From d1946bbb3c3142abbc3712ccafe52b2aff0b5daa Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Fri, 8 Feb 2013 22:16:53 +0100
Subject: [PATCH] MTU is now set via the main server

---
 doc/design.dia    | Bin 3131 -> 3243 bytes
 src/Makefile.am   |   5 +-
 src/ipc.h         |   6 ++
 src/main-auth.c   | 169 ++------------------------------
 src/main-misc.c   | 244 ++++++++++++++++++++++++++++++++++++++++++++++
 src/main.h        |   9 ++
 src/worker-auth.c |   1 -
 src/worker-misc.c |  63 ++++++++++++
 src/worker-tun.c  |  29 ------
 src/worker-vpn.c  |  14 +--
 src/worker.h      |   3 +-
 11 files changed, 341 insertions(+), 202 deletions(-)
 create mode 100644 src/main-misc.c
 create mode 100644 src/worker-misc.c

diff --git a/doc/design.dia b/doc/design.dia
index e6860d14d0884efd4a5c2a569735d8ef29ef7fc6..7640c6c4f6bf354e7eb4cea30981913c4e48f879 100644
GIT binary patch
literal 3243
zcmV;c3{>+UiwFP!000021MOW~bK5o+e%G(yxG(Lj4C4;4YSPKJyVIRX+RVn8ee}>0
zEOSGV8j`Z>m;LQ~0Liv4q(zArM=6zw6VV_(0z8)wz`?;!KmR$4ygQR-VG_SNBM6^)
zCLSk~FrL0S`+WJ&bA9&n+rdwhF!&MvPSarK!5wjCzr8uT&GY$>7Z>;U_b7VEf;>r4
z6fRI^F8&upQE&l;F3#Q#Ja4^%NstHj+UjbM=V^Go$c+~VGxO%`Iv9VMrpY3noGnYO
z%8ipKNxi!udUN*Ojr*Kktg5-#sON>c=fTumrzZGPUNwe~?;lh3+@#yp&gMxLLXrGo
zzEh;69{Y2x%&Jrdh2rVk@80q6mXEZ$@LX5XgO-Bivml*@@h%SZO|<L?iZrDZIz#x{
z$BHZR*e8d>U3Uu?bqkkv3m0Zr^CZpFAk23muahJ)LA*rG(}g)6CmRP5h}cWbs?my@
zFwc`c&wmp{S(OGXFF$G9p_)5Q!^z8vyHTQ~mius$-(LOMQg<zDe`u-pyD$r{BUAMB
zVVpNs{X;X=Z@(R9y`OKdDGkfoO5MXm8)3xZ?qRwJCnnn?W}9V7YPww&yV%$3+vTcu
z%<|Hfvvv?s@L<wa^?!eM)86U@uPlxijPvmB@!MLTB-j5n<9yZFPk9hef^_1Yd;f@{
za1NUO%tL^Mgp)UCf8fmy+ioIM2)1yi$L7hCSP7)X&_{B+7j|t(S^d}7+tsJgh#;Ou
z<_Q82gcuPCKZg_}aU7b7%<O8Mr136EXsksJ!x@v^Ry`RKj3oEhKQ*v!O*p;HUj)+v
zuYJfKu;s<2DAkfJQdhR9Mr^1M7cB}GU{GN}Moc3$BpUHHg{x+hDoPhS=!MsnF8>fw
zK2W;ehjEc;(b}R#kuQb}kyd4ky3PR@81VRHMBzUIlOZEW9{pOzNgQ99c;Xs!XcG%c
zG5a{;$Zm)iv+;cU8Hy;!A(a9tHdk5x5Si_o4dAUFyIC>2G=Ju6Vn$YC#_EchhTb1i
z(8m^~%wfPQloUK92Z^&UU1H7HaiF>Fi#?2Rt4!Gd#|@!3%59CdJ?}%1<v@8dlS1zg
zzE6`R_vUGM7e;1kvL8wY<1aASvf)q?=S5FquX{JaEQ}uDfrB_Z^PK28TeH0NHxu2N
zJRAq>dUW^`?3mIba|#9mUL2!7m6&m#s(P54(pgbLj{({w^)Jl)U|bIfhRoA=W{O|t
zvwf(FQb^ek)0aE<Nad!Abz-V`T~oz?lv+t3Et;w&20@H~tzrr>ZEY13Ct<7plcZms
zEL8@kY7u)u=Ecc%GI{6?RojNDKt6jz^)(nOJ4Z3!06vh+i+vL^yT+@4$6|yz2IB(U
zXN&P3G?lhv$BHc(@evSv0HZ+dM^qs06Z_RyxW+tQDYrkQy#;0A@m6JptkE~yY`?)7
z%q$Pm{3=M(<bD@mjrP+<Ag&@4PdCQUI|goJlBo{V_GrCXBoLN%d+iCJ?LK=3YN*F{
z&DC+tN;YJk$Vvri2j=Msjv`4%R3a*w#b$NXznDnvrCWy(t}V*-+vVlQPu?#{@+CCh
zyG4Fm%CcVc&()b$ZLW39a}@He0-@J<^TX>y@6xVAME5w%A_i8GgB=4`#>4h8v6mTN
zF&jI0-ENzay~N25Fm%f+Ys9P>qNbX#gutA%58^}#@^vRfO>+w-lwJ}wOxci9#4r_|
