mtu discovery via DPD is optional

doc/ocserv.1

@@ -2,7 +2,7 @@
 .\"
 .\"  DO NOT EDIT THIS FILE   (ocserv-args.man)
 .\"  
-.\"  It has been AutoGen-ed  February 16, 2013 at 04:40:04 PM by AutoGen 5.16
+.\"  It has been AutoGen-ed  February 16, 2013 at 04:46:24 PM by AutoGen 5.16
 .\"  From the definitions    ../src/ocserv-args.def.tmp
 .\"  and the template file   agman-cmd.tpl
 .\"
@@ -171,7 +171,7 @@ max\-clients = 16
 .sp
 # Limit the number of identical clients (i.e., users connecting multiple times)
 # Unset or set to zero for unlimited.
-max\-same\-clients = 1
+max\-same\-clients = 2
 .sp
 # TCP and UDP port number
 tcp\-port = 3333
@@ -183,6 +183,9 @@ keepalive = 32400
 # Dead peer detection in seconds
 dpd = 240
 .sp
+# MTU discovery (DPD must be enabled)
+try\-mtu\-discovery = false
+.sp
 # The key and the certificates of the server
 # The key may be a file, or any URL supported by GnuTLS (i.e., tpmkey or pkcs11)
 server\-cert = /path/to/cert.pem

src/config.c

@@ -154,6 +154,7 @@ unsigned j;
 		READ_STRING("pid-file", pid_file, 0);
 
 	READ_TF("use-utmp", config->use_utmp, 0, 1);
+	READ_TF("try-mtu-discovery", config->try_mtu, 0, 0);
 
 	READ_STRING("tls-priorities", config->priorities, 0);
 	READ_STRING("chroot-dir", config->chroot_dir, 0);

src/ocserv-args.c

@@ -2,7 +2,7 @@
  *  
  *  DO NOT EDIT THIS FILE   (ocserv-args.c)
  *  
- *  It has been AutoGen-ed  February 16, 2013 at 04:40:03 PM by AutoGen 5.16
+ *  It has been AutoGen-ed  February 16, 2013 at 04:46:20 PM by AutoGen 5.16
  *  From the definitions    ocserv-args.def
  *  and the template file   options
  *

src/ocserv-args.def

@@ -91,7 +91,7 @@ max-clients = 16
 
 # Limit the number of identical clients (i.e., users connecting multiple times)
 # Unset or set to zero for unlimited.
-max-same-clients = 1
+max-same-clients = 2
 
 # TCP and UDP port number
 tcp-port = 3333
@@ -103,6 +103,9 @@ keepalive = 32400
 # Dead peer detection in seconds
 dpd = 240
 
+# MTU discovery (DPD must be enabled)
+try-mtu-discovery = false
+
 # The key and the certificates of the server
 # The key may be a file, or any URL supported by GnuTLS (i.e., tpmkey or pkcs11)
 server-cert = /path/to/cert.pem

src/ocserv-args.h

@@ -2,7 +2,7 @@
  *  
  *  DO NOT EDIT THIS FILE   (ocserv-args.h)
  *  
- *  It has been AutoGen-ed  February 16, 2013 at 04:40:02 PM by AutoGen 5.16
+ *  It has been AutoGen-ed  February 16, 2013 at 04:46:20 PM by AutoGen 5.16
  *  From the definitions    ocserv-args.def
  *  and the template file   options
  *

src/vpn.h

@@ -75,6 +75,7 @@ struct cfg_st {
 	unsigned max_clients;
 	unsigned max_same_clients;
 	unsigned use_utmp;
+	unsigned try_mtu; /* MTU discovery enabled */
 
 	/* if gdbm is there */
 	char* cookie_db_name;

src/worker-vpn.c

@@ -979,7 +979,7 @@ time_t now;
 				
 				/* if we received a dpd sooner than expected reply with minimal
 				 * data */
-				if (ws->dpd_mtu_trial == 0 || now-ws->last_dpd_udp <= ws->config->dpd/2) {
+				if (ws->config->try_mtu == 0 || ws->dpd_mtu_trial == 0 || now-ws->last_dpd_udp <= ws->config->dpd/2) {
 					l = 1;
 					if (now-ws->last_dpd_udp <= ws->config->dpd/2)
 						mtu_not_ok(ws);
@@ -995,7 +995,7 @@ time_t now;
 					mtu_not_ok(ws);
 					tls_send(ts, ws->buffer, 1);
 					ret = 1;
-				} else if (ret > 0 && ws->dpd_mtu_trial > 0) {
+				} else if (ws->config->try_mtu != 0 && ret > 0 && ws->dpd_mtu_trial > 0) {
 					mtu_ok(ws);
 				}