Hi, > > Looks good to me; thanks. Just need to work out how to cross-build it > > (I can muster up a Windows VM for testing, but *building* on it is > > beyond my tolerance of Windows for now). > > +1 to all that.
Don't worry. Once Jason is back, reviews and (hopefully) approves the changes, we shall prepare an official release for you. > > We'll also need to be able to WintunAllocateSendPacket() of the full > > possible MTU, then receive and decrypt into that, and send only the > > actual size of the packet we received. How about this: https://git.zx2c4.com/wintun/commit/?id=03b6cd410c8963d1888966edf31fdc35a4c8b523 Should be backward compatible. Tested with the existing stable wireguard-windows release 0.3.10. > There are two cases worth considering where the packet size could > actually *expand*: > > 1) Some VPN protocols support compression of the tunneled packets. It > would be bad behavior to use this to stuff a packet of >(advertised > MTU) bytes in <(advertised MTU) bytes, but it wouldn't surprise me if it > exists in the wild. We now deal with receipt of larger-than-expected-MTU > packets in OpenConnect in a relatively uniform way: allocate MAX(mtu, > 16384) bytes for packets coming from the VPN (if using TLS transport) or > MAX(mtu, 2048) if using DTLS. > 2) Some VPN protocols concatenate multiple packets into a single > aggregate on the wire. On Linux we can decrypt, truncate, and send to > the tunnel interface without further copying. > > Case (1) can be handled with overallocate-and-shrink. Case (2) is pretty > rare among the protocols that OpenConnect supports, so fallback to > memcpy seems fine. Phew! Thanks. :) Regards, Simon