zFtzdq7cw>aSeAXAOs!`etuqeY)PQIuN?dosIF@jBLCESEqr!npc2bn%V~}Ou=U+d1
zSu*}&@}6+K3gIY`+@5g!wFrmblp$o6zbYg}H#0-pf>FMj8Pddt6=2fg%usQAi)V%&
z%i?}!sGk|?dD;Oyjo^j`M2|X1y0K47IEjR`Q$tufbH(sU@wChLpS;v$i`hJfcjDP7
z%ATur&(+F>x94hqEv`mLLu8HF=v&swh?V-j7;5BmZlm*rRU!+nu)uy-T&<wFg*;8U
zay>=sDOyj_4xnhXA&TaL#Qjd_nS)|NjHm+VN}Yu|C2ICLGpQ|oZs*eO6L>v#>2Bct
z&Aa^kyEid+;n;XV6eZ)pa<`tgy$WqB5a^z=ofKu;FomB#yay}z&Tb3~^M@jSRy&ye
z93yV`uFw`EL@kChe`+KU8xoALIu34T@?c+R=p-EHZSMA|*<)39`v@dOnFVQlw-2@Z
zRvOq^<aT&i<FH6~Us1WqI0WJ*jG_t<n|Tht-r(bp?>-Cy@S<S%!aZ*D+YC6~>nfX%
zIHsVumV62Fjctw~EyNsG*~PHmN7dfNz^NT5gWFJTdMS%yL8KaSZ5<Zjh@7yWs@-c}
zou^`m<0im*Pj#rLaxt5Ov5VR4T~@~~iwh*ICKIH4r`46y5)C*lEQaFfp-x4gWfACz
z+f*8k*3gr7Shaeriodd18am6P(EF>`^;e74oaM!QHD}qouI^ozQsBEJBC>Z~9l0)9
z+jS8;5|Zss3Id390V_;d_obN&GnS`3;HueeRs5GmSZ`#RYSVvlL^tgP?fqAW{>vMi
zG!JjAv)UeX4Zfe7^d?DXX5xkM`8-X=Cd<I#!QCEwy9+1qn_u4j(7U)UT%4U!B&wfN
z?9Ruj27DYDo)dIzl9H-E4n{N<MLQoyl}(MJ=t=vyTHRL7$4TIf_1#V-A18X3)}>3!
zz)e~IWfSg%V>9^vi+Q+M^K)L1n!$LHreK?*hjrhUCoa6?-iwl8a(*2|K|F?vdk@!z
zhvQ7E;W<W>^&YMf4_6_`P1jET#lTimdh{Yzwd`LG#CkZJ{foh9Zb$_Z$L2!q(juXO
z{nO|8YCFeQff)8lzP{#cgk_rn{Mr^tA|F#a)JO@!+e|MGNSYB1Y+LxgBqPgP73P4f
zDbb?kEWM@eEFskF=y|VK%hg+PDZ_Rdycv+AY{#lU{>Hln$y?dOJaIY3z31P;cwndh
z3hpJ3_o~gC#cn45ttV<Id3Eii`%EF_t04>%31+P(>;xdH*ia$`V=FP@V4I0=)A4KI
zma=W#C~0QddLTSyuNw{NhS<EBb)_4%4-H@%NuRN0>a$}{R;Z>NfW)!3NK7iH92(PQ
z(lt$6cN}HyEDi6XM=v+@>andJ{FT&$HsCt6P$0AdX`ic>eTUY}AyGjsuTs(%HW!A_
zzG&Zf6t}Z%G4A+)m|i=!wL`v=cGTYDq7Y_ExBxoAT0PQ;C|_`(Ha>@cM+y<FF|oK3
z<F<99q?JWSAyF3=jC;*^)(l)nGuY<Msu9iDy9P#U$JL)R#BB!9Ry~FVad}2L9Z|ar
z--bw#6J7$V+iO*pz$A=(Ho`nqzX9wUToYU0Ivr02|N2;E2X()$)zHNBIYvxTx6eoP
z(TR<(YnAc2+L86trogjrO||K_tW{)!IUJ(J$etj{rLy0BB2?SwycM;v@K{UCs4b^u
zKM%0R=jhg0o*zQ!%E@4DKKFZ)7b->Vm|e<jB5FQ7=ZLmB$gwzVg`@3)uktasp#fN*
zE~RUr^Qy2qAF0jFC%V<(UA%dQr>vpLdm4seq}x--SD}!9#6TYJm#3JmLZ!UH(x7Et
z;Mss+P~CA90%fo<R3^?Asqw-riI$PX*CxL=CSDcEx}}}7Bu=t<FgCl~^A~tQp-I2Z
zBm^8WXGCei=>dIML|e?WcF-^*NGqm>3Q3?_t)4RMBhIO`j+JogYdT`~^ax3YcJWq9
z-S$j-SxXCq*+;@gIa>;V1?Rk{p^Z$qQ`sI3eQ8>;cHALnh*&mdSyih$$N+~eakR_X
zA-VF0R3dT8o5<>SUbVa(oKRk$9rhE9U-ty#`%iXe(fbwtGsqWUFQ5;n{nTOyA@kZN
z(uP9gep6Uy1h0tzRZR$Wna>$j?FOhSPAm|XHU^I&Dufdl>L0r@dq{k0aWh}=NAO_%
z1Y<+YPPY+Cv6tDg+99fTyy~{;w>tJYXAWWnw1FsLw+{Fxyjonh%c`+CK{j?wlAg_d
zgKX~Ki#YQZ^NUGx9}lu|8qT|(ultKG6BD0McXS=&J(=r>%(2=*<3Mtxi#O7iQ?<KR
z%zed|NEFMFL_Sk)Tco7Nn#amyuC$p&tI9$uC&)tdT&|JeKZZ*enh)c0wa@Bdw5c=g
zZ5XLNM6i<+?Wx1Uj0k&J4~&KUp*t8ybat>}VS5XY>k+GxtUp!pB#-QA>Hr$XnmQKC
z2^6n$6ijthdjz9e@)7)t)oO-HD|Sjp(YPz0OzwTS{M?^2^D0L<7s~B%i2X@3U7s|w
d{2B!hCVe|teu2N!G?={|{2x=F6ieEq002)IOFjSq

