From 575435db73cca045996bad75fbc806c57d74cdfe Mon Sep 17 00:00:00 2001 From: Tinotenda Chingosho Date: Tue, 11 May 2021 08:35:12 -0400 Subject: [PATCH] Squashed commit of the following: commit fd25c8e2812f0716f9358054067cbddd692be7ee Author: Tinotenda Chingosho Date: Tue May 11 12:03:55 2021 +0100 Address review comments - update typo - document new parameter commit e4e106f423c78c299c9dd4d7a7d17d2d6c084170 Author: Tinotenda Chingosho Date: Mon May 10 16:18:57 2021 +0100 Support Configurable MTU - default to 1200 - minmimum value 576 Change-Id: I6cbc03eb7f8198a211d70844c115d162d954dea8 --- daemon/dtls.c | 4 ++-- daemon/main.c | 7 +++++++ daemon/rtpengine.pod | 8 ++++++++ include/main.h | 1 + 4 files changed, 18 insertions(+), 2 deletions(-) diff --git a/daemon/dtls.c b/daemon/dtls.c index d545f38c0..455657dab 100644 --- a/daemon/dtls.c +++ b/daemon/dtls.c @@ -575,9 +575,9 @@ int dtls_connection_init(struct dtls_connection *d, struct packet_stream *ps, in #if defined(SSL_OP_NO_QUERY_MTU) SSL_CTX_set_options(d->ssl_ctx, SSL_OP_NO_QUERY_MTU); - SSL_set_mtu(d->ssl, 1500); + SSL_set_mtu(d->ssl, rtpe_config.dtls_mtu); #if defined(DTLS_set_link_mtu) || defined(DTLS_CTRL_SET_LINK_MTU) || OPENSSL_VERSION_NUMBER >= 0x10100000L - DTLS_set_link_mtu(d->ssl, 1500); + DTLS_set_link_mtu(d->ssl, rtpe_config.dtls_mtu); #endif #endif diff --git a/daemon/main.c b/daemon/main.c index fd3ba17f8..2264c77f6 100644 --- a/daemon/main.c +++ b/daemon/main.c @@ -79,6 +79,7 @@ struct rtpengine_config rtpe_config = { .redis_connect_timeout = 1000, .media_num_threads = -1, .dtls_rsa_key_size = 2048, + .dtls_mtu = 1200, // chrome default mtu .dtls_signature = 256, .max_dtx = 30, .dtx_shift = 5, @@ -477,6 +478,7 @@ static void options(int *argc, char ***argv) { { "jb-clock-drift",0,0, G_OPTION_ARG_NONE, &rtpe_config.jb_clock_drift,"Compensate for source clock drift",NULL }, { "debug-srtp",0,0, G_OPTION_ARG_NONE, &debug_srtp, "Log raw encryption details for SRTP", NULL }, { "dtls-rsa-key-size",0, 0, G_OPTION_ARG_INT,&rtpe_config.dtls_rsa_key_size,"Size of RSA key for DTLS", "INT" }, + { "dtls-mtu",0, 0, G_OPTION_ARG_INT,&rtpe_config.dtls_mtu,"DTLS MTU", "INT" }, { "dtls-ciphers",0, 0, G_OPTION_ARG_STRING, &rtpe_config.dtls_ciphers,"List of ciphers for DTLS", "STRING" }, { "dtls-signature",0, 0,G_OPTION_ARG_STRING, &dtls_sig, "Signature algorithm for DTLS", "SHA-256|SHA-1" }, { "listen-http", 0,0, G_OPTION_ARG_STRING_ARRAY,&rtpe_config.http_ifs,"Interface for HTTP and WS", "[IP46|HOSTNAME:]PORT"}, @@ -722,6 +724,11 @@ static void options(int *argc, char ***argv) { if (rtpe_config.dtls_rsa_key_size < 0) die("Invalid --dtls-rsa-key-size (%i)", rtpe_config.dtls_rsa_key_size); + if (rtpe_config.dtls_mtu < 576) + /* The Internet Protocol requires that hosts must be able to process IP datagrams of at least 576 bytes (for IPv4) or 1280 bytes (for IPv6). + However, this does not preclude link layers with an MTU smaller than this minimum MTU from conveying IP data. Internet IPv4 path MTU is 68 bytes.*/ + die("Invalid --dtls-mtu (%i)", rtpe_config.dtls_mtu); + if (rtpe_config.jb_length < 0) die("Invalid negative jitter buffer size"); diff --git a/daemon/rtpengine.pod b/daemon/rtpengine.pod index b49b777e8..7d2466a9a 100644 --- a/daemon/rtpengine.pod +++ b/daemon/rtpengine.pod @@ -878,6 +878,14 @@ guaranteed that only a single thread will ever read from a particular socket, thus maintaining the order of the packets. Might help when having issues with DTMF packets (RFC 2833). +=item B<--dtls-mtu> + +Set DTLS MTU to enable fragmenting of large DTLS packets. Defaults to 1200. +Minimum value is 576 as the internet protocol requires that hosts must be able to +process IP datagrams of at least 576 bytes (for IPv4) or 1280 bytes (for IPv6). +This does not preclude link layers with an MTU smaller than this minimum MTU from +conveying IP data. Internet IPv4 path MTU is 68 bytes. + =back =head1 INTERFACES diff --git a/include/main.h b/include/main.h index 0c594b863..d63d288f9 100644 --- a/include/main.h +++ b/include/main.h @@ -103,6 +103,7 @@ struct rtpengine_config { int jb_length; int jb_clock_drift; int dtls_rsa_key_size; + int dtls_mtu; char *dtls_ciphers; int dtls_signature; char **http_ifs;