Clamp MSS to the MTU of the source only.

Currently, tinc clamps MSS to the minimum of the MTU of both the source and the destination of the packet containing the MSS option. This is slightly suboptimal, because both the MTU and the MSS can differ based on the direction of travel. For example, if the MTU from A to B is 1500, and the MTU from B to A is 1000, then tinc will clamp MSS in *both* directions to 960, despite the fact that A to B could use a 1460 MSS. RFC 793 defines the MSS option as follows: If this option is present, then it communicates the maximum receive segment size at the TCP which sends this segment. It follows that the MSS should be clamped to the MTU *to* the *sender* of the MSS segment. It should not be clamped to the MTU to the destination of the MSS segment.
gsliepen · Mar 14, 2015 · da5df5a · da5df5a
1 parent 6568cff
commit da5df5a
Showing 1 changed file with 1 addition and 5 deletions.
diff --git a/src/route.c b/src/route.c
@@ -109,10 +109,6 @@ static void clamp_mss(const node_t *source, const node_t *via, vpn_packet_t *pac
 	if(!source || !via || !(via->options & OPTION_CLAMP_MSS))
 		return;
 
-	uint16_t mtu = source->mtu;
-	if(via != myself && via->mtu < mtu)
-		mtu = via->mtu;
-
 	/* Find TCP header */
 	int start = ether_size;
 	uint16_t type = DATA(packet)[12] << 8 | DATA(packet)[13];
@@ -163,7 +159,7 @@ static void clamp_mss(const node_t *source, const node_t *via, vpn_packet_t *pac
 
 		/* Found it */
 		uint16_t oldmss = DATA(packet)[start + 22 + i] << 8 | DATA(packet)[start + 23 + i];
-		uint16_t newmss = mtu - start - 20;
+		uint16_t newmss = source->mtu - start - 20;
 		uint16_t csum = DATA(packet)[start + 16] << 8 | DATA(packet)[start + 17];
 
 		if(oldmss <= newmss)