On Wed, May 10, 2017 at 8:03 PM, Nikolay Martynov <mar.kolya at gmail.com> wrote: > > Sometimes server sends us packets that are larger than negotiated MTU. > Current implementation bails out in this case. > This patch just makes openconnect to drop such packets and continue. > It looks like data stream from VPN server is generally correct - with > exception of packet being too large, so we can continue parsing further > packets. > My concern here is that with some protocols the MTU is not known authoritatively, and must be estimated, and might be wrong. For example, in my fully-functional, though not yet merged, branch supporting GlobalProtect (https://github.com/dlenski/openconnect/) there is no way to request a specific MTU, and I have never seen a server that actually reports the MTU correctly. > This improves connection stability. How so? What is the downside to accepting an unexpectedly large packet which nevertheless managed to make it across the VPN tunnel? -Dan
