2
* OpenVPN -- An application to securely tunnel IP networks
3
* over a single TCP/UDP port, with support for SSL/TLS-based
4
* session authentication and key exchange,
5
* packet encryption, packet authentication, and
8
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
10
* This program is free software; you can redistribute it and/or modify
11
* it under the terms of the GNU General Public License version 2
12
* as published by the Free Software Foundation.
14
* This program is distributed in the hope that it will be useful,
15
* but WITHOUT ANY WARRANTY; without even the implied warranty of
16
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17
* GNU General Public License for more details.
19
* You should have received a copy of the GNU General Public License
20
* along with this program (see the file COPYING included with this
21
* distribution); if not, write to the Free Software Foundation, Inc.,
22
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
31
* Lower MSS on TCP SYN packets to fix MTU
32
* problems which arise from protocol
36
mss_fixup (struct buffer *buf, int maxmss)
38
const struct openvpn_iphdr *pip;
41
if (BLEN (buf) < (int) sizeof (struct openvpn_iphdr))
45
pip = (struct openvpn_iphdr *) BPTR (buf);
47
hlen = OPENVPN_IPH_GET_LEN (pip->version_len);
49
if (pip->protocol == OPENVPN_IPPROTO_TCP
50
&& ntohs (pip->tot_len) == BLEN (buf)
51
&& (ntohs (pip->frag_off) & OPENVPN_IP_OFFMASK) == 0
54
>= (int) sizeof (struct openvpn_tcphdr))
56
struct buffer newbuf = *buf;
57
if (buf_advance (&newbuf, hlen))
59
struct openvpn_tcphdr *tc = (struct openvpn_tcphdr *) BPTR (&newbuf);
60
if (tc->flags & OPENVPN_TCPH_SYN_MASK)
61
mss_fixup_dowork (&newbuf, (uint16_t) maxmss);
67
mss_fixup_dowork (struct buffer *buf, uint16_t maxmss)
69
int hlen, olen, optlen;
73
struct openvpn_tcphdr *tc;
75
ASSERT (BLEN (buf) >= (int) sizeof (struct openvpn_tcphdr));
78
tc = (struct openvpn_tcphdr *) BPTR (buf);
79
hlen = OPENVPN_TCPH_GET_DOFF (tc->doff_res);
81
/* Invalid header length or header without options. */
82
if (hlen <= (int) sizeof (struct openvpn_tcphdr)
86
for (olen = hlen - sizeof (struct openvpn_tcphdr),
87
opt = (uint8_t *)(tc + 1);
89
olen -= optlen, opt += optlen) {
90
if (*opt == OPENVPN_TCPOPT_EOL)
92
else if (*opt == OPENVPN_TCPOPT_NOP)
96
if (optlen <= 0 || optlen > olen)
98
if (*opt == OPENVPN_TCPOPT_MAXSEG) {
99
if (optlen != OPENVPN_TCPOLEN_MAXSEG)
101
mss = (uint16_t *)(opt + 2);
102
if (ntohs (*mss) > maxmss) {
103
dmsg (D_MSS, "MSS: %d -> %d",
107
*mss = htons (maxmss);
109
ADJUST_CHECKSUM (accumulate, tc->check);