literal 3131
zcmV-B48-#viwFP!000021MOW~Z`(K)e)q2s(w7d_VR$Dso^;Ti*~Ki-&J^1e`xq!T
z<7g{Oh9oD=%l`H~l$^vDDVD8E;#Mx2)(*{2qz=#bkvu&5<=1bsz_~SX;z!~62|@V8
zG2u9x_~G>Y<jciBPxZ;K?*_k2eD7!YJB_`W1K$V}`|kYYCQau*pPk*^-J#$<@zN+p
zfxkeBIs2a%1l}1GIy-qcaGcc&CSK~<&z7HhX&U=ii_|!wH#6raSKj#RG>#VG<RmY(
zEH{pVD0XhW;QZvxb@n<rTUK+nR?jna&%LR+ijDWRylM<D*FB`_xrsNcoz0`fha&0y
ze5*)FJ@)5HnPsU23Wd{mZ{G7a`6Vqsc&e-DLQ6r?nHNv}a2p5uCdfO2B26iU&JeD4
zvEqt6^vV8kSKYz|-NMD)!uiSNJc`rU^V4m}t0)SL7v`vGyfBC3Bx5fC6ML>%HCl1)
zr)jj~`menpsnUS_<Hymq@5r6T{^a?AyH=v4mOFov-duibsk`#p?^~+<)=&Jaz!Y7*
zAEu2}f8R{?n|CMk-cMhzX$^U8rSve-Mi{X_Jxmw=#3Vb+Y`siLO*hM8XS;fRvs~4V
z$v@g4>kK0B?oGU`{_jsT?JRHb(&ISZIQ4HI-mUaWboE~|PM3}SoO<EJizm*h^N%3#
z=P=TrbO@*re{z2E7hdnM%_c&H;0w2UY#u$Dl|WhyT_iVqVcUn4)qi!hS$zzR@WN?e
z9w7ihh!K(Sb4W1~hoPCk%r3`K9Bzw*##)qNWX@!}RgaDYBgx&>R}HKi<4<qWXTh|<
zD=)GGEdMY!rCPQ{>e?37hz%9uqDA8Z3@R+hh-svTL?hm&an)>6MeAaF-SE2B<?dt3
zds^2AKP)mWTHCZJa>bA#(yDFItaAVcCOj?~QTUI*WXK4T2j7-)6o!{3oMesJw}}O%
zn7tfvU^j$|*?7Kr4Mmb;pGrX#o697<56ouG2Jn`b-K?2im~ZKdnUSTLvASlaq4$Rr
z#$$_CmSMmxloS|}gT>jKF0p3pFwoTY#STTdQKoEylTD%5%5BWH9p|H$q#$_`6GQJ0
z-o{asI`i1S^#e0C$xkJd@n;ll*>orh)1oV}pF7vy%n$D2g1s;~aWd1(d`<q<KTL3I
zQh)5Nj-&mrV9S*jxl?cuaN`(tsl<%CRMo>=x6X<ddI-?EsDEbV2jhA`FlC;GGgEvs
zpZr5rltRhA-*~yrE~(sAu})kSuj{H9h*E0_q(xViV-Um$_$sCl)7DopaTLDlKT-Vk
z(NiVhsurQ+B~BP!MU(s9QMK);3hc9YRIkBN*)@v!8t|TCUhG<s*>+w9Iu;|$F*p~{
zJ{yX6ucfptKUVC?h>Jkj0~iHqKcWJ0m)N(i!Zp_MO11qy?JXz^m$xh{WR1SrRQnCC
zU?!;-r<YzFM|ax*E3%(90&y9baJn{!-g0nji%fN(HfQV2B7w2A+iQ;iZTHy|P(wYo
z?XC_}R<a@YM3zI4cHo{K;V6=HL?xn<S!`Bk_!kSQopNg*!L=c|{<ygK^x63>ioW{B
zdA~?+N>$dg{9IjW)z(^vTt}haDlmGD*I&Fo^tSBU$8-<FEK*<<HP|6=Wjbt^5_?|p
z6|1qm_w6<n*>jp~4@Z}OvLeiy5o)RlPYB9MyI@X~AXj%H)HJtXLg`$nVakS-B8I8x
zM5&cGxKOFlhqCN-Dz#p5w5~XGQxl@4DRJG2;>h9bhL9a+jEW3gvZIn5pS&b-zWn~l
zNuu#rllFq+MFdBQ<@SQ(#}XWFQ;v{X{i=`@-K-303r6{JWk?enR)9%|D?`QYEnXRV
zD2w}*p?+nk*J*p`G=dwN5Iu}R(v5%0;Up5$E)8LsxhsZ`N~c|X`0T_cS<L1s+!Mz}
zQTAG`d#zS(yuDWYv9uZ?4T&{oqi<O!Ggj)lVyKbJxsA>fb`V)`g#~uI(rN|GE!1f$
zE7wc3UZV99Z4Ze?8<J>Qkht54Jj<Y%5F@I9TxsT^j!Bw*Nla`@pW3ywy9jQN-MSk%
ze{(Lr{OL^0tv@!77X;DRv)ZkfZ7(9*3JkiJY)2*8)?DG2j~~DbzPAU%{Pey^pVba#
zKgEdKvn#a42vLiXxj!`$hz$uwSRDp8GpV;LG<4#R(>720)a<b;r+oyHqRfLde%goH
zb1MxTEy_-KSm&^aw{KCo%h(6v+7E&X5bJpkUT^U6r}rNR9<V6*J%0ynexCuyJE^ky
zh+_%^*NQJezO%y-q=lH{DyJBBb5!k944m4DGSG%<lcg+*1(9mRwIwXV5jkR>s@-d^
zj;R>pxCyYHsrF^6EM{{s&SExu%IcW1xIn^=WP)^0T3wNrXn?e^7>a|ZIu$v~BG3`H
zsWdWKLywxUYV}wZzOq>wI?JQb^VQ4p)nd73c{X3JS@zV`J#{Gs+$9l_J#}?NU9vWH
z5jzu-?Jf!eh|B_3n6mVxSr%q2k9opXv)iihmqu8xWtnP|zc`}n{(|=W)gga5V-u(T
zwI!>~N!Q@*+{D*WJTnu=4^QWDG&V^Bga_Yt;N7i1f#3Z0{->Vex}Z3_q)1f1rq~_F
zsRlTX3{MF<G)YNSj)NJEMbR0@QDsx3D0<W!SF78qahwFrSf6$(ah&KWtxHNvfTk>e
z*@Qd(*bLr&HTP#LJm+|^8H^Wk48AG2U*)zm%EC+ToFMWhr&nI!g=46=XSgmHjx()>
zrx;PzGh8DKS0Ttv*G~S$z*kdx@FrHZ>|Ys(WjLGti@|JeNCgsy=0fe#BcXx))93hV
zJI7an8TLuOUUN3WvcmvwZI2|8izyvyqy*t@rWXe!&4>oIEnHWUk=3mVb3oRVXwh<(
z-qLoK2x@lly4Q>4>aDnyVY>|O4A@b!<<%d4<J^GdE&X8{WjV&3r{BVSV5|QMzDpjy
ztJc3Pwln!}Tv0>Gt7|9SX9_7-4Plx{Fl#koCje2!h7u{5TZs_|-%MPaj$ebelx>fV
zl4h3e2f|hMW22$5A=balx*8j`9~!_kk}hL;>a#<itWa%m020UAA~C75!J#qDldfsn
zI&qY>voySm9=zSq50A~^!Cz>2&<3bO3k60ikaoFhnLD&*84?xL>MA8&VRK;!?TYrf
zqqv=An{kH+#Pp+Mb9BfT8XdKdxG02~5?KJ9V68sVh$vTZkTx!de@6-ttTC~;663bV
zMoBA+9)(1+uwdMejHi)->x>Mx{$<t3$k@3DMr+5_pEAU42GCX+!-8aaMmZf(dkWu%
zNRT7m0;}6=Rkpw+%zW0uJXC)G>^s~OTRl1*P6q$_ROJM9zpvHM!t^OdOwsI|kLaTl
z8{gL|({r^W>#0qFXYZP7leer_WP)WlM2nGqf+Uy9zITaGZ9nI&sEvh>wZx3ta$5H5
z04sWqZp`KRK7y`X4A$0je@1EHpr{?QOPNhX&4;HP(KaVJ7KbfywB7JkF6K5g0PEwG
zbPaS~6;<aVwSM?Sw;H^Q*Pr1jYmDR_4Z|?g?Iq-kNXWlJ5RZ5HQ_Pm3QqCZEXo=%F
zHXs;=?l|y4GT0a@6DEt;IDQfZc_i_bN$-pamqn6pW#=pkqh#)l&9?UZ4Q`Nc;_ovF
z0Y@xzqO{=Y0ex6RTgtO`&@dxNE2f4DNswEuK4sWNoKtCum2m26I%4+e5t0n;=B<>v
z?UnYjmKGSZi-e7Gwh{mf&Ur6G8(DCtvOO94+_GZrxI@kmv1-bys#Z^s0S?P?be6M2
za^()GMB<nak=5_KYI!?2p}f92>=zhc_X6XG&vs?e`5pc<NEhHQpbw}0(qac8^V%iS
zhC<{1P*`UIuZaLvO$g00pEIi34Nz5_SRgEI3?4&Nh|FN9d+5&WKJlr=&3uNB;KKR^
z#)g!gZX=Xpr?O+ULsad2H9Mx?>fGm)We_8f4MYihbih60-Qv1kR!z+bvUXyU^lI)q
zRCE7cgo(45pG~5>aFC2+f8O<a-4D7=Ok6^<N7pgli@A=(9IG8P4kAZp@kZKes&@B^
zxvO}NM6n!6<T8~Vi<I<G_gGoXl{T|zS6N7v8L|+)mTM&VkKxjd=89S_e;;`FCVn@_
V-@xB#?9JW{{tq40tu1Ms001MmCaC}b

