Instead relying on the link_mtu_dynamic field and its calculation
in the frame struct, add a new field max_fragment_size and add
a calculation of it similar to mssfix.
Also whenever mssfix value is calculated, we also want to calculate
the values for fragment as both options need to be calculated from
the real overhead.
Signed-off-by: Arne Schwabe
---
Changes.rst | 9 +--
doc/man-sections/link-options.rst | 13 ++--
src/openvpn/forward.c | 3 +-
src/openvpn/fragment.c| 4 +-
src/openvpn/init.c| 23 +++
src/openvpn/mss.c | 101 +++---
src/openvpn/mss.h | 13 +++-
src/openvpn/mtu.c | 66 +--
src/openvpn/mtu.h | 22 +++
src/openvpn/options.c | 12 +++-
src/openvpn/options.h | 2 +
src/openvpn/socket.c | 11
src/openvpn/socket.h | 2 -
src/openvpn/ssl.c | 20 ++
14 files changed, 157 insertions(+), 144 deletions(-)
diff --git a/Changes.rst b/Changes.rst
index cf6a2f86d..c673196fa 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -63,10 +63,11 @@ Optional ciphers in ``--data-ciphers``
those as optional and only use them if the SSL library supports them.
-Improved ``--mssfix`` calculation
-The ``--mssfix`` option now allows an optional :code:`mtu` parameter to
specify
-that different overhead for IPv4/IPv6 should taken into account and the
resulting
-size is specified as the total size of the VPN packets including IP and
UDP headers.
+Improved ``--mssfix`` and ``--fragement`` calculation
+The ``--mssfix`` and ``--fragment`` options now allow an optional
:code:`mtu`
+parameter to specify that different overhead for IPv4/IPv6 should taken
into
+account and the resulting size is specified as the total size of the VPN
packets
+including IP and UDP headers.
Deprecated features
---
diff --git a/doc/man-sections/link-options.rst
b/doc/man-sections/link-options.rst
index f41c0c4f1..b71656e0b 100644
--- a/doc/man-sections/link-options.rst
+++ b/doc/man-sections/link-options.rst
@@ -24,13 +24,18 @@ the local and the remote host.
from any address, not only the address which was specified in the
``--remote`` option.
---fragment max
+--fragment max [mtu]
Enable internal datagram fragmentation so that no UDP datagrams are sent
which are larger than ``max`` bytes.
- The ``max`` parameter is interpreted in the same way as the
- ``--link-mtu`` parameter, i.e. the UDP packet size after encapsulation
- overhead has been added in, but not including the UDP header itself.
+ If the :code:`mtu` parameter is present the ``max`` parameter is
+ interpreted to include IP and UDP encapsulation overhead. The
+ :code:`mtu` parameter is introduced in OpenVPN version 2.6.0.
+
+ If the :code:`mtu` parameter is absent, the ``max`` parameter is
+ interpreted in the same way as the ``--link-mtu`` parameter, i.e.
+ the UDP packet size after encapsulation overhead has been added in,
+ but not including the UDP header itself.
The ``--fragment`` option only makes sense when you are using the UDP
protocol (``--proto udp``).
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 6de6b4d49..3f362e95d 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -482,8 +482,7 @@ check_fragment(struct context *c)
/* OS MTU Hint? */
if (lsi->mtu_changed && lsi->lsa)
{
-frame_adjust_path_mtu(>c2.frame_fragment, c->c2.link_socket->mtu,
- lsi->lsa->actual.dest.addr.sa.sa_family,
lsi->proto);
+frame_adjust_path_mtu(c);
lsi->mtu_changed = false;
}
diff --git a/src/openvpn/fragment.c b/src/openvpn/fragment.c
index 6f8fb4476..ce8cd3489 100644
--- a/src/openvpn/fragment.c
+++ b/src/openvpn/fragment.c
@@ -335,12 +335,12 @@ fragment_outgoing(struct fragment_master *f, struct
buffer *buf,
msg(D_FRAG_ERRORS, "FRAG: outgoing buffer is not empty,
len=[%d,%d]",
buf->len, f->outgoing.len);
}
-if (buf->len > PAYLOAD_SIZE_DYNAMIC(frame)) /* should we fragment? */
+if (buf->len > frame->max_fragment_size) /* should we fragment? */
{
/*
* Send the datagram as a series of 2 or more fragments.
*/
-f->outgoing_frag_size = optimal_fragment_size(buf->len,
PAYLOAD_SIZE_DYNAMIC(frame));
+f->outgoing_frag_size = optimal_fragment_size(buf->len,
frame->max_fragment_size);
if (buf->len > f->outgoing_frag_size * MAX_FRAGS)
{
FRAG_ERR("too many fragments would be required to send
datagram");
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index b3653971c..31ae250bc 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2535,14 +2535,6 @@