aboutsummaryrefslogtreecommitdiffstats
path: root/src/radius
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2009-08-23 21:32:27 +0300
committerJouni Malinen <j@w1.fi>2009-08-23 21:32:27 +0300
commit5cd89c26f952a6cd6fca4b55d52fe849e7483a62 (patch)
tree54e6117528d04af803de183fcb17ad887999a976 /src/radius
parenta2fbf12524b78c323fd3e4793b042943834d9d2f (diff)
downloadexternal_wpa_supplicant_8_ti-5cd89c26f952a6cd6fca4b55d52fe849e7483a62.zip
external_wpa_supplicant_8_ti-5cd89c26f952a6cd6fca4b55d52fe849e7483a62.tar.gz
external_wpa_supplicant_8_ti-5cd89c26f952a6cd6fca4b55d52fe849e7483a62.tar.bz2
Disable PMTU discovery for RADIUS packets (sent them without DF)
When Linux has Path MTU discovery enabled, it sets by default the DF bit on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger than the smallest MTU size to the target, it will be discarded. This effectively limits RADIUS messages to ~ 1500 Bytes, while they can be up to 4k according to RFC2865. In practice, this can mean trouble when doing EAP-TLS with many RADIUS attributes besides the EAP-Message. [Bug 326]
Diffstat (limited to 'src/radius')
-rw-r--r--src/radius/radius_server.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index 1bfb93c..f691752 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -765,6 +765,22 @@ fail:
}
+static int radius_server_disable_pmtu_discovery(int s)
+{
+ int r = -1;
+#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
+ /* Turn off Path MTU discovery on IPv4/UDP sockets. */
+ int action = IP_PMTUDISC_DONT;
+ r = setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, &action,
+ sizeof(action));
+ if (r == -1)
+ wpa_printf(MSG_ERROR, "Failed to set IP_MTU_DISCOVER: "
+ "%s", strerror(errno));
+#endif
+ return r;
+}
+
+
static int radius_server_open_socket(int port)
{
int s;
@@ -776,6 +792,8 @@ static int radius_server_open_socket(int port)
return -1;
}
+ radius_server_disable_pmtu_discovery(s);
+
os_memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(port);