diff --git a/src/Makefile.am b/src/Makefile.am
index cf6e32a5..83779214 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -14,10 +14,11 @@ CCAN_SOURCES = ccan/build_assert/build_assert.h ccan/check_type/check_type.h \
 
 
 ocserv_SOURCES = main.c main-auth.c worker-vpn.c worker-auth.c tlslib.c \
-	http-parser/http_parser.c ipc.h cookies.c worker-tun.c \
+	http-parser/http_parser.c ipc.h cookies.c worker-tun.c main-misc.c \
 	vpn.h cookies.h tlslib.h http-parser/http_parser.h log.c tun.c tun.h \
 	config.c pam.c pam.h worker-resume.c worker.h main-resume.c main.h \
-	main-user.c cookies-gdbm.c cookies-hash.c $(CCAN_SOURCES)
+	main-user.c cookies-gdbm.c cookies-hash.c worker-misc.c \
+	$(CCAN_SOURCES)
 
 ocserv_SOURCES += ocserv-args.def ocserv-args.c ocserv-args.h
 
diff --git a/src/ipc.h b/src/ipc.h
index 73c81345..fb5aae6d 100644
--- a/src/ipc.h
+++ b/src/ipc.h
@@ -19,6 +19,7 @@ typedef enum {
 	RESUME_FETCH_REQ,
 	RESUME_FETCH_REP,
 	CMD_UDP_FD,
+	CMD_TUN_MTU,
 	CMD_TERMINATE,
 } cmd_request_t;
 
@@ -79,4 +80,9 @@ struct __attribute__ ((__packed__)) cmd_resume_fetch_reply_st {
 	uint8_t session_data[MAX_SESSION_DATA_SIZE];
 };
 
+/* TUN_MTU */
+struct __attribute__ ((__packed__)) cmd_tun_mtu_st {
+	uint16_t mtu;
+};
+
 #endif
diff --git a/src/main-auth.c b/src/main-auth.c
index f9cb8c83..b35c4796 100644
--- a/src/main-auth.c
+++ b/src/main-auth.c
@@ -43,8 +43,8 @@
 #include <ccan/list/list.h>
 #include "pam.h"
 
