Skip to content

Commit

Permalink
tun_recv: removed mssfix limit for IPv4 traffic if DF is not set
Browse files Browse the repository at this point in the history
Signed-off-by: Marco Baffo <[email protected]>
  • Loading branch information
mrbff committed Sep 4, 2024
1 parent 9cafba7 commit 7248f4b
Showing 1 changed file with 16 additions and 1 deletion.
17 changes: 16 additions & 1 deletion openvpn/client/cliproto.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -443,12 +443,27 @@ class Session : ProtoContextCallbackInterface,
if (buf.size())
{
const ProtoContext::ProtoConfig &c = proto_context.conf();

const uint8_t* packet_data = buf.data();
bool df = true;

// Check if the packet is IPv4
if (IPCommon::version(packet_data[0]) == IPCommon::IPv4 && buf.size() >= sizeof(struct IPv4Header))
{
// The Flags field is in the 6th byte (starting from index 6) of the IPv4 header
uint16_t flags_and_fragment_offset = ntohs(*(uint16_t*)&packet_data[6]);

// The DF bit is the 2nd bit in the Flags field (0x4000 in big-endian)
df = (flags_and_fragment_offset & 0x4000) != 0;
}

// when calculating mss, we take IPv4 and TCP headers into account
// here we need to add it back since we check the whole IP packet size, not just TCP payload
constexpr size_t MinTcpHeader = 20;
constexpr size_t MinIpHeader = 20;
size_t mss_no_tcp_ip_encap = c.mss_fix + (MinTcpHeader + MinIpHeader);
if (c.mss_fix > 0 && buf.size() > mss_no_tcp_ip_encap)

if (df && c.mss_fix > 0 && buf.size() > mss_no_tcp_ip_encap)
{
Ptb::generate_icmp_ptb(buf, clamp_to_typerange<unsigned short>(mss_no_tcp_ip_encap));
tun->tun_send(buf);
Expand Down

0 comments on commit 7248f4b

Please sign in to comment.