[PATCH 3/3] Drop packets that are too large without dropping connection
Daniel Lenski
dlenski at gmail.com
Thu May 11 09:00:40 PDT 2017
On Wed, May 10, 2017 at 8:03 PM, Nikolay Martynov <mar.kolya at gmail.com> wrote:
>
> Sometimes server sends us packets that are larger than negotiated MTU.
> Current implementation bails out in this case.
> This patch just makes openconnect to drop such packets and continue.
> It looks like data stream from VPN server is generally correct - with
> exception of packet being too large, so we can continue parsing further
> packets.
>
My concern here is that with some protocols the MTU is not known
authoritatively, and must be estimated, and might be wrong.
For example, in my fully-functional, though not yet merged, branch
supporting GlobalProtect (https://github.com/dlenski/openconnect/)
there is no way to request a specific MTU, and I have never seen a
server that actually reports the MTU correctly.
> This improves connection stability.
How so? What is the downside to accepting an unexpectedly large packet
which nevertheless managed to make it across the VPN tunnel?
-Dan
More information about the openconnect-devel
mailing list