-static int send_auth_reply(main_server_st* s, struct proc_st* proc,
-				cmd_auth_reply_t r, struct lease_st* lease)
+int send_auth_reply(main_server_st* s, struct proc_st* proc,
+			cmd_auth_reply_t r, struct lease_st* lease)
 {
 	struct iovec iov[2];
 	uint8_t cmd[2];
@@ -99,8 +99,8 @@ static int send_auth_reply(main_server_st* s, struct proc_st* proc,
 	return(sendmsg(proc->fd, &hdr, 0));
 }
 
-static int handle_auth_cookie_req(main_server_st* s, struct proc_st* proc,
-  			   const struct cmd_auth_cookie_req_st * req, struct lease_st **lease)
+int handle_auth_cookie_req(main_server_st* s, struct proc_st* proc,
+ 			   const struct cmd_auth_cookie_req_st * req, struct lease_st **lease)
 {
 int ret;
 struct stored_cookie_st sc;
@@ -123,7 +123,6 @@ struct stored_cookie_st sc;
 	return ret;
 }
 
-static
 int generate_and_store_vals(main_server_st *s, struct proc_st* proc)
 {
 int ret;
@@ -158,8 +157,8 @@ struct stored_cookie_st *sc;
 	return 0;
 }
 
-static int handle_auth_req(main_server_st *s, struct proc_st* proc,
-  			   const struct cmd_auth_req_st * req, struct lease_st **lease)
+int handle_auth_req(main_server_st *s, struct proc_st* proc,
+		   const struct cmd_auth_req_st * req, struct lease_st **lease)
 {
 int ret = -1;
 unsigned username_set = 0;
@@ -199,159 +198,3 @@ unsigned username_set = 0;
 	
