From e99882a2347c5a55c78cdbe1c692bded77b046c1 Mon Sep 17 00:00:00 2001 From: kolla Date: Fri, 11 Sep 2009 13:45:47 +0000 Subject: Added Stefan's UDP fragmentation fix git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@510 e88ac4ed-0b26-0410-9574-a7f39faa03bf --- radsecproxy.c | 3 +++ util.c | 25 +++++++++++++++++++++++++ util.h | 1 + 3 files changed, 29 insertions(+) diff --git a/radsecproxy.c b/radsecproxy.c index f0d1fef..142614e 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -1901,6 +1901,9 @@ void createlistener(uint8_t type, char *arg) { continue; } setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); + + disable_DF_bit(s, res); + #ifdef IPV6_V6ONLY if (res->ai_family == AF_INET6) setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)); diff --git a/util.c b/util.c index be304cb..9c5c654 100644 --- a/util.c +++ b/util.c @@ -137,6 +137,28 @@ int connectport(int type, char *host, char *port) { } #endif +/* Disable the "Don't Fragment" bit for UDP sockets. It is set by default, which may cause an "oversized" + RADIUS packet to be discarded on first attempt (due to Path MTU discovery). +*/ + +void disable_DF_bit(int socket, struct addrinfo *res) { + if ((res->ai_family == AF_INET) && (res->ai_socktype == SOCK_DGRAM)) { +#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT) + /* + * Turn off Path MTU discovery on IPv4/UDP sockets, Linux variant. + */ + int r, action; + debug(DBG_INFO, "disable_DF_bit: disabling DF bit (Linux variant)"); + action = IP_PMTUDISC_DONT; + r = setsockopt(socket, IPPROTO_IP, IP_MTU_DISCOVER, &action, sizeof(action)); + if (r == -1) + debug(DBG_WARN, "Failed to set IP_MTU_DISCOVER"); +#else + debug(DBG_INFO, "Non-Linux platform, unable to unset DF bit for UDP. You should check with tcpdump whether radsecproxy will send its UDP packets with DF bit set!"); +#endif + } +} + int bindtoaddr(struct addrinfo *addrinfo, int family, int reuse, int v6only) { int s, on = 1; struct addrinfo *res; @@ -149,6 +171,9 @@ int bindtoaddr(struct addrinfo *addrinfo, int family, int reuse, int v6only) { debug(DBG_WARN, "bindtoaddr: socket failed"); continue; } + + disable_DF_bit(s,res); + if (reuse) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); #ifdef IPV6_V6ONLY diff --git a/util.h b/util.h index 1272b74..4ed8d01 100644 --- a/util.h +++ b/util.h @@ -15,6 +15,7 @@ struct sockaddr *addr_copy(struct sockaddr *in); void port_set(struct sockaddr *sa, uint16_t port); void printfchars(char *prefixfmt, char *prefix, char *charfmt, char *chars, int len); +void disable_DF_bit(int socket, struct addrinfo *res); int bindtoaddr(struct addrinfo *addrinfo, int family, int reuse, int v6only); int connecttcp(struct addrinfo *addrinfo, struct addrinfo *src, uint16_t timeout); -- cgit v1.1