mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 02:15:40 +01:00
Limit MTU by maximum fragment length setting
By the standard (RFC 6066, Sect. 4), the Maximum Fragment Length (MFL) extension limits the maximum record payload size, but not the maximum datagram size. However, not inferring any limitations on the MTU when setting the MFL means that a party has no means to dynamically inform the peer about MTU limitations. This commit changes the function ssl_get_remaining_payload_in_datagram() to never return more than MFL - { Total size of all records within the current datagram } thereby limiting the MTU to MFL + { Maximum Record Expansion }.
This commit is contained in:
parent
554b0af195
commit
f4b010efc4
@ -146,6 +146,20 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl
|
||||
|
||||
if( max_len > mfl )
|
||||
max_len = mfl;
|
||||
|
||||
/* By the standard (RFC 6066 Sect. 4), the MFL extension
|
||||
* only limits the maximum record payload size, so in theory
|
||||
* we would be allowed to pack multiple records of payload size
|
||||
* MFL into a single datagram. However, this would mean that there's
|
||||
* no way to explicitly communicate MTU restrictions to the peer.
|
||||
*
|
||||
* The following reduction of max_len makes sure that we never
|
||||
* write datagrams larger than MFL + Record Expansion Overhead.
|
||||
*/
|
||||
if( max_len <= ssl->out_left )
|
||||
return( 0 );
|
||||
|
||||
max_len -= ssl->out_left;
|
||||
#endif
|
||||
|
||||
ret = ssl_get_remaining_space_in_datagram( ssl );
|
||||
|
Loading…
Reference in New Issue
Block a user