresses appear/disappear before failing. diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c index 97eeda7d3b..affee8c5ed 100644 --- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -58,6 +58,9 @@ /** delay before reinstalling routes (ms) */ #define ROUTE_DELAY 100 +/** default MTU for TUN devices */ +#define TUN_DEFAULT_MTU 1400 + typedef struct addr_entry_t addr_entry_t; /** @@ -410,6 +413,11 @@ struct private_kernel_pfroute_net_t */ int vip_wait; + /** + * MTU to set on TUN devices + */ + uint32_t mtu; + /** * whether to actually install virtual IPs */ @@ -1235,7 +1243,8 @@ METHOD(kernel_net_t, add_ip, status_t, { prefix = vip->get_address(vip).len * 8; } - if (!tun->up(tun) || !tun->set_address(tun, vip, prefix)) + if (!tun->up(tun) || !tun->set_address(tun, vip, prefix) || + !tun->set_mtu(tun, this->mtu)) { tun->destroy(tun); return FAILED; @@ -2088,6 +2097,8 @@ kernel_pfroute_net_t *kernel_pfroute_net_create() .roam_lock = spinlock_create(), .vip_wait = lib->settings->get_int(lib->settings, "%s.plugins.kernel-pfroute.vip_wait", 1000, lib->ns), + .mtu = lib->settings->get_int(lib->settings, + "%s.plugins.kernel-pfroute.mtu", TUN_DEFAULT_MTU, lib->ns), .install_virtual_ip = lib->settings->get_bool(lib->settings, "%s.install_virtual_ip", TRUE, lib->ns), ); -- 2.47.2