aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStefan Winter <stefan.winter@restena.lu>2009-08-23 18:21:25 (GMT)
committerJouni Malinen <j@w1.fi>2009-11-22 18:36:24 (GMT)
commit4506400e9f2ecf0f1ef4aa04963621de95f1cfec (patch)
tree3d45a9f9b42c1cc2697c535739f992bffde6b78c
parent291a7d62f56059b6917d4e1148340341a55e1813 (diff)
downloadhostap-06-4506400e9f2ecf0f1ef4aa04963621de95f1cfec.zip
hostap-06-4506400e9f2ecf0f1ef4aa04963621de95f1cfec.tar.gz
hostap-06-4506400e9f2ecf0f1ef4aa04963621de95f1cfec.tar.bz2
Disable PMTU discovery for RADIUS packets (sent them without DF)
When Linux has Path MTU discovery enabled, it sets by default the DF bit on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger than the smallest MTU size to the target, it will be discarded. This effectively limits RADIUS messages to ~ 1500 Bytes, while they can be up to 4k according to RFC2865. In practice, this can mean trouble when doing EAP-TLS with many RADIUS attributes besides the EAP-Message. [Bug 326] (cherry picked from commit a2fbf12524b78c323fd3e4793b042943834d9d2f)
-rw-r--r--src/radius/radius_client.c24
1 files changed, 22 insertions, 2 deletions
diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c
index 673e97e..31aa743 100644
--- a/src/radius/radius_client.c
+++ b/src/radius/radius_client.c
@@ -917,6 +917,22 @@ static void radius_retry_primary_timer(void *eloop_ctx, void *timeout_ctx)
}
+static int radius_client_disable_pmtu_discovery(int s)
+{
+ int r = -1;
+#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
+ /* Turn off Path MTU discovery on IPv4/UDP sockets. */
+ int action = IP_PMTUDISC_DONT;
+ r = setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, &action,
+ sizeof(action));
+ if (r == -1)
+ wpa_printf(MSG_ERROR, "Failed to set IP_MTU_DISCOVER: "
+ "%s", strerror(errno));
+#endif
+ return r;
+}
+
+
static int radius_client_init_auth(struct radius_client_data *radius)
{
struct hostapd_radius_servers *conf = radius->conf;
@@ -925,8 +941,10 @@ static int radius_client_init_auth(struct radius_client_data *radius)
radius->auth_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
if (radius->auth_serv_sock < 0)
perror("socket[PF_INET,SOCK_DGRAM]");
- else
+ else {
+ radius_client_disable_pmtu_discovery(radius->auth_serv_sock);
ok++;
+ }
#ifdef CONFIG_IPV6
radius->auth_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0);
@@ -975,8 +993,10 @@ static int radius_client_init_acct(struct radius_client_data *radius)
radius->acct_serv_sock = socket(PF_INET, SOCK_DGRAM, 0);
if (radius->acct_serv_sock < 0)
perror("socket[PF_INET,SOCK_DGRAM]");
- else
+ else {
+ radius_client_disable_pmtu_discovery(radius->acct_serv_sock);
ok++;
+ }
#ifdef CONFIG_IPV6
radius->acct_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0);