 	return ret;
 }
-
-int handle_commands(main_server_st *s, struct proc_st* proc)
-{
-	struct iovec iov[2];
-	char buf[128];
-	int e;
-	uint8_t cmd;
-	struct msghdr hdr;
-	struct lease_st *lease;
-	union {
-		struct cmd_auth_req_st auth;
-		struct cmd_auth_cookie_req_st cauth;
-		struct cmd_resume_store_req_st sresume;
-		struct cmd_resume_fetch_req_st fresume;
-	} cmd_data;
-	int ret, cmd_data_len;
-	const char* peer_ip;
-
-	peer_ip = human_addr((void*)&proc->remote_addr, proc->remote_addr_len, buf, sizeof(buf));
-	
-	memset(&cmd_data, 0, sizeof(cmd_data));
-	
-	iov[0].iov_base = &cmd;
-	iov[0].iov_len = 1;
-
-	iov[1].iov_base = &cmd_data;
-	iov[1].iov_len = sizeof(cmd_data);
-	
-	memset(&hdr, 0, sizeof(hdr));
-	hdr.msg_iov = iov;
-	hdr.msg_iovlen = 2;
-	
-	ret = recvmsg( proc->fd, &hdr, 0);
-	if (ret == -1) {
-		e = errno;
-		mslog(s, proc, LOG_ERR, "Cannot obtain data from command socket (pid: %d, peer: %s): %s", proc->pid, peer_ip, strerror(e));
-		return -1;
-	}
-
-	if (ret == 0) {
-		return -1;
-	}
-
-	cmd_data_len = ret - 1;
-	
-	switch(cmd) {
-		case RESUME_STORE_REQ:
-			if (cmd_data_len <= sizeof(cmd_data.sresume)-MAX_SESSION_DATA_SIZE) {
-				mslog(s, proc, LOG_ERR, "Error in received message length (pid: %d, peer: %s).", proc->pid, peer_ip);
-				return -2;
-			}
-			ret = handle_resume_store_req(s, proc, &cmd_data.sresume);
-			if (ret < 0) {
-				mslog(s, proc, LOG_DEBUG, "Could not store resumption data (pid: %d, peer: %s).", proc->pid, peer_ip);
-			}
-			
-			break;
-			
-		case RESUME_DELETE_REQ:
-			if (cmd_data_len != sizeof(cmd_data.fresume)) {
-				mslog(s, proc, LOG_ERR, "Error in received message length (pid: %d, peer: %s).", proc->pid, peer_ip);
-				return -2;
-			}
-			ret = handle_resume_delete_req(s, proc, &cmd_data.fresume);
-			if (ret < 0) {
-				mslog(s, proc, LOG_DEBUG, "Could not delete resumption data (pid: %d, peer: %s).", proc->pid, peer_ip);
-			}
-
-			break;
-		case RESUME_FETCH_REQ: {
-			struct cmd_resume_fetch_reply_st reply;
-
-			if (cmd_data_len != sizeof(cmd_data.fresume)) {
-				mslog(s, proc, LOG_ERR, "Error in received message length (pid: %d, peer: %s).", proc->pid, peer_ip);
-				return -2;
-			}
-			ret = handle_resume_fetch_req(s, proc, &cmd_data.fresume, &reply);
-			if (ret < 0) {
-				mslog(s, proc, LOG_DEBUG, "Could not fetch resumption data (pid: %d, peer: %s).", proc->pid, peer_ip);
-				ret = send_resume_fetch_reply(s, proc, REP_RESUME_FAILED, NULL);
-			} else
-				ret = send_resume_fetch_reply(s, proc, REP_RESUME_OK, &reply);
-			}
-			
-			if (ret < 0) {
-				mslog(s, proc, LOG_ERR, "Could not send reply cmd (pid: %d, peer: %s).", proc->pid, peer_ip);
-				return -2;
-			}
-			
-			break;
-
-		case AUTH_REQ:
-		case AUTH_COOKIE_REQ:
-		
-			if (cmd == AUTH_REQ) {
-				if (cmd_data_len != sizeof(cmd_data.auth)) {
-					mslog(s, proc, LOG_ERR, "Error in received message length (pid: %d, peer: %s).", proc->pid, peer_ip);
-					return -2;
-				}
-
-				ret = handle_auth_req(s, proc, &cmd_data.auth, &lease);
-			} else {
-				if (cmd_data_len != sizeof(cmd_data.cauth)) {
-					mslog(s, proc, LOG_ERR, "Error in received message length (pid: %d, peer: %s).", proc->pid, peer_ip);
-					return -2;
-				}
-
-				ret = handle_auth_cookie_req(s, proc, &cmd_data.cauth, &lease);
-			}
-
-			if (ret == 0) {
-				ret = user_connected(s, proc, lease);
-				if (ret < 0) {
-					mslog(s, proc, LOG_INFO, "User '%s' disconnected due to script", proc->username);
-				}
-			}
-
-			if (ret == 0) {
-				if (cmd == AUTH_REQ) {
-					/* generate and store cookie */
-					ret = generate_and_store_vals(s, proc);
-					if (ret < 0)
-						return -2;
-					mslog(s, proc, LOG_INFO, "User '%s' authenticated", proc->username);
-				} else {
-					mslog(s, proc, LOG_INFO, "User '%s' re-authenticated (using cookie)", proc->username);
-				}
-				
-				ret = send_auth_reply(s, proc, REP_AUTH_OK, lease);
-				if (ret < 0) {
-					mslog(s, proc, LOG_ERR, "Could not send reply cmd (pid: %d, peer: %s).", proc->pid, peer_ip);
-					return -2;
-				}
-
-				proc->lease = lease;
-				proc->lease->in_use = 1;
-				if (lease->fd >= 0)
-					close(lease->fd);
-				lease->fd = -1;
-			} else {
-				mslog(s, proc, LOG_INFO, "Failed authentication attempt for user '%s'", proc->username);
-				ret = send_auth_reply( s, proc, REP_AUTH_FAILED, NULL);
-				if (ret < 0) {
-					mslog(s, proc, LOG_ERR, "Could not send reply cmd (pid: %d, peer: %s).", proc->pid, peer_ip);
-					return -2;
-				}
-			}
-			
-			break;
-		default:
-			mslog(s, proc, LOG_ERR, "Unknown CMD 0x%x (pid: %d, peer: %s).", (unsigned)cmd, proc->pid, peer_ip);
-			return -2;
-	}
-	
-	return 0;
-}
diff --git a/src/main-misc.c b/src/main-misc.c
new file mode 100644
index 00000000..c9219521
--- /dev/null
+++ b/src/main-misc.c
@@ -0,0 +1,244 @@
+/*
+ * Copyright (C) 2013 Nikos Mavrogiannopoulos
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/select.h>
+#include <sys/wait.h>
+#include <fcntl.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <signal.h>
+#include <errno.h>
+#include <sys/ioctl.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#include <tlslib.h>
+#include "ipc.h"
+
+#include <vpn.h>
+#include <cookies.h>
+#include <tun.h>
+#include <main.h>
+#include <ccan/list/list.h>
+#include "pam.h"
+
+int set_tun_mtu(main_server_st* s, struct proc_st * proc, unsigned mtu)
+{
+int fd, ret, e;
+struct ifreq ifr;
+const char* name;
+
+	if (proc->lease == NULL)
+		return -1;
+
+	name = proc->lease->name;
+
+	mslog(s, proc, LOG_DEBUG, "setting %s MTU to %u", name, mtu);
+	fd = socket(AF_INET, SOCK_STREAM, 0);
+	if (fd == -1)
