[Openvpn-devel] Man for mssfix

Fri, 23 Nov 2018 00:50:41 -0800 

Hi,

I think that man page statement about "mssfix" doesn't fully reflect actual
functionality. Specifically, man page says:

              Announce to TCP sessions running over the tunnel that they
should limit their send packet sizes such that after OpenVPN has
encapsulated them, the resulting UDP packet size that OpenVPN sends to its
peer will not exceed max bytes. The  default  value is 1450.

              The max parameter is interpreted in the same way as the
--link-mtu parameter, i.e. the UDP packet size after encapsulation overhead
has been added in, but not including the UDP header itself. Resulting
packet would be at most 28 bytes larger for IPv4 and 48 bytes for IPv6
(20/40 bytes for IP header and 8 bytes for UDP header).

So it means that with "mssfix" 1300 resulting IPv4 packet size would be at
most 1328.

This is what I see in Wireshark (server - git master, client 2.4.6):

Internet Protocol Version 4, Src: 128.199.xxx.yyy, Dst: 10.0.200.20
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Total Length: 1300
    Protocol: UDP (17)
User Datagram Protocol, Src Port: 1194, Dst Port: 1194
    Source Port: 1194
    Destination Port: 1194
    Length: 1280
OpenVPN Protocol
    Type: 0x49 [opcode/key_id]
    Peer ID: 0
    Data (1268 bytes)

While man page statement is technically correct - UDP packet size is 1300,
which is "at most 1328", I think it should say:

> the resulting IP packet size that OpenVPN sends to its peer will not
exceed max bytes

and

> The max parameter is interpreted in the same way as the --link-mtu
parameter, i.e. the IP packet size
after encapsulation overhead has been added in, including UDP and IP
headers.

Same results without explicitly defining mssfix - IP packet size is 1450
(which is default value).

Most likely initially mssfix has worked as stated in man but then
implementation has changed. So either
we may want to fix implementation or change man. Since mssfix behaves like
link-mtu, maybe we could also
change its default value to 1500 to get 50 more bytes for payload.

What do you think?

--
-Lev

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel














    











					Reply via email to