From 048b25ba45d06d812bfc9d07ab23fda699dfa402 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Thu, 15 Jan 2015 18:31:33 +0100
Subject: [PATCH] Made the no-compress-limit configurable

---
 doc/sample.config   | 9 +++++++++
 src/config.c        | 4 ++++
 src/ocserv-args.def | 6 ++++++
 src/vpn.h           | 3 +++
 src/worker-vpn.c    | 5 ++---
 5 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/doc/sample.config b/doc/sample.config
index fdeb42de..64b5d3ef 100644
--- a/doc/sample.config
+++ b/doc/sample.config
@@ -139,6 +139,15 @@ server-key = ../tests/server-key.pem
 # The revocation list of the certificates issued by the 'ca-cert' above.
 #crl = /path/to/crl.pem
 
+# Uncomment this to disable compression negotiation.
+#disable-compression = true
+
+# Set the minimum size under which a packet will not be compressed.
+# That is to allow low-latency for VoIP packets. The default size
+# is 64 bytes. Modify it if the clients typically use compression
+# as well of VoIP with codecs that exceed the default value.
+#no-compress-limit = 256
+
 # GnuTLS priority string; note that SSL 3.0 is disabled by default
 # as there are no openconnect (and possibly anyconnect clients) using
 # that protocol. The default string below enforces perfect forward secrecy (PFS) 
diff --git a/src/config.c b/src/config.c
index 99659bfc..aaf3011f 100644
--- a/src/config.c
+++ b/src/config.c
@@ -65,6 +65,7 @@ static struct cfg_options available_options[] = {
 	{ .name = "listen-host", .type = OPTION_STRING, .mandatory = 0 },
 	{ .name = "listen-host-is-dyndns", .type = OPTION_BOOLEAN, .mandatory = 0 },
 	{ .name = "disable-compression", .type = OPTION_BOOLEAN, .mandatory = 0 },
+	{ .name = "no-compress-limit", .type = OPTION_NUMERIC, .mandatory = 0 },
 	{ .name = "tcp-port", .type = OPTION_NUMERIC, .mandatory = 0 },
 	{ .name = "udp-port", .type = OPTION_NUMERIC, .mandatory = 0 },
 	{ .name = "keepalive", .type = OPTION_NUMERIC, .mandatory = 0 },
@@ -572,6 +573,9 @@ unsigned force_cert_auth;
 	}
 
 	READ_TF("disable-compression", config->disable_compression, 0);
+	READ_NUMERIC("no-compress-limit", config->no_compress_limit);
+	if (config->no_compress_limit < MIN_NO_COMPRESS_LIMIT)
+		config->no_compress_limit = MIN_NO_COMPRESS_LIMIT;
 
 	READ_TF("use-seccomp", config->isolate, 0);
 	if (config->isolate) {
diff --git a/src/ocserv-args.def b/src/ocserv-args.def
index 599bbb92..4a456534 100644
--- a/src/ocserv-args.def
+++ b/src/ocserv-args.def
@@ -229,6 +229,12 @@ server-key = /path/to/key.pem
 # Uncomment this to disable compression negotiation.
 #disable-compression = true
 
+# Set the minimum size under which a packet will not be compressed.
+# That is to allow low-latency for VoIP packets. The default size
+# is 64 bytes. Modify it if the clients typically use compression
+# as well of VoIP with codecs that exceed the default value.
+#no-compress-limit = 256
+
 # GnuTLS priority string; note that SSL 3.0 is disabled by default
 # as there are no openconnect (and possibly anyconnect clients) using
 # that protocol. The string below does not enforce perfect forward
diff --git a/src/vpn.h b/src/vpn.h
index e2dc6d0d..e722a724 100644
--- a/src/vpn.h
+++ b/src/vpn.h
@@ -56,6 +56,8 @@ typedef enum {
 	OC_COMP_LZS,
 } comp_type_t;
 
+#define MIN_NO_COMPRESS_LIMIT 64
+
 #define DEBUG_BASIC 1
 #define DEBUG_HTTP  2
 #define DEBUG_TRANSFERRED 5
@@ -219,6 +221,7 @@ struct cfg_st {
 	gnutls_certificate_request_t cert_req;
 	char *priorities;
 	unsigned disable_compression;
+	unsigned no_compress_limit;	/* under this size (in bytes) of data there will be no compression */
 	char *chroot_dir;	/* where the xml files are served from */
 	char *banner;
 	char *ocsp_response; /* file with the OCSP response */
diff --git a/src/worker-vpn.c b/src/worker-vpn.c
index dd692054..5aae06b6 100644
--- a/src/worker-vpn.c
+++ b/src/worker-vpn.c
@@ -65,7 +65,6 @@
 /* The number of DPD packets a client skips before he's kicked */
 #define DPD_TRIES 2
 #define DPD_MAX_TRIES 3
-#define MIN_COMPRESSED_SIZE 40
 
 /* HTTP requests prior to disconnection */
 #define MAX_HTTP_REQUESTS 16
@@ -1232,7 +1231,7 @@ static int tun_mainloop(struct worker_st *ws, struct timespec *tnow)
 	cstp_to_send.data = ws->buffer;
 	cstp_to_send.size = l;
 
-	if (ws->udp_state == UP_ACTIVE && ws->dtls_selected_comp != NULL && l > MIN_COMPRESSED_SIZE) {
+	if (ws->udp_state == UP_ACTIVE && ws->dtls_selected_comp != NULL && l > ws->config->no_compress_limit) {
 		/* otherwise don't compress */
 		ret = ws->dtls_selected_comp->compress(ws->decomp+8, sizeof(ws->decomp)-8, ws->buffer, l);
 		if (ret > 0 && ret < l) {
@@ -1248,7 +1247,7 @@ static int tun_mainloop(struct worker_st *ws, struct timespec *tnow)
 				}
 			}
 		}
-	} else if (ws->cstp_selected_comp != NULL && l > MIN_COMPRESSED_SIZE) {
+	} else if (ws->cstp_selected_comp != NULL && l > ws->config->no_compress_limit) {
 		/* otherwise don't compress */
 		ret = ws->cstp_selected_comp->compress(ws->decomp+8, sizeof(ws->decomp)-8, ws->buffer, l);
 		if (ret > 0 && ret < l) {