+		return -1;
+
+	memset(&ifr, 0, sizeof(ifr));
+	snprintf(ifr.ifr_name, IFNAMSIZ, "%s", name);
+	ifr.ifr_mtu = mtu;
+	
+	ret = ioctl(fd, SIOCSIFMTU, &ifr);
+	if (ret != 0) {
+		e = errno;
+		mslog(s, proc, LOG_INFO, "ioctl SIOCSIFMTU error: %s", strerror(e));
+		ret = -1;
+		goto fail;
+	}
+	
+	ret = 0;
+fail:
+	close(fd);
+	return ret;
+}
+
+int handle_commands(main_server_st *s, struct proc_st* proc)
+{
+	struct iovec iov[2];
+	char buf[128];
+	int e;
+	uint8_t cmd;
+	struct msghdr hdr;
+	struct lease_st *lease;
+	union {
+		struct cmd_auth_req_st auth;
+		struct cmd_auth_cookie_req_st cauth;
+		struct cmd_resume_store_req_st sresume;
+		struct cmd_resume_fetch_req_st fresume;
+		struct cmd_tun_mtu_st tmtu;
+	} cmd_data;
+	int ret, cmd_data_len;
+	const char* peer_ip;
+
+	peer_ip = human_addr((void*)&proc->remote_addr, proc->remote_addr_len, buf, sizeof(buf));
+	
+	memset(&cmd_data, 0, sizeof(cmd_data));
+	
+	iov[0].iov_base = &cmd;
+	iov[0].iov_len = 1;
+
+	iov[1].iov_base = &cmd_data;
+	iov[1].iov_len = sizeof(cmd_data);
+	
+	memset(&hdr, 0, sizeof(hdr));
+	hdr.msg_iov = iov;
+	hdr.msg_iovlen = 2;
+	
+	ret = recvmsg( proc->fd, &hdr, 0);
+	if (ret == -1) {
+		e = errno;
+		mslog(s, proc, LOG_ERR, "Cannot obtain data from command socket (pid: %d, peer: %s): %s", proc->pid, peer_ip, strerror(e));
+		return -1;
+	}
+
+	if (ret == 0) {
+		return -1;
+	}
+
+	cmd_data_len = ret - 1;
+	
+	switch(cmd) {
+		case CMD_TUN_MTU:
+			if (cmd_data_len != sizeof(cmd_data.tmtu)) {
+				mslog(s, proc, LOG_ERR, "Error in received message (%u) length (pid: %d, peer: %s).", (unsigned)cmd, proc->pid, peer_ip);
+				return -2;
+			}
+			
+			set_tun_mtu(s, proc, cmd_data.tmtu.mtu);
+			break;
+
+		case RESUME_STORE_REQ:
+			if (cmd_data_len <= sizeof(cmd_data.sresume)-MAX_SESSION_DATA_SIZE) {
+				mslog(s, proc, LOG_ERR, "Error in received message (%u) length (pid: %d, peer: %s).", (unsigned)cmd, proc->pid, peer_ip);
+				return -2;
+			}
+			ret = handle_resume_store_req(s, proc, &cmd_data.sresume);
+			if (ret < 0) {
+				mslog(s, proc, LOG_DEBUG, "Could not store resumption data (pid: %d, peer: %s).", proc->pid, peer_ip);
+			}
+			
+			break;
+			
+		case RESUME_DELETE_REQ:
+			if (cmd_data_len != sizeof(cmd_data.fresume)) {
+				mslog(s, proc, LOG_ERR, "Error in received message (%u) length (pid: %d, peer: %s).", (unsigned)cmd, proc->pid, peer_ip);
+				return -2;
+			}
+			ret = handle_resume_delete_req(s, proc, &cmd_data.fresume);
+			if (ret < 0) {
+				mslog(s, proc, LOG_DEBUG, "Could not delete resumption data (pid: %d, peer: %s).", proc->pid, peer_ip);
+			}
+
+			break;
+		case RESUME_FETCH_REQ: {
+			struct cmd_resume_fetch_reply_st reply;
+
+			if (cmd_data_len != sizeof(cmd_data.fresume)) {
+				mslog(s, proc, LOG_ERR, "Error in received message (%u) length (pid: %d, peer: %s).", (unsigned)cmd, proc->pid, peer_ip);
+				return -2;
+			}
+			ret = handle_resume_fetch_req(s, proc, &cmd_data.fresume, &reply);
+			if (ret < 0) {
+				mslog(s, proc, LOG_DEBUG, "Could not fetch resumption data (pid: %d, peer: %s).", proc->pid, peer_ip);
+				ret = send_resume_fetch_reply(s, proc, REP_RESUME_FAILED, NULL);
+			} else
+				ret = send_resume_fetch_reply(s, proc, REP_RESUME_OK, &reply);
+			}
+			
+			if (ret < 0) {
+				mslog(s, proc, LOG_ERR, "Could not send reply cmd (pid: %d, peer: %s).", proc->pid, peer_ip);
+				return -2;
+			}
+			
+			break;
+
+		case AUTH_REQ:
+		case AUTH_COOKIE_REQ:
+		
+			if (cmd == AUTH_REQ) {
+				if (cmd_data_len != sizeof(cmd_data.auth)) {
+					mslog(s, proc, LOG_ERR, "Error in received message (%u) length (pid: %d, peer: %s).", (unsigned)cmd, proc->pid, peer_ip);
+					return -2;
+				}
+
+				ret = handle_auth_req(s, proc, &cmd_data.auth, &lease);
+			} else {
+				if (cmd_data_len != sizeof(cmd_data.cauth)) {
+					mslog(s, proc, LOG_ERR, "Error in received message (%u) length (pid: %d, peer: %s).", (unsigned)cmd, proc->pid, peer_ip);
+					return -2;
+				}
+
+				ret = handle_auth_cookie_req(s, proc, &cmd_data.cauth, &lease);
+			}
+
+			if (ret == 0) {
+				ret = user_connected(s, proc, lease);
+				if (ret < 0) {
+					mslog(s, proc, LOG_INFO, "User '%s' disconnected due to script", proc->username);
+				}
+			}
+
+			if (ret == 0) {
+				if (cmd == AUTH_REQ) {
+					/* generate and store cookie */
+					ret = generate_and_store_vals(s, proc);
+					if (ret < 0)
+						return -2;
+					mslog(s, proc, LOG_INFO, "User '%s' authenticated", proc->username);
+				} else {
+					mslog(s, proc, LOG_INFO, "User '%s' re-authenticated (using cookie)", proc->username);
+				}
+				
+				ret = send_auth_reply(s, proc, REP_AUTH_OK, lease);
+				if (ret < 0) {
+					mslog(s, proc, LOG_ERR, "Could not send reply cmd (pid: %d, peer: %s).", proc->pid, peer_ip);
+					return -2;
+				}
+
+				proc->lease = lease;
+				proc->lease->in_use = 1;
+				if (lease->fd >= 0)
+					close(lease->fd);
+				lease->fd = -1;
+			} else {
+				mslog(s, proc, LOG_INFO, "Failed authentication attempt for user '%s'", proc->username);
+				ret = send_auth_reply( s, proc, REP_AUTH_FAILED, NULL);
+				if (ret < 0) {
+					mslog(s, proc, LOG_ERR, "Could not send reply cmd (pid: %d, peer: %s).", proc->pid, peer_ip);
+					return -2;
+				}
+			}
+			
+			break;
+		default:
+			mslog(s, proc, LOG_ERR, "Unknown CMD 0x%x (pid: %d, peer: %s).", (unsigned)cmd, proc->pid, peer_ip);
+			return -2;
+	}
+	
+	return 0;
+}
diff --git a/src/main.h b/src/main.h
index 7940b944..10f077f7 100644
--- a/src/main.h
+++ b/src/main.h
@@ -99,5 +99,14 @@ __attribute__ ((format(printf, 4, 5)))
     	int priority, const char *fmt, ...);
 
