From ba80139452a5ded46d7b15b306a532db1d175863 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 16 Feb 2013 16:46:37 +0100 Subject: [PATCH] mtu discovery via DPD is optional --- doc/ocserv.1 | 7 +++++-- src/config.c | 1 + src/ocserv-args.c | 2 +- src/ocserv-args.def | 5 ++++- src/ocserv-args.h | 2 +- src/vpn.h | 1 + src/worker-vpn.c | 4 ++-- 7 files changed, 15 insertions(+), 7 deletions(-) diff --git a/doc/ocserv.1 b/doc/ocserv.1 index 9334f749..c76a0a28 100644 --- a/doc/ocserv.1 +++ b/doc/ocserv.1 @@ -2,7 +2,7 @@ .\" .\" DO NOT EDIT THIS FILE (ocserv-args.man) .\" -.\" It has been AutoGen-ed February 16, 2013 at 04:40:04 PM by AutoGen 5.16 +.\" It has been AutoGen-ed February 16, 2013 at 04:46:24 PM by AutoGen 5.16 .\" From the definitions ../src/ocserv-args.def.tmp .\" and the template file agman-cmd.tpl .\" @@ -171,7 +171,7 @@ max\-clients = 16 .sp # Limit the number of identical clients (i.e., users connecting multiple times) # Unset or set to zero for unlimited. -max\-same\-clients = 1 +max\-same\-clients = 2 .sp # TCP and UDP port number tcp\-port = 3333 @@ -183,6 +183,9 @@ keepalive = 32400 # Dead peer detection in seconds dpd = 240 .sp +# MTU discovery (DPD must be enabled) +try\-mtu\-discovery = false +.sp # The key and the certificates of the server # The key may be a file, or any URL supported by GnuTLS (i.e., tpmkey or pkcs11) server\-cert = /path/to/cert.pem diff --git a/src/config.c b/src/config.c index 84d541c0..50c6f679 100644 --- a/src/config.c +++ b/src/config.c @@ -154,6 +154,7 @@ unsigned j; READ_STRING("pid-file", pid_file, 0); READ_TF("use-utmp", config->use_utmp, 0, 1); + READ_TF("try-mtu-discovery", config->try_mtu, 0, 0); READ_STRING("tls-priorities", config->priorities, 0); READ_STRING("chroot-dir", config->chroot_dir, 0); diff --git a/src/ocserv-args.c b/src/ocserv-args.c index 959687f5..ec5babe1 100644 --- a/src/ocserv-args.c +++ b/src/ocserv-args.c @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (ocserv-args.c) * - * It has been AutoGen-ed February 16, 2013 at 04:40:03 PM by AutoGen 5.16 + * It has been AutoGen-ed February 16, 2013 at 04:46:20 PM by AutoGen 5.16 * From the definitions ocserv-args.def * and the template file options * diff --git a/src/ocserv-args.def b/src/ocserv-args.def index 73f6e683..01049ea0 100644 --- a/src/ocserv-args.def +++ b/src/ocserv-args.def @@ -91,7 +91,7 @@ max-clients = 16 # Limit the number of identical clients (i.e., users connecting multiple times) # Unset or set to zero for unlimited. -max-same-clients = 1 +max-same-clients = 2 # TCP and UDP port number tcp-port = 3333 @@ -103,6 +103,9 @@ keepalive = 32400 # Dead peer detection in seconds dpd = 240 +# MTU discovery (DPD must be enabled) +try-mtu-discovery = false + # The key and the certificates of the server # The key may be a file, or any URL supported by GnuTLS (i.e., tpmkey or pkcs11) server-cert = /path/to/cert.pem diff --git a/src/ocserv-args.h b/src/ocserv-args.h index 93311a12..32714b55 100644 --- a/src/ocserv-args.h +++ b/src/ocserv-args.h @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (ocserv-args.h) * - * It has been AutoGen-ed February 16, 2013 at 04:40:02 PM by AutoGen 5.16 + * It has been AutoGen-ed February 16, 2013 at 04:46:20 PM by AutoGen 5.16 * From the definitions ocserv-args.def * and the template file options * diff --git a/src/vpn.h b/src/vpn.h index 91a25a39..088ea15f 100644 --- a/src/vpn.h +++ b/src/vpn.h @@ -75,6 +75,7 @@ struct cfg_st { unsigned max_clients; unsigned max_same_clients; unsigned use_utmp; + unsigned try_mtu; /* MTU discovery enabled */ /* if gdbm is there */ char* cookie_db_name; diff --git a/src/worker-vpn.c b/src/worker-vpn.c index 3d3bcd40..e672606d 100644 --- a/src/worker-vpn.c +++ b/src/worker-vpn.c @@ -979,7 +979,7 @@ time_t now; /* if we received a dpd sooner than expected reply with minimal * data */ - if (ws->dpd_mtu_trial == 0 || now-ws->last_dpd_udp <= ws->config->dpd/2) { + if (ws->config->try_mtu == 0 || ws->dpd_mtu_trial == 0 || now-ws->last_dpd_udp <= ws->config->dpd/2) { l = 1; if (now-ws->last_dpd_udp <= ws->config->dpd/2) mtu_not_ok(ws); @@ -995,7 +995,7 @@ time_t now; mtu_not_ok(ws); tls_send(ts, ws->buffer, 1); ret = 1; - } else if (ret > 0 && ws->dpd_mtu_trial > 0) { + } else if (ws->config->try_mtu != 0 && ret > 0 && ws->dpd_mtu_trial > 0) { mtu_ok(ws); }