ocserv: website and mtu problems
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Sep 30 04:50:58 EDT 2013
On 09/30/2013 03:29 AM, Yin Guanhao wrote:
> On 09/30/13 02:00, Nikos Mavrogiannopoulos wrote:
>>> 2. MTU of the tun device seems to be 9 bytes larger than it should be.
>>> I was not able to browse some https sites, and tcpdump said there are
>>> truncated ip packets. After manually setting the MTU 9 bytes smaller,
>>> everything worked.
>> There have been quite some fixes regarding to MTU handling. Do you use
>> the latest version (0.1.6)?
> I might not have made it clear that it is the MTU of the client side tun
> device that is 9 bytes larger.
Thanks. That could be the issue. Could you try this patch?
I'm not sure about the 9 bytes larger though. Could it be 8 bytes
instead? I cannot think what this extra byte is for.
regards,
Nikos
-------------- next part --------------
diff --git a/src/worker-vpn.c b/src/worker-vpn.c
index abd8a5e..081d579 100644
--- a/src/worker-vpn.c
+++ b/src/worker-vpn.c
@@ -971,8 +971,9 @@ socklen_t sl;
oclog(ws, LOG_INFO, "reducing DTLS MTU to peer's DTLS MTU (%u)", req->dtls_mtu);
}
- overhead = tls_get_overhead(GNUTLS_DTLS0_9, ws->req.gnutls_cipher, ws->req.gnutls_mac);
+ overhead = CSTP_DTLS_OVERHEAD + tls_get_overhead(GNUTLS_DTLS0_9, ws->req.gnutls_cipher, ws->req.gnutls_mac);
tls_printf(ws->session, "X-DTLS-MTU: %u\r\n", ws->conn_mtu-overhead);
+ oclog(ws, LOG_INFO, "suggesting DTLS MTU %u", ws->conn_mtu-overhead);
}
if (ws->buffer_size <= ws->conn_mtu+mtu_overhead) {
@@ -983,11 +984,12 @@ socklen_t sl;
goto exit;
}
- overhead = tls_get_overhead(gnutls_protocol_get_version(ws->session), gnutls_cipher_get(ws->session), gnutls_mac_get(ws->session));
+ overhead = CSTP_OVERHEAD + tls_get_overhead(gnutls_protocol_get_version(ws->session), gnutls_cipher_get(ws->session), gnutls_mac_get(ws->session));
ret = tls_printf(ws->session, "X-CSTP-MTU: %u\r\n", ws->conn_mtu-overhead);
SEND_ERR(ret);
+ oclog(ws, LOG_INFO, "suggesting CSTP MTU %u", ws->conn_mtu-overhead);
- oclog(ws, LOG_INFO, "selected MTU is %u", ws->conn_mtu);
+ oclog(ws, LOG_INFO, "plaintext MTU is %u", ws->conn_mtu);
send_tun_mtu(ws, ws->conn_mtu);
if (ws->config->banner) {
More information about the openconnect-devel
mailing list