Skip to content

Commit

Permalink
tun_recv: removed mssfix limit for IPv4 traffic if DF is not set
Browse files Browse the repository at this point in the history
Signed-off-by: Marco Baffo <[email protected]>
mrbff committed Sep 4, 2024
1 parent 9cafba7 commit 8b6f786
Showing 2 changed files with 15 additions and 1 deletion.
15 changes: 14 additions & 1 deletion openvpn/client/cliproto.hpp
Original file line number Diff line number Diff line change
@@ -443,12 +443,25 @@ class Session : ProtoContextCallbackInterface,
if (buf.size())
{
const ProtoContext::ProtoConfig &c = proto_context.conf();

bool df = true;

// Check if the packet is IPv4
if (IPCommon::version(buf[0]) == IPCommon::IPv4 && buf.size() >= sizeof(struct IPv4Header))
{
// The Flags field is in the 6th byte (starting from index 6) of the IPv4 header
uint16_t flags_and_fragment_offset = ntohs(*(uint16_t*)&buf[6]);

df = (flags_and_fragment_offset & IPv4Header::DF) != 0;
}

// when calculating mss, we take IPv4 and TCP headers into account
// here we need to add it back since we check the whole IP packet size, not just TCP payload
constexpr size_t MinTcpHeader = 20;
constexpr size_t MinIpHeader = 20;
size_t mss_no_tcp_ip_encap = c.mss_fix + (MinTcpHeader + MinIpHeader);
if (c.mss_fix > 0 && buf.size() > mss_no_tcp_ip_encap)

if (df && c.mss_fix > 0 && buf.size() > mss_no_tcp_ip_encap)
{
Ptb::generate_icmp_ptb(buf, clamp_to_typerange<unsigned short>(mss_no_tcp_ip_encap));
tun->tun_send(buf);
1 change: 1 addition & 0 deletions openvpn/ip/ip4.hpp
Original file line number Diff line number Diff line change
@@ -52,6 +52,7 @@ struct IPv4Header
enum
{
OFFMASK = 0x1fff,
DF = 0x4000,
};
std::uint16_t frag_off;

0 comments on commit 8b6f786

Please sign in to comment.