 int open_tun(main_server_st* s, struct lease_st** l);
+int set_tun_mtu(main_server_st* s, struct proc_st * proc, unsigned mtu);
+
+int send_auth_reply(main_server_st* s, struct proc_st* proc,
+			cmd_auth_reply_t r, struct lease_st* lease);
+int handle_auth_cookie_req(main_server_st* s, struct proc_st* proc,
+ 			   const struct cmd_auth_cookie_req_st * req, struct lease_st **lease);
+int generate_and_store_vals(main_server_st *s, struct proc_st* proc);
+int handle_auth_req(main_server_st *s, struct proc_st* proc,
+		   const struct cmd_auth_req_st * req, struct lease_st **lease);
 
 #endif
diff --git a/src/worker-auth.c b/src/worker-auth.c
index 35d1eb8b..5c7630fb 100644
--- a/src/worker-auth.c
+++ b/src/worker-auth.c
@@ -1,5 +1,4 @@
 /*
- * Copyright (C) 2012, 2013 David Woodhouse
  * Copyright (C) 2013 Nikos Mavrogiannopoulos
  *
  * This program is free software; you can redistribute it and/or modify
diff --git a/src/worker-misc.c b/src/worker-misc.c
new file mode 100644
index 00000000..853a059b
--- /dev/null
+++ b/src/worker-misc.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2013 Nikos Mavrogiannopoulos
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include <config.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#include <gnutls/x509.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <limits.h>
+
+#include <vpn.h>
+#include "ipc.h"
+#include <worker.h>
+#include <cookies.h>
+#include <tlslib.h>
+
+int send_tun_mtu(worker_st *ws, unsigned int mtu)
+{
+	struct iovec iov[2];
+	uint8_t cmd;
+	struct msghdr hdr;
+	struct cmd_tun_mtu_st data;
+
+	memset(&hdr, 0, sizeof(hdr));
+	
+	cmd = CMD_TUN_MTU;
+	data.mtu = mtu;
+
+	iov[0].iov_base = &cmd;
+	iov[0].iov_len = 1;
+
+	iov[1].iov_base = (void*)&data;
+	iov[1].iov_len = sizeof(data);
+	
+	hdr.msg_iov = iov;
+	hdr.msg_iovlen = 2;
+
+	return(sendmsg(ws->cmd_fd, &hdr, 0));
+}
diff --git a/src/worker-tun.c b/src/worker-tun.c
index 413f73bd..b2a8679d 100644
--- a/src/worker-tun.c
+++ b/src/worker-tun.c
@@ -1,5 +1,4 @@
 /*
- * Copyright (C) 2012, 2013 David Woodhouse
  * Copyright (C) 2013 Nikos Mavrogiannopoulos
  *
  * This program is free software; you can redistribute it and/or modify
@@ -47,34 +46,6 @@
 
 #include <http-parser/http_parser.h>
 
-int set_tun_mtu(struct worker_st* ws, unsigned mtu)
-{
-int fd, ret, e;
-struct ifreq ifr;
-
-	oclog(ws, LOG_DEBUG, "setting tun MTU to %u", mtu);
-	fd = socket(AF_INET, SOCK_STREAM, 0);
-	if (fd == -1)
-		return -1;
-
-	memset(&ifr, 0, sizeof(ifr));
-	snprintf(ifr.ifr_name, IFNAMSIZ, "%s", ws->tun_name);
-	ifr.ifr_mtu = mtu;
-	
-	ret = ioctl(fd, SIOCSIFMTU, &ifr);
-	if (ret != 0) {
-		e = errno;
-		oclog(ws, LOG_INFO, "ioctl SIOCSIFMTU error: %s", strerror(e));
-		ret = -1;
-		goto fail;
-	}
-	
-	ret = 0;
-fail:
-	close(fd);
-	return ret;
-}
-
 /* if local is non zero it returns the local, otherwise the remote */
 static
 int get_ip(struct worker_st* ws, int fd, int family, unsigned int local,
diff --git a/src/worker-vpn.c b/src/worker-vpn.c
index 34c63144..da0b0e00 100644
--- a/src/worker-vpn.c
+++ b/src/worker-vpn.c
@@ -461,7 +461,7 @@ int mtu_not_ok(worker_st* ws, unsigned *mtu)
 
 	oclog(ws, LOG_DEBUG, "MTU %u is too large, switching to %u", ws->last_bad_mtu, *mtu);
 
-	set_tun_mtu(ws, *mtu);
+	send_tun_mtu(ws, *mtu);
 
 	return 0;
 }
@@ -487,7 +487,7 @@ int c;
 
 	*mtu = c;
 	gnutls_dtls_set_data_mtu (ws->dtls_session, c);
-	set_tun_mtu(ws, c);
+	send_tun_mtu(ws, c);
 
 	return;
 }
@@ -663,9 +663,9 @@ unsigned mtu_overhead, dtls_mtu = 0, tls_mtu = 0;
 	}
 
 	if (dtls_mtu == 0)
-		set_tun_mtu(ws, tls_mtu);
+		send_tun_mtu(ws, tls_mtu);
 	else
-		set_tun_mtu(ws, MIN(dtls_mtu, tls_mtu));
+		send_tun_mtu(ws, MIN(dtls_mtu, tls_mtu));
 
 	ret = tls_puts(ws->session, "X-CSTP-Banner: Welcome\r\n");
 	SEND_ERR(ret);
@@ -1018,8 +1018,10 @@ int ret, e;
 			break;
 		case AC_PKT_DPD_OUT:
 			oclog(ws, LOG_DEBUG, "received DPD; sending response");
-			ret =
-			    tls_send(ts, "STF\x01\x00\x00\x04\x00", 8);
+			if (ws->session == ts)
+				ret = tls_send(ts, "STF\x01\x00\x00\x04\x00", 8);
+			else
+				ret = tls_send(ts, "\x04", 1);
 			if (ret < 0) {
 				oclog(ws, LOG_ERR, "could not send TLS data: %s", gnutls_strerror(ret));
 				return -1;
diff --git a/src/worker.h b/src/worker.h
index 53d4c40e..7096cf0b 100644
--- a/src/worker.h
+++ b/src/worker.h
@@ -89,9 +89,10 @@ struct req_data_st {
 void __attribute__ ((format(printf, 3, 4)))
     oclog(const worker_st * server, int priority, const char *fmt, ...);
 
-int set_tun_mtu(struct worker_st* ws, unsigned mtu);
 int get_rt_vpn_info(worker_st * ws,
                     struct vpn_st* vinfo, char* buffer, size_t buffer_size);
 ssize_t tun_write(int sockfd, const void *buf, size_t len);
 
+int send_tun_mtu(worker_st *ws, unsigned int mtu);
+
 #endif