Try to read more than a single packet from the TUN device.

src/tlslib.c

@@ -64,6 +64,32 @@ ssize_t tls_send(gnutls_session_t session, const void *data,
 	return data_size;
 }
 
+/* Note that data will be modified and must have one byte
+ * available before its start address.
+ */
+ssize_t dtls_send_data(gnutls_session_t session, void *data,
+			size_t data_size, size_t mtu)
+{
+	int ret;
+	int left = data_size;
+	uint8_t* p = data;
+
+	while(left > 0) {
+		*(p-1) = AC_PKT_DATA;
+		ret = gnutls_record_send(session, p-1, MIN(mtu, left+1));
+		if (ret < 0 && (ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED)) {
+			return ret;
+		}
+
+		if (ret > 0) {
+			left -= ret-1;
+			p += ret-1;
+		}
+	}
+
+	return data_size;
+}
+
 /* Same as tls_send() but will not retry on EAGAIN errors */
 ssize_t tls_send_nowait(gnutls_session_t session, const void *data,
 			size_t data_size)

src/tlslib.h

@@ -38,6 +38,9 @@ ssize_t tls_send(gnutls_session_t session, const void *data,
 ssize_t tls_send_nowait(gnutls_session_t session, const void *data,
 			size_t data_size);
 
+ssize_t dtls_send_data(gnutls_session_t session, void *data,
+			size_t data_size, size_t mtu);
+
 void tls_cork(gnutls_session_t session);
 int tls_uncork(gnutls_session_t session);
 

src/worker-vpn.c

@@ -1217,7 +1217,7 @@ static int tun_mainloop(struct worker_st *ws, struct timespec *tnow,
 	int ret, l, e;
 	unsigned tls_retry;
 
-	l = read(ws->tun_fd, ws->buffer + 8, ws->conn_mtu);
+	l = read(ws->tun_fd, ws->buffer + 8, ws->buffer_size-8);
 	if (l < 0) {
 		e = errno;
 
@@ -1245,7 +1245,7 @@ static int tun_mainloop(struct worker_st *ws, struct timespec *tnow,
 		if (fds->dtls_writable && ws->udp_state == UP_ACTIVE) {
 			ws->buffer[7] = AC_PKT_DATA;
 
-			ret = tls_send(ws->dtls_session, ws->buffer + 7, l + 1);
+			ret = dtls_send_data(ws->dtls_session, ws->buffer + 7, l, ws->conn_mtu+1);
 			GNUTLS_FATAL_ERR(ret);
 
 			if (ret == GNUTLS_E_LARGE_PACKET) {