fix GP MTU calculation

author Daniel Lenski <dlenski@gmail.com>

Sun, 9 Jun 2019 21:58:25 +0000 (14:58 -0700)

committer David Woodhouse <dwmw2@infradead.org>

Sun, 9 Jun 2019 23:55:40 +0000 (00:55 +0100)
author Daniel Lenski <dlenski@gmail.com>
Sun, 9 Jun 2019 21:58:25 +0000 (14:58 -0700)
committer David Woodhouse <dwmw2@infradead.org>
Sun, 9 Jun 2019 23:55:40 +0000 (00:55 +0100)
diff --git a/gpst.c b/gpst.c

index 0a621c41827ed717a6f944870a8897e89c8214e2..66f006665a983c59dacb36d780a8a4673d69bbd2 100644 (file)
--- a/gpst.c
+++ b/gpst.c
@@ -374,14 +374,14 @@ static int calculate_mtu(struct openconnect_info *vpninfo, int can_use_esp)
         if (!mtu && can_use_esp) {
                 /* remove ESP, UDP, IP headers from base (wire) MTU */
                 mtu = ( base_mtu - UDP_HEADER_SIZE - ESP_HEADER_SIZE
-                       - 12 /* both supported algos (SHA1 and MD5) have 96-bit MAC lengths (RFC2403 and RFC2404) */
-                       - (vpninfo->enc_key_len ? : 32) /* biggest supported IV (AES-256) */ );
+                       - vpninfo->hmac_out_len
+                       - MAX_IV_SIZE);
                 if (vpninfo->peer_addr->sa_family == AF_INET6)
                         mtu -= IPV6_HEADER_SIZE;
                 else
                         mtu -= IPV4_HEADER_SIZE;
-               /* round down to a multiple of blocksize */
-               mtu -= mtu % (vpninfo->enc_key_len ? : 32);
+               /* round down to a multiple of blocksize (16 bytes for both AES-128 and AES-256) */
+               mtu -= mtu % 16;
                 /* subtract ESP footer, which is included in the payload before padding to the blocksize */
                 mtu -= ESP_FOOTER_SIZE;
author	Daniel Lenski <dlenski@gmail.com>
	Sun, 9 Jun 2019 21:58:25 +0000 (14:58 -0700)
committer	David Woodhouse <dwmw2@infradead.org>
	Sun, 9 Jun 2019 23:55:40 +0000 (00:55 +0100)