• Daniel Lenski's avatar
    Align naming and commenting of mechanism for receiving oversize packets across protocols · 0281a8e1
    Daniel Lenski authored
    We've now implemented mechanisms to tolerate larger-than-expected packets for:
    
      - Uncompressed CSTP packets ("Fixed regression with CSTP MTU handling"
        patch in July 2016)
    
      - Uncompressed oNCP packets ("Do not drop vpn connection if packet arrived
        is larger than MTU" patch in May 2017)
    
      - Uncompressed GPST packets (in original merge from March 2018; this is a
        virtual necessity for GlobalProtect because it has no functional
        mechanism for negotiating the MTU)
    
      - Uncompressed ESP packets ("check for oversize ESP packets, with 256
        bytes of headroom above calculated" in March 2018; GlobalProtect requires
        this for the aforementioned reason)
    
      - Compressed CSTP packets (preceding patch in this series)
    
    Since this is a requiring issue across protocols, it's useful to align the
    naming, commenting, and packet sizing-tolerance across the source files.
    
      1) Use receive_mtu everywhere as the name for the maximum tolerated size of an
         incoming packet.
      2) Insert similar comments explaining its purpose everywhere it's used.
      3) Use receive_mtu = MAX(16384, vpninfo->ip_info.mtu) for all TLS-based
         tunnels, because 16384 is the maximum TLS record size.
      4) Use receive_mtu = MAX(2048, vpninfo->vpninfo->ip_info.mtu + 256) for
         all UDP-based tunnels, because the MTU of IP datagrams on the public
         internet is effectively ~1500.
    Signed-off-by: default avatarDaniel Lenski <dlenski@gmail.com>
    0281a8e1
Name
Last commit
Last update
android Loading commit data...
java Loading commit data...
m4 Loading commit data...
po Loading commit data...
tests Loading commit data...
www Loading commit data...
.gitignore Loading commit data...
.gitlab-ci.yml Loading commit data...
AUTHORS Loading commit data...
COPYING.LGPL Loading commit data...
Makefile.am Loading commit data...
README.DTLS Loading commit data...
README.TESTS Loading commit data...
TODO Loading commit data...
acinclude.m4 Loading commit data...
auth-common.c Loading commit data...
auth-globalprotect.c Loading commit data...
auth-juniper.c Loading commit data...
auth.c Loading commit data...
autogen.sh Loading commit data...
compat.c Loading commit data...
config.rpath Loading commit data...
configure.ac Loading commit data...
cstp.c Loading commit data...
digest.c Loading commit data...
dtls.c Loading commit data...
esp-seqno.c Loading commit data...
esp.c Loading commit data...
gnutls-dtls.c Loading commit data...
gnutls-esp.c Loading commit data...
gnutls.c Loading commit data...
gnutls.h Loading commit data...
gnutls_tpm.c Loading commit data...
gpst.c Loading commit data...
gssapi.c Loading commit data...
hipreport.sh Loading commit data...
http-auth.c Loading commit data...
http.c Loading commit data...
iconv.c Loading commit data...
jni.c Loading commit data...
libopenconnect.map.in Loading commit data...
library.c Loading commit data...
lzo.c Loading commit data...
lzo.h Loading commit data...
lzs.c Loading commit data...
main.c Loading commit data...
mainloop.c Loading commit data...
ntlm.c Loading commit data...
oath.c Loading commit data...
oncp.c Loading commit data...
openconnect-internal.h Loading commit data...
openconnect.8.in Loading commit data...
openconnect.h Loading commit data...
openconnect.ico Loading commit data...
openconnect.pc.in Loading commit data...
openconnect.rc Loading commit data...
openssl-dtls.c Loading commit data...
openssl-esp.c Loading commit data...
openssl-pkcs11.c Loading commit data...
openssl.c Loading commit data...
script.c Loading commit data...
ssl.c Loading commit data...
sspi.c Loading commit data...
stoken.c Loading commit data...
tncc-wrapper.py Loading commit data...
tun-win32.c Loading commit data...
tun.c Loading commit data...
version.sh Loading commit data...
win32-ipicmp.h Loading commit data...
xml.c Loading commit data...
yubikey.c Loading commit data...