diff --git a/mud b/mud index 5aeb0a3..b809bf0 160000 --- a/mud +++ b/mud @@ -1 +1 @@ -Subproject commit 5aeb0a3cb2da07008d0361c9c0d786e8b92e4ac3 +Subproject commit b809bf07855518ac229e08cd2e928e2f3e955961 diff --git a/src/bind.c b/src/bind.c index d869bea..f7a7cf2 100644 --- a/src/bind.c +++ b/src/bind.c @@ -6,7 +6,6 @@ #include "tun.h" #include -#include #include #include @@ -17,8 +16,6 @@ #define O_CLOEXEC 0 #endif -#define GT_MTU(X) ((X)-28) - static void fd_set_nonblock(int fd) { @@ -91,13 +88,19 @@ gt_setup_secretkey(struct mud *mud, const char *keyfile) static size_t gt_setup_mtu(struct mud *mud, const char *tun_name) { + static size_t oldmtu = 0; size_t mtu = mud_get_mtu(mud); + if (mtu == oldmtu) + return mtu; + gt_log("setup MTU to %zu on interface %s\n", mtu, tun_name); if (iface_set_mtu(tun_name, mtu) == -1) perror("tun_set_mtu"); + oldmtu = mtu; + return mtu; } @@ -111,12 +114,7 @@ gt_bind(int argc, char **argv) const char *dev = NULL; const char *keyfile = NULL; size_t bufsize = 64 * 1024 * 1024; - size_t mtu = 1500; - - struct argz mtuz[] = { - {"auto", NULL, NULL, argz_option}, - {NULL, "BYTES", &mtu, argz_bytes}, - {NULL}}; + size_t mtu = 1330; struct argz toz[] = { {NULL, "IPADDR", &peer_addr, argz_addr}, @@ -128,7 +126,7 @@ gt_bind(int argc, char **argv) {NULL, "PORT", &bind_port, argz_ushort}, {"to", NULL, &toz, argz_option}, {"dev", "NAME", &dev, argz_str}, - {"mtu", NULL, &mtuz, argz_option}, + {"mtu", "BYTES", &mtu, argz_option}, {"keyfile", "FILE", &keyfile, argz_str}, {"chacha", NULL, NULL, argz_option}, {"persist", NULL, NULL, argz_option}, @@ -148,19 +146,9 @@ gt_bind(int argc, char **argv) return 1; } - int mtu_auto = argz_is_set(mtuz, "auto"); int chacha = argz_is_set(bindz, "chacha"); int persist = argz_is_set(bindz, "persist"); - int icmp_fd = -1; - - if (mtu_auto && (peer_addr.ss_family == AF_INET)) { - icmp_fd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); - - if (icmp_fd == -1) - gt_log("couldn't create ICMP socket\n"); - } - struct mud *mud = mud_create((struct sockaddr *)&bind_addr); if (!mud) { @@ -183,8 +171,6 @@ gt_bind(int argc, char **argv) chacha = 1; } - mud_set_mtu(mud, GT_MTU(mtu)); - char tun_name[64]; int tun_fd = tun_create(tun_name, sizeof(tun_name) - 1, dev); @@ -193,6 +179,9 @@ gt_bind(int argc, char **argv) return 1; } + mud_set_mtu(mud, mtu); + mtu = gt_setup_mtu(mud, tun_name); + if (tun_set_persist(tun_fd, persist) == -1) perror("tun_set_persist"); @@ -203,8 +192,6 @@ gt_bind(int argc, char **argv) } } - mtu = gt_setup_mtu(mud, tun_name); - int ctl_fd = ctl_create("/run/" PACKAGE_NAME, tun_name); if (ctl_fd == -1) { @@ -216,7 +203,6 @@ gt_bind(int argc, char **argv) fd_set_nonblock(tun_fd); fd_set_nonblock(mud_fd); - fd_set_nonblock(icmp_fd); fd_set_nonblock(ctl_fd); gt_log("running...\n"); @@ -224,16 +210,13 @@ gt_bind(int argc, char **argv) fd_set rfds; FD_ZERO(&rfds); - int last_fd = 1 + MAX(tun_fd, MAX(mud_fd, MAX(ctl_fd, icmp_fd))); + int last_fd = 1 + MAX(tun_fd, MAX(mud_fd, ctl_fd)); while (!gt_quit) { FD_SET(tun_fd, &rfds); FD_SET(mud_fd, &rfds); FD_SET(ctl_fd, &rfds); - if (icmp_fd != -1) - FD_SET(icmp_fd, &rfds); - if (select(last_fd, &rfds, NULL, NULL, NULL) == -1) { if (errno != EBADF) continue; @@ -241,22 +224,7 @@ gt_bind(int argc, char **argv) return 1; } - if (icmp_fd != -1 && FD_ISSET(icmp_fd, &rfds)) { - struct ip_common ic; - struct sockaddr_storage ss; - socklen_t sl = sizeof(ss); - - ssize_t r = recvfrom(icmp_fd, buf, bufsize, 0, - (struct sockaddr *)&ss, &sl); - - if (!ip_get_common(&ic, buf, r)) { - size_t mtu = ip_get_mtu(&ic, buf, r); - if (mtu > 0) { - gt_log("received MTU from ICMP: %zu\n", mtu); - mud_set_mtu(mud, GT_MTU(mtu)); - } - } - } + mtu = gt_setup_mtu(mud, tun_name); if (FD_ISSET(ctl_fd, &rfds)) { struct ctl_msg req, res = {.reply = 1}; @@ -299,9 +267,9 @@ gt_bind(int argc, char **argv) } break; case CTL_MTU: - mud_set_mtu(mud, GT_MTU((size_t)req.mtu)); - res.mtu = gt_setup_mtu(mud, tun_name); - mtu = res.mtu; + mud_set_mtu(mud, (size_t)req.mtu); + mtu = gt_setup_mtu(mud, tun_name); + res.mtu = mtu; break; case CTL_TC: if (mud_set_tc(mud, req.tc)) @@ -317,7 +285,6 @@ gt_bind(int argc, char **argv) break; case CTL_STATUS: res.status.mtu = mtu; - res.status.mtu_auto = (icmp_fd != -1); res.status.chacha = chacha; res.status.bind = bind_addr; res.status.peer = peer_addr; @@ -375,11 +342,12 @@ gt_bind(int argc, char **argv) int r = mud_send(mud, &buf[p], q - p, tc); - if (r == -1 && errno == EMSGSIZE) { - mtu = gt_setup_mtu(mud, tun_name); - } else { - if (r == -1 && errno != EAGAIN) + if (r == -1) { + if (errno == EMSGSIZE) { + mtu = gt_setup_mtu(mud, tun_name); + } else if (errno != EAGAIN) { perror("mud_send"); + } } p = q; diff --git a/src/ctl.h b/src/ctl.h index d0f63a6..2203a9d 100644 --- a/src/ctl.h +++ b/src/ctl.h @@ -26,7 +26,6 @@ struct ctl_msg { struct mud_path path_status; struct { size_t mtu; - int mtu_auto; int chacha; struct sockaddr_storage bind; struct sockaddr_storage peer; diff --git a/src/show.c b/src/show.c index f053671..cb843f7 100644 --- a/src/show.c +++ b/src/show.c @@ -32,25 +32,21 @@ gt_show_dev_status(int fd, const char *dev) printf("server %s:\n" " bind: %s port %"PRIu16"\n" " mtu: %zu\n" - " auto mtu: %s\n" " cipher: %s\n", dev, bindstr, gt_get_port((struct sockaddr *)&res.status.bind), res.status.mtu, - res.status.mtu_auto ? "enabled" : "disabled", res.status.chacha ? "chacha20poly1305" : "aes256gcm"); } else { printf("client %s:\n" " bind: %s port %"PRIu16"\n" " peer: %s port %"PRIu16"\n" " mtu: %zu\n" - " auto mtu: %s\n" " cipher: %s\n", dev, bindstr, gt_get_port((struct sockaddr *)&res.status.bind), peerstr, gt_get_port((struct sockaddr *)&res.status.peer), res.status.mtu, - res.status.mtu_auto ? "enabled" : "disabled", res.status.chacha ? "chacha20poly1305" : "aes256gcm"); } diff --git a/systemd/glorytun-setup b/systemd/glorytun-setup index 21a214e..abfdaa9 100755 --- a/systemd/glorytun-setup +++ b/systemd/glorytun-setup @@ -45,7 +45,7 @@ HOST=$HOST PORT=$PORT BIND=$BIND BIND_PORT=$BIND_PORT -OPTIONS="mtu auto" +OPTIONS= EOF ( umask 077; echo "$KEY" > "$DIR/key" ) diff --git a/systemd/glorytun@.service.in b/systemd/glorytun@.service.in index 832d693..00cbc64 100644 --- a/systemd/glorytun@.service.in +++ b/systemd/glorytun@.service.in @@ -8,7 +8,7 @@ Restart=always EnvironmentFile=/etc/glorytun/%i/env ExecStart=@bindir@/glorytun-run keyfile /etc/glorytun/%i/key $OPTIONS ExecStartPost=-/etc/glorytun/%i/post.sh -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW +CapabilityBoundingSet=CAP_NET_ADMIN [Install] WantedBy=multi-user.target