diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2015-06-16 16:06:13 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2015-07-28 13:27:33 +0200 |
| commit | 4d02c49eadc00625189c5466286b9f670e47e51f (patch) | |
| tree | 99b86c9b5fa31505ec2a4ba1bf02a029f24f158b | |
| parent | c6822051135a02651b3c95d67870ed334678a9a0 (diff) | |
| download | strongswan-4d02c49eadc00625189c5466286b9f670e47e51f.tar.bz2 strongswan-4d02c49eadc00625189c5466286b9f670e47e51f.tar.xz | |
android: Apply configured MTU
While it is stored as property of individual profiles it is really a
global setting because we currently don't support more than one
connection.
4 files changed, 22 insertions, 7 deletions
diff --git a/src/frontends/android/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/jni/libandroidbridge/backend/android_service.c index b11e66464..34fe4dac9 100644 --- a/src/frontends/android/jni/libandroidbridge/backend/android_service.c +++ b/src/frontends/android/jni/libandroidbridge/backend/android_service.c @@ -32,8 +32,6 @@ typedef struct private_android_service_t private_android_service_t; -#define TUN_DEFAULT_MTU 1400 - /** * private data of Android service */ @@ -70,6 +68,11 @@ struct private_android_service_t { int tunfd; /** + * MTU of TUN device + */ + int mtu; + + /** * DNS proxy */ android_dns_proxy_t *dns_proxy; @@ -176,7 +179,7 @@ static job_requeue_t handle_plain(private_android_service_t *this) return JOB_REQUEUE_DIRECT; } - raw = chunk_alloc(TUN_DEFAULT_MTU); + raw = chunk_alloc(this->mtu); len = read(tunfd, raw.ptr, raw.len); if (len < 0) { @@ -294,7 +297,7 @@ static bool setup_tun_device(private_android_service_t *this, return FALSE; } if (!add_routes(builder, child_sa) || - !builder->set_mtu(builder, TUN_DEFAULT_MTU)) + !builder->set_mtu(builder, this->mtu)) { return FALSE; } @@ -827,6 +830,7 @@ android_service_t *android_service_create(android_creds_t *creds, .settings = settings, .creds = creds, .tunfd = -1, + .mtu = settings->get_int(settings, "global.mtu", ANDROID_DEFAULT_MTU), ); /* only allow queries for the VPN gateway */ this->dns_proxy->add_hostname(this->dns_proxy, diff --git a/src/frontends/android/jni/libandroidbridge/charonservice.c b/src/frontends/android/jni/libandroidbridge/charonservice.c index 5b4d649ae..f94da0515 100644 --- a/src/frontends/android/jni/libandroidbridge/charonservice.c +++ b/src/frontends/android/jni/libandroidbridge/charonservice.c @@ -44,7 +44,6 @@ #define ANDROID_RETRASNMIT_TRIES 3 #define ANDROID_RETRANSMIT_TIMEOUT 2.0 #define ANDROID_RETRANSMIT_BASE 1.4 -#define ANDROID_FRAGMENT_SIZE 1400 typedef struct private_charonservice_t private_charonservice_t; @@ -409,6 +408,14 @@ static void initiate(settings_t *settings) lib->settings->set_str(lib->settings, "charon.plugins.tnc-imc.preferred_language", settings->get_str(settings, "global.language", "en")); + /* this is actually the size of the complete IKE/IP packet, so if the MTU + * for the TUN devices has to be reduced to pass traffic the IKE packets + * will be a bit smaller than necessary as there is no IPsec overhead like + * for the tunneled traffic (but compensating that seems like overkill) */ + lib->settings->set_int(lib->settings, + "charon.fragment_size", + settings->get_int(settings, "global.mtu", + ANDROID_DEFAULT_MTU)); this->creds->clear(this->creds); DESTROY_IF(this->service); @@ -467,8 +474,6 @@ static void set_options(char *logfile) "charon.retransmit_timeout", ANDROID_RETRANSMIT_TIMEOUT); lib->settings->set_double(lib->settings, "charon.retransmit_base", ANDROID_RETRANSMIT_BASE); - lib->settings->set_int(lib->settings, - "charon.fragment_size", ANDROID_FRAGMENT_SIZE); lib->settings->set_bool(lib->settings, "charon.initiator_only", TRUE); lib->settings->set_bool(lib->settings, diff --git a/src/frontends/android/jni/libandroidbridge/charonservice.h b/src/frontends/android/jni/libandroidbridge/charonservice.h index 0c71d876d..8cb68e099 100644 --- a/src/frontends/android/jni/libandroidbridge/charonservice.h +++ b/src/frontends/android/jni/libandroidbridge/charonservice.h @@ -45,6 +45,11 @@ typedef enum android_imc_state_t android_imc_state_t; typedef struct charonservice_t charonservice_t; /** + * Default value for the MTU of TUN device and the size of IKE fragments + */ +#define ANDROID_DEFAULT_MTU 1400 + +/** * VPN status codes. As defined in CharonVpnService.java */ enum android_vpn_state_t { diff --git a/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java b/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java index a79d9f8c1..ffe14491c 100644 --- a/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java +++ b/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java @@ -219,6 +219,7 @@ public class CharonVpnService extends VpnService implements Runnable Log.i(TAG, "charon started"); SettingsWriter writer = new SettingsWriter(); writer.setValue("global.language", Locale.getDefault().getLanguage()); + writer.setValue("global.mtu", mCurrentProfile.getMTU()); writer.setValue("connection.type", mCurrentProfile.getVpnType().getIdentifier()); writer.setValue("connection.server", mCurrentProfile.getGateway()); writer.setValue("connection.username", mCurrentProfile.getUsername()); |