From patchwork Sat Aug 23 15:36:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4371 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:c414:b0:671:5a2c:6455 with SMTP id jt20csp4610468mab; Sat, 23 Aug 2025 08:37:20 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXUKJBvDDMRtBoFMrLdT4Zcxmjx7aMaoCuiuQc4Id0CTemiicM+hu1GO6Afoq4lPR+mY8Vmtw/sNDk=@openvpn.net X-Google-Smtp-Source: AGHT+IFdaoJDthpxmNPyFMh29aPjt6x1o9ERqFq3ktGSCmhT2RCGW/P4x44MHIf35634wNjkt/iE X-Received: by 2002:a05:6808:5146:b0:437:75ea:6c80 with SMTP id 5614622812f47-437852b0327mr3658886b6e.43.1755963440624; Sat, 23 Aug 2025 08:37:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1755963440; cv=none; d=google.com; s=arc-20240605; b=G3jZ9Jpjr1GAiwwz8CjfnYXppCOyHo4+zKqMzVVpkWWpF93sOMyF4t3o6w2nwCBYaC tcHhkKK1tA12DO0CyTZOypgium80Bp3TNN0jhpLWCv6dLPQ5mR+jZeyyV23MwBZ8ZxQl kr7rgy+ibxOy5m7vjRQ+vpdLQdZWtugY3PvJxuDb28DbhcIWVwEx4NiUELDN4mRX+WdG euYQ9JGHBawMOYc4goxfdVRhPolhm1PLfaeVi2Q/19I25S6IMogvzJNaQQqUIlclEURT bhKqZ+5gZCoVIWbUu+FDYduyk4HV10ZHsjRlo67Kv2XvX4jXzV1k1M5l2nnXojQ5LCvv VX/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=fYpNK7Piqn/hnHBc6kPZZGVH2maSTgnenrW8GZR8CwA=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=DsSwMNHdQCcbhho8zDp8YE+1UlhyQhFfLRPr58CZz9H1zkvmE7wZ3ySlo73n2xEAhJ /XioP7jrX4Xr01u3GeGykFQqAaujrHyB7geuopiPOPdXslKEKhSBTAJjDRw4tBfInLPH kztW3fa6iME5izhRb1lv9ajxZ8eltiQFXkmJucwD5ZovR0hNMxvvy4b62kVPu4bZXupc JfaMuxFt/QIfRBF6lqoask58bA4k8uCNY5YRVcbR1L8eFEa843qHREqvxLKRPKpyWAdG qUZnXGt4+d/PBKL5iFJ5KZHG0mB4esotois/ahP4YvoZAPqAmHhCx2v+2fKXCXpbIjzb QXEA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=AZb0Hmqn; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=FAZWvR6k; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=l8aIcqoq; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-314f7cc1a12si523454fac.197.2025.08.23.08.37.20 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 23 Aug 2025 08:37:20 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=AZb0Hmqn; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=FAZWvR6k; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=l8aIcqoq; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=fYpNK7Piqn/hnHBc6kPZZGVH2maSTgnenrW8GZR8CwA=; b=AZb0HmqnQ3BkcDJnDfCGJDJkfy pMzT/fjCB7FHLi213DRV5qkNd3oLzngCK5YLlx6fAuhp1FYqIwx97zKXHoDr7jNULZvGOdOdcG6rt TtZSXRtTn2IAitgkBoVuohS6x0ODxJbcfID92nYSEBypwYp0jxey8iKo5/r6GWinhLOY=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1upqIs-0000Fj-58; Sat, 23 Aug 2025 15:37:14 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1upqIk-0000FX-9c for openvpn-devel@lists.sourceforge.net; Sat, 23 Aug 2025 15:37:06 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=FjcQQ9KKZo9x6d0EWnmJqMn1lvfJZ8iphOhS71vzNQo=; b=FAZWvR6kVs80cueY/QwYt4/J6K PDFtg+xtPgV3P+cp7r+KM4VggozNBfDpNa9/+c9wAcMo2Xmur9RcO1RkXKLUtDZk6R6lyy36PBIan ku86oFkUfLF7Q4CHOtZh4JzphO1OzY9+MP1ojM7Nf3csY7xgoj4T2U1SFm+gg9rIbhbc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=FjcQQ9KKZo9x6d0EWnmJqMn1lvfJZ8iphOhS71vzNQo=; b=l8aIcqoqR+EL0qILWlI0DFyvAt 0o2PE5HctDVlKbpN/L5FQ27NE/PkkwbnXIqqeuwEjDeDx4FwKVnZxoi7Bh0Ud4h4C6NEPCKLoHFqJ U6NUktGmEkdJcGjfBRsxsIqp7BHMPiC7qAV2NSs4j+dhAerbcF+okriUmNzSQ6U4csgU=; Received: from [193.149.48.143] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1upqIi-0002ri-AJ for openvpn-devel@lists.sourceforge.net; Sat, 23 Aug 2025 15:37:05 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 57NFaqrm030966 for ; Sat, 23 Aug 2025 17:36:52 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 57NFaqnm030965 for openvpn-devel@lists.sourceforge.net; Sat, 23 Aug 2025 17:36:52 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Sat, 23 Aug 2025 17:36:46 +0200 Message-ID: <20250823153652.30938-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld There was some confusion about how the option was called... Change-Id: I5e240c35cd4236e1d845195e4634fd5008f61814 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1upqIi-0002ri-AJ Subject: [Openvpn-devel] [PATCH v1] Clean up documentation for --tun-mtu-max X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1841261120625158959?