Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Set SO_SNDBUF on DTLS socket and handle -EAGAIN on it
The UDP would otherwise get a huge backlog of queued packets, and VoIP
over the VPN would become unusable.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Oct 3, 2013
1 parent 5387e04 commit 3444f81
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 6 deletions.
28 changes: 22 additions & 6 deletions dtls.c
Expand Up @@ -504,7 +504,7 @@ int dtls_try_handshake(struct openconnect_info *vpninfo)

int connect_dtls_socket(struct openconnect_info *vpninfo)
{
int dtls_fd, ret;
int dtls_fd, ret, sndbuf;

if (!vpninfo->dtls_addr) {
vpn_progress(vpninfo, PRG_ERR, _("No DTLS address\n"));
Expand Down Expand Up @@ -532,6 +532,9 @@ int connect_dtls_socket(struct openconnect_info *vpninfo)
return -EINVAL;
}

sndbuf = vpninfo->actual_mtu * 2;
setsockopt(dtls_fd, SOL_SOCKET, SO_SNDBUF, &sndbuf, sizeof(sndbuf));

if (vpninfo->dtls_local_port) {
union {
struct sockaddr_in in;
Expand Down Expand Up @@ -821,6 +824,7 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
}

/* Service outgoing packet queue */
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_wfds);
while (vpninfo->outgoing_queue) {
struct pkt *this = vpninfo->outgoing_queue;
int ret;
Expand All @@ -836,18 +840,24 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
if (ret <= 0) {
ret = SSL_get_error(vpninfo->dtls_ssl, ret);

/* If it's a real error, kill the DTLS connection and
requeue the packet to be sent over SSL */
if (ret != SSL_ERROR_WANT_READ && ret != SSL_ERROR_WANT_WRITE) {
if (ret == SSL_ERROR_WANT_WRITE) {
FD_SET(vpninfo->dtls_fd, &vpninfo->select_wfds);
vpninfo->outgoing_queue = this;
vpninfo->outgoing_qlen++;

} else if (ret != SSL_ERROR_WANT_READ) {
/* If it's a real error, kill the DTLS connection and
requeue the packet to be sent over SSL */
vpn_progress(vpninfo, PRG_ERR,
_("DTLS got write error %d. Falling back to SSL\n"),
ret);
openconnect_report_ssl_errors(vpninfo);
dtls_restart(vpninfo);
vpninfo->outgoing_queue = this;
vpninfo->outgoing_qlen++;
work_done = 1;
}
return 1;
return work_done;
}
#elif defined(DTLS_GNUTLS)
ret = gnutls_record_send(vpninfo->dtls_ssl, &this->hdr[7], this->len + 1);
Expand All @@ -859,8 +869,14 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
dtls_restart(vpninfo);
vpninfo->outgoing_queue = this;
vpninfo->outgoing_qlen++;
work_done = 1;
} else if (gnutls_record_get_direction(vpninfo->dtls_ssl)) {
FD_SET(vpninfo->dtls_fd, &vpninfo->select_wfds);
vpninfo->outgoing_queue = this;
vpninfo->outgoing_qlen++;
}
return 1;

return work_done;
}
#endif
time(&vpninfo->dtls_times.last_tx);
Expand Down
1 change: 1 addition & 0 deletions www/changelog.xml
Expand Up @@ -17,6 +17,7 @@
<ul>
<li><b>OpenConnect HEAD</b>
<ul>
<li>Reduce limit of queued packets on DTLS socket, to fix VoIP latency.</li>
<li>Fix Solaris build breakage due to missing <tt>&amp;lt;string.h&amp;gt;</tt> includes.</li>
<li>Include path in <tt>&amp;lt;group-access&amp;gt;</tt> node.</li>
</ul><br/>
Expand Down

0 comments on commit 3444f81

Please sign in to comment.