Fix DTLS MTU for GnuTLS

GnuTLS defaults to an MTU of 1200 (less the 13-byte overhead), and will
truncate data packets accordingly. We *really* don't want that...

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/dtls.c b/dtls.c
index 30351ee..190d578 100644 (file)
--- a/dtls.c
+++ b/dtls.c
@@ -36,6 +36,8 @@
 
 #include "openconnect-internal.h"
 
+#include <gnutls/dtls.h>
+
 static unsigned char nybble(unsigned char n)
 {
        if      (n >= '0' && n <= '9') return n - '0';
@@ -376,6 +378,8 @@ static int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd)
                vpninfo->dtls_attempt_period = 0;
                return -EINVAL;
        }
+       /* +1 for packet header, +13 for DTLS overhead */
+       gnutls_dtls_set_mtu(dtls_ssl, vpninfo->mtu + 14);
        gnutls_transport_set_ptr(dtls_ssl,
                                 (gnutls_transport_ptr_t)(long) dtls_fd);
        gnutls_record_disable_padding(dtls_ssl);

diff --git a/www/changelog.xml b/www/changelog.xml
index a3d4c2c..8f5226f 100644 (file)
--- a/www/changelog.xml
+++ b/www/changelog.xml
@@ -17,6 +17,7 @@
 <ul>
    <li><b>OpenConnect HEAD</b>
      <ul>
+       <li>Fix DTLS MTU issue with GnuTLS.</li>
        <li>Fix reconnect crash when compression is disabled.</li>
        <li>Fix build on systems like FreeBSD 8 without <tt>O_CLOEXEC</tt>.</li>
        <li>Add <tt>--dtls-local-port</tt> option.</li>