Hi, On Thu, Feb 10, 2022 at 05:26:26PM +0100, Arne Schwabe wrote: > The current default is 1450, which translates to 1478 byte packets for udp4 > and 1498 byte packets for udp6. This commit changes the mssfix default > to take the outer IP overhead into account as well and changes the target to > 1492. 1492 was picked in our community meeting for being a very common > encapsulation upper bound. > > The change also disables an mssfix default if tun-mtu is set to a value > different than 1500.
I think this needs a followup patch... I'll apply it (as it does what
it says on the lid), but it needs further work, see below.
Feature-ACK on having "1492 mtu" by default, so that is good.
It should have a Changes.rst entry for "User-visible Changes" - I tried
to draft something, but then decided to send it back via the list. Here's
my draft text
- :code:`--mssfix` default has been changed from 1450 to ``1492 mtu`` to
take IPv4 or IPv6 encap and today's typical SoHo internet links into
account. If :code:`--tun-mtu` is changed from the default setting,
the default for :code:`--mssfix` is now ``off``
Also, the patch needs to change the manpage from
"Default value of 1450 allows ..."
to
"Default value of ``1492 mtu`` allows packets to be transmitted
over a link with MTU 1492 or higher without IP level fragmentation.
If :code:`tun-mtu` is used to set a value != 1500, mssfix needs
to be configured with an explicit value, as no default applies."
(or such)
The code itself looks a bit fumbly with changing "o->ce.mssfix_encap = true"
in the defaults section, just to change it back to "false" in the options.c
handler - why not leave it at false, as it's set to "true" anyway at
setting MSSFIX_DEFAULT?
But my main concern is this combination of options:
--tun_mtu 1400 --mssfix
what would the user expect OpenVPN to do here? I would expect "apply
mssfix handling, in a reasonable fashion for the configured tun_mtu",
but what OpenVPN does is "turn off mssfix, because, not 1500".
So the default "no mssfix in the config" and "mssfix without arguments"
are handled the same way. If this is intentional ("mssfix without
arguments does nothing if the tun_mtu is not 1500") it should be
documented.
This said, the patch applies and works fine.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