= X-GMAIL-MSGID: =?utf-8?q?1841261120625158959?= From: Frank Lichtenheld There was some confusion about how the option was called... Change-Id: I5e240c35cd4236e1d845195e4634fd5008f61814 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1152 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/doc/man-sections/vpn-network-options.rst b/doc/man-sections/vpn-network-options.rst index 4a64e8d..2a06ef6 100644 --- a/doc/man-sections/vpn-network-options.rst +++ b/doc/man-sections/vpn-network-options.rst @@ -587,7 +587,7 @@ packets larger than ``tun-mtu`` (e.g. Linux and FreeBSD) but other platforms (like macOS) limit received packets to the same size as the MTU. ---tun-max-mtu maxmtu +--tun-mtu-max maxmtu This configures the maximum MTU size that a server can push to ``maxmtu``, by configuring the internal buffers to allow at least this packet size. The default for ``maxmtu`` is 1600. Currently, only increasing beyond 1600 diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 5583274..9dd3b96 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2916,7 +2916,7 @@ /* We always allow at least 1600 MTU packets to be received in our buffer * space to allow server to push "baby giant" MTU sizes */ - frame->tun_max_mtu = max_int(1600, frame->tun_max_mtu); + frame->tun_max_mtu = max_int(TUN_MTU_MAX_MIN, frame->tun_max_mtu); size_t payload_size = frame->tun_max_mtu; diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h index 925ef0b..c092461 100644 --- a/src/openvpn/mtu.h +++ b/src/openvpn/mtu.h @@ -69,6 +69,11 @@ #define TUN_MTU_DEFAULT 1500 /* + * Minimum maximum MTU + */ +#define TUN_MTU_MAX_MIN 1600 + +/* * MTU Defaults for TAP devices */ #define TAP_MTU_EXTRA_DEFAULT 32 diff --git a/src/openvpn/options.c b/src/openvpn/options.c index e9584a8..0b16c5a 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -297,6 +297,7 @@ "--tun-mtu-extra n : Assume that tun/tap device might return as many\n" " as n bytes more than the tun-mtu size on read\n" " (default TUN=0 TAP=%d).\n" + "--tun-mtu-max n : Maximum pushable MTU (default and minimum=%d).\n" "--link-mtu n : Take the TCP/UDP device MTU to be n and derive the tun MTU\n" " from it.\n" "--mtu-disc type : Should we do Path MTU discovery on TCP/UDP channel?\n" @@ -4844,8 +4845,9 @@ fprintf(fp, usage_message, title_string, o.ce.connect_retry_seconds, o.ce.connect_retry_seconds_max, o.ce.local_port, o.ce.remote_port, TUN_MTU_DEFAULT, - TAP_MTU_EXTRA_DEFAULT, o.verbosity, o.authname, o.replay_window, o.replay_time, - o.tls_timeout, o.renegotiate_seconds, o.handshake_window, o.transition_window); + TAP_MTU_EXTRA_DEFAULT, TUN_MTU_MAX_MIN, o.verbosity, o.authname, o.replay_window, + o.replay_time, o.tls_timeout, o.renegotiate_seconds, o.handshake_window, + o.transition_window); fflush(fp); #endif /* ENABLE_SMALL */ @@ -7011,7 +7013,7 @@ options->ce.occ_mtu = 0; } } - else if (streq(p[0], "tun-mtu-max") && p[1] && !p[3]) + else if (streq(p[0], "tun-mtu-max") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_MTU | OPT_P_CONNECTION); int max_mtu = positive_atoi(p[1], msglevel); diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 889b268..4f6adfc 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -721,7 +721,7 @@ { msg(M_WARN, "Warning: reported maximum MTU from client (%d) is lower " - "than MTU used on the server (%d). Add tun-max-mtu %d " + "than MTU used on the server (%d). Add tun-mtu-max %d " "to client configuration.", client_max_mtu, o->ce.tun_mtu, o->ce.tun_mtu); }