pMTU discovery

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2012-05-31 at 11:44 +0200, Bernhard Schmidt wrote:
> we're currently testing OpenConnect 3.20 against our new shiny ASA Beta 
> which finally does IPv6 transport. However, when we do use that, we have 
> MTU problems on the link. The official AnyConnect client works fine.

It'd be very interesting to know where the Cisco client gets its numbers
from. How does this compare?

diff --git a/cstp.c b/cstp.c
index dbc24b9..5910940 100644
--- a/cstp.c
+++ b/cstp.c
@@ -32,6 +32,9 @@
 #include <errno.h>
 #include <stdlib.h>
 #include <stdio.h>
+#include <netinet/tcp.h>
+#include <sys/types.h>
+#include <sys/socket.h>
 
 #include <openssl/ssl.h>
 #include <openssl/err.h>
@@ -86,6 +89,48 @@ static int  __attribute__ ((format (printf, 3, 4)))
 	return ret;
 }
 
+static void calculate_mtu(struct openconnect_info *vpninfo, int *base_mtu, int *mtu)
+{
+#ifdef TCP_MAXSEG
+	int mss;
+	socklen_t mss_size = sizeof(mss);
+#endif
+#ifdef TCP_INFO
+	struct tcp_info ti;
+	socklen_t ti_size = sizeof(ti);
+#endif
+	if (vpninfo->mtu) {
+		/* User override */
+		*base_mtu = 0;
+		*mtu = vpninfo->mtu;
+	}
+#ifdef TCP_INFO
+	else if (!getsockopt(vpninfo->ssl_fd, SOL_TCP, TCP_INFO, &ti, &ti_size)) {
+		vpn_progress(vpninfo, PRG_TRACE,
+			     _("TCP_INFO rcv mss %d, snd mss %d, adv mss %d, pmtu %d\n"),
+			     ti.tcpi_rcv_mss, ti.tcpi_snd_mss, ti.tcpi_advmss, ti.tcpi_pmtu);
+		*base_mtu = ti.tcpi_pmtu;
+		if (ti.tcpi_rcv_mss < ti.tcpi_snd_mss)
+			*mtu = ti.tcpi_rcv_mss;
+		else
+			*mtu = ti.tcpi_snd_mss;
+	}
+#endif
+#ifdef TCP_MAXSEG
+	else if (!getsockopt(vpninfo->ssl_fd, SOL_TCP, TCP_MAXSEG, &mss, &mss_size)) {
+		vpn_progress(vpninfo, PRG_TRACE, _("TCP_MAXSEG %d\n"), mss);
+		*mtu = mss;
+		/* Erm, how do we sanely find the base MTU? */
+		*base_mtu = 1500;
+	}
+#endif
+	else {
+		/* Default */
+		*base_mtu = 0;
+		*mtu = 1406;
+	}
+}
+
 static int start_cstp_connection(struct openconnect_info *vpninfo)
 {
 	char buf[65536];
@@ -100,6 +145,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 	const char *old_addr6 = vpninfo->vpn_addr6;
 	const char *old_netmask6 = vpninfo->vpn_netmask6;
 	struct split_include *inc;
+	int base_mtu, mtu;
 
 	/* Clear old options which will be overwritten */
 	vpninfo->vpn_addr = vpninfo->vpn_netmask = NULL;
@@ -132,6 +178,8 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 	}
 
  retry:
+	calculate_mtu(vpninfo, &base_mtu, &mtu);
+
 	buf[0] = 0;
 	buf_append(buf, sizeof(buf), "CONNECT /CSCOSSLC/tunnel HTTP/1.1\r\n");
 	buf_append(buf, sizeof(buf), "Host: %s\r\n", vpninfo->hostname);
@@ -141,7 +189,9 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 	buf_append(buf, sizeof(buf), "X-CSTP-Hostname: %s\r\n", vpninfo->localname);
 	if (vpninfo->deflate && i < sizeof(buf))
 		buf_append(buf, sizeof(buf), "X-CSTP-Accept-Encoding: deflate;q=1.0\r\n");
-	buf_append(buf, sizeof(buf), "X-CSTP-MTU: %d\r\n", vpninfo->mtu);
+	if (base_mtu)
+		buf_append(buf, sizeof(buf), "X-CSTP-Base-MTU: %d\r\n", base_mtu);
+	buf_append(buf, sizeof(buf), "X-CSTP-MTU: %d\r\n", mtu);
 	buf_append(buf, sizeof(buf), "X-CSTP-Address-Type: %s\r\n",
 			       vpninfo->disable_ipv6?"IPv4":"IPv6,IPv4");
 	buf_append(buf, sizeof(buf), "X-DTLS-Master-Secret: ");
diff --git a/main.c b/main.c
index 6f7f86c..9f52ed1 100644
--- a/main.c
+++ b/main.c
@@ -412,7 +412,7 @@ int main(int argc, char **argv)
 	/* Set up some defaults */
 	vpninfo->tun_fd = vpninfo->ssl_fd = vpninfo->dtls_fd = vpninfo->new_dtls_fd = -1;
 	vpninfo->useragent = openconnect_create_useragent("Open AnyConnect VPN Agent");
-	vpninfo->mtu = 1406;
+	vpninfo->mtu = 0;
 	vpninfo->deflate = 1;
 	vpninfo->dtls_attempt_period = 60;
 	vpninfo->max_qlen = 10;

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120608/00ab415f/attachment.bin>


[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux