src/openvpn/mss.c

   1 /*
   2  *  OpenVPN -- An application to securely tunnel IP networks
   3  *             over a single TCP/UDP port, with support for SSL/TLS-based
   4  *             session authentication and key exchange,
   5  *             packet encryption, packet authentication, and
   6  *             packet compression.
   7  *
   8  *  Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
   9  *
  10  *  This program is free software; you can redistribute it and/or modify
  11  *  it under the terms of the GNU General Public License version 2
  12  *  as published by the Free Software Foundation.
  13  *
  14  *  This program is distributed in the hope that it will be useful,
  15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  *  GNU General Public License for more details.
  18  *
  19  *  You should have received a copy of the GNU General Public License
  20  *  along with this program (see the file COPYING included with this
  21  *  distribution); if not, write to the Free Software Foundation, Inc.,
  22  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  23  */
  24
  25 #ifdef WIN32
  26 #include "config-win32.h"
  27 #else
  28 #include "config.h"
  29 #endif
  30
  31 #include "syshead.h"
  32 #include "error.h"
  33 #include "mss.h"
  34 #include "memdbg.h"
  35
  36 /*
  37  * Lower MSS on TCP SYN packets to fix MTU
  38  * problems which arise from protocol
  39  * encapsulation.
  40  */
  41 void
  42 mss_fixup (struct buffer *buf, int maxmss)
  43 {
  44   const struct openvpn_iphdr *pip;
  45   int hlen;
  46
  47   if (BLEN (buf) < (int) sizeof (struct openvpn_iphdr))
  48     return;
  49
  50   verify_align_4 (buf);
  51   pip = (struct openvpn_iphdr *) BPTR (buf);
  52
  53   hlen = OPENVPN_IPH_GET_LEN (pip->version_len);
  54
  55   if (pip->protocol == OPENVPN_IPPROTO_TCP
  56       && ntohs (pip->tot_len) == BLEN (buf)
  57       && (ntohs (pip->frag_off) & OPENVPN_IP_OFFMASK) == 0
  58       && hlen <= BLEN (buf)
  59       && BLEN (buf) - hlen
  60          >= (int) sizeof (struct openvpn_tcphdr))
  61     {
  62       struct buffer newbuf = *buf;
  63       if (buf_advance (&newbuf, hlen))
  64         {
  65           struct openvpn_tcphdr *tc = (struct openvpn_tcphdr *) BPTR (&newbuf);
  66           if (tc->flags & OPENVPN_TCPH_SYN_MASK)
  67             mss_fixup_dowork (&newbuf, (uint16_t) maxmss);
  68         }
  69     }
  70 }
  71
  72 void
  73 mss_fixup_dowork (struct buffer *buf, uint16_t maxmss)
  74 {
  75   int hlen, olen, optlen;
  76   uint8_t *opt;
  77   uint16_t *mss;
  78   int accumulate;
  79   struct openvpn_tcphdr *tc;
  80
  81   ASSERT (BLEN (buf) >= (int) sizeof (struct openvpn_tcphdr));
  82
  83   verify_align_4 (buf);
  84   tc = (struct openvpn_tcphdr *) BPTR (buf);
  85   hlen = OPENVPN_TCPH_GET_DOFF (tc->doff_res);
  86
  87   /* Invalid header length or header without options. */
  88   if (hlen <= (int) sizeof (struct openvpn_tcphdr)
  89       || hlen > BLEN (buf))
  90     return;
  91
  92   for (olen = hlen - sizeof (struct openvpn_tcphdr),
  93          opt = (uint8_t *)(tc + 1);
  94        olen > 0;
  95        olen -= optlen, opt += optlen) {
  96     if (*opt == OPENVPN_TCPOPT_EOL)
  97       break;
  98     else if (*opt == OPENVPN_TCPOPT_NOP)
  99       optlen = 1;
 100     else {
 101       optlen = *(opt + 1);
 102       if (optlen <= 0 || optlen > olen)
 103         break;
 104       if (*opt == OPENVPN_TCPOPT_MAXSEG) {
 105         if (optlen != OPENVPN_TCPOLEN_MAXSEG)
 106           continue;
 107         mss = (uint16_t *)(opt + 2);
 108         if (ntohs (*mss) > maxmss) {
 109           dmsg (D_MSS, "MSS: %d -> %d",
 110                (int) ntohs (*mss),
 111                (int) maxmss);
 112           accumulate = *mss;
 113           *mss = htons (maxmss);
 114           accumulate -= *mss;
 115           ADJUST_CHECKSUM (accumulate, tc->check);
 116         }
 117       }
 118     }
 119   }
 120 }