From patchwork Fri Jun 24 01:13:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2551 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id oMPEBJictWKVWQAAIUCqbw (envelope-from ) for ; Fri, 24 Jun 2022 07:14:32 -0400 Received: from proxy6.mail.iad3b.rsapps.net ([172.31.255.6]) by director12.mail.ord1d.rsapps.net with LMTP id uCafBJictWIzbAAAIasKDg (envelope-from ) for ; Fri, 24 Jun 2022 07:14:32 -0400 Received: from smtp18.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy6.mail.iad3b.rsapps.net with LMTPS id qDyzOpectWK2PAAARawThA (envelope-from ) for ; Fri, 24 Jun 2022 07:14:31 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp18.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: d19bf412-f3ae-11ec-aeb0-5254009ad1d4-1-1 Received: from [216.105.38.7] ([216.105.38.7:53732] helo=lists.sourceforge.net) by smtp18.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id C6/D9-11246-79C95B26; Fri, 24 Jun 2022 07:14:31 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1o4hFk-0004qr-M8; Fri, 24 Jun 2022 11:13:32 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1o4hFg-0004qB-Nf for openvpn-devel@lists.sourceforge.net; Fri, 24 Jun 2022 11:13:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=8hvO+kwkeI74osDPX/HwElr16u1+P2zPz3wEAycOQQo=; b=Bgm818dyPFWh2tmLLjAE/YpFDp 8ImZa4NnZwtRBuuxiRwdgHovhB21OzuZyph8IGeRr4v2NFpfVkzda7D9K2Kx6rx7XAYaWLZZ8Nl4s iwd0+9wYVSl27QAWAMJ53dE/1IkVgmfKDsU7FYfsB9XlXt4LB1WBliJDmz28C6JrpWzs=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=8hvO+kwkeI74osDPX/HwElr16u1+P2zPz3wEAycOQQo=; b=YDUM5mxIlvX3nHch3gKDeYrSUP kiydoQsvYgNDK+mkBUpf1DqUw7IGnyGt7t6nllDTb38KisFU+q6VKxqbS4T2vOOETLXJDu8Ny7/RX B9gam5Lq5B5JAwJJ1ItJDRzpPJqkKEubWUgZEnz32UeWj1Z+JuYUg4UUSGrZzJ1FyBqo=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1o4hFf-0002aC-UL for openvpn-devel@lists.sourceforge.net; Fri, 24 Jun 2022 11:13:28 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1o4hFX-0007m3-20 for openvpn-devel@lists.sourceforge.net; Fri, 24 Jun 2022 13:13:19 +0200 Received: (nullmailer pid 3220031 invoked by uid 10006); Fri, 24 Jun 2022 11:13:18 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 24 Jun 2022 13:13:16 +0200 Message-Id: <20220624111318.3219982-2-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220624111318.3219982-1-arne@rfc2549.org> References: <20220624111318.3219982-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: We could also just hardcode this value to 1420 but this approach does not add much (complicated) code and it is a bit better than to have a magic number to just be there. Signed-off-by: Arne Schwabe --- src/openvpn/mtu.c | 22 ++++++++++++++++++++++ src/openvpn/mtu.h | 14 ++++++++++++++ tests/unit_tests/openvpn/test_crypto.c | 19 ++++++++++++++++++- 3 [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1o4hFf-0002aC-UL Subject: [Openvpn-devel] [PATCH v2 2/4] Implement a function to calculate the default MTU X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox We could also just hardcode this value to 1420 but this approach does not add much (complicated) code and it is a bit better than to have a magic number to just be there. Signed-off-by: Arne Schwabe --- src/openvpn/mtu.c | 22 ++++++++++++++++++++++ src/openvpn/mtu.h | 14 ++++++++++++++ tests/unit_tests/openvpn/test_crypto.c | 19 ++++++++++++++++++- 3 files changed, 54 insertions(+), 1 deletion(-) diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 59b917985..0cad9b1c9 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -205,6 +205,28 @@ calc_options_string_link_mtu(const struct options *o, const struct frame *frame) return payload + overhead; } +int +frame_calculate_default_mtu(struct options *o) +{ + struct options options = *o; + + /* assume we have peer_id enabled */ + options.use_peer_id = true; + + /* We use IPv6+UDP here to have a consistent size for tun MTU no matter + * the combination of udp/tcp and IPv4/IPv6 */ + int encap_overhead = datagram_overhead(AF_INET6, PROTO_UDP); + + struct key_type kt; + init_key_type(&kt, "AES-256-GCM", "none", true, false); + + size_t payload_overhead = frame_calculate_payload_overhead(0, &options, &kt, false); + size_t protocol_overhead = frame_calculate_protocol_header_size(&kt, &options, false); + + return MTU_ENCAP_DEFAULT - encap_overhead - payload_overhead - protocol_overhead; + +} + void frame_print(const struct frame *frame, int level, diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h index 9db6cf26a..d643027d3 100644 --- a/src/openvpn/mtu.h +++ b/src/openvpn/mtu.h @@ -79,6 +79,10 @@ */ #define MSSFIX_DEFAULT 1492 +/* The default size we aim to reach to with our VPN packets by setting + * the MTU accordingly */ +#define MTU_ENCAP_DEFAULT 1492 + /* * Alignment of payload data such as IP packet or * ethernet frame. @@ -260,6 +264,16 @@ void alloc_buf_sock_tun(struct buffer *buf, const struct frame *frame, const bool tuntap_buffer); + +/** + * Function to calculate the default MTU for Layer 3 VPNs. The function + * assumes that UDP packets should be a maximum of \c MTU_ENCAP_DEFAULT (1492) + * with a AEAD cipher. This default comes out to be 1420. + */ +int +frame_calculate_default_mtu(struct options *o); + + /* * EXTENDED_SOCKET_ERROR_CAPABILITY functions -- print extra error info * on socket errors, such as PMTU size. As of 2003.05.11, only works diff --git a/tests/unit_tests/openvpn/test_crypto.c b/tests/unit_tests/openvpn/test_crypto.c index 83572b827..ca595b0a5 100644 --- a/tests/unit_tests/openvpn/test_crypto.c +++ b/tests/unit_tests/openvpn/test_crypto.c @@ -477,6 +477,22 @@ test_mssfix_mtu_calculation(void **state) gc_free(&gc); } + +static void +test_mtu_default_calculation(void **state) +{ + struct options o = {0}; + + /* common defaults */ + o.ce.tun_mtu = 1400; + o.ce.mssfix = 1000; + o.replay = true; + o.ce.proto = PROTO_UDP; + + size_t mtu = frame_calculate_default_mtu(&o); + assert_int_equal(1420, mtu); +} + int main(void) { @@ -487,7 +503,8 @@ main(void) cmocka_unit_test(crypto_test_hmac), cmocka_unit_test(test_des_encrypt), cmocka_unit_test(test_occ_mtu_calculation), - cmocka_unit_test(test_mssfix_mtu_calculation) + cmocka_unit_test(test_mssfix_mtu_calculation), + cmocka_unit_test(test_mtu_default_calculation) }; #if defined(ENABLE_CRYPTO_OPENSSL)