[openssl-dev] Calculating DTLS payload MTU
Matt Caswell
matt at openssl.org
Wed Oct 5 21:57:38 UTC 2016
On 05/10/16 22:51, David Woodhouse wrote:
> On Wed, 2016-10-05 at 21:29 +0100, Matt Caswell wrote:
>> Hmmmm....well its not constant even by cipher. It depends on the
>> transport (IPv6 has a bigger overhead than IPv4).
>
> That is included in d1->link_mtu (DTLS_set_link_mtu()) but is not
> included in d1->mtu (SSL_set_mtu()).
>
> Even when we let DTLS autodetect by using BIO_CTRL_DGRAM_QUERY_MTU, it
> gets a value without the (assumed) IP/UDP overhead, which goes straight
> into d1->mtu.
>
> The "link MTU" thing is purely a special case for application
> convenience. AFAICT we only *ever* use it by subtracting the
> BIO_CTRL_DGRAM_GET_MTU_OVERHEAD value (which again assumes UDP not
> SCTP) and then dealing with d1->mtu thereafter.
That is not correct. It *is* defined for SCTP. It's just defined to be
zero (because SCTP allows fragmentation so MTUs are kind of irrelevant
anyway).
>
> So let's forget all about the "link MTU" and the IP/UDP overhead for
> now. They are an orthogonal issue.
>
>> So why not:
>>
>> DTLS_get_data_mtu(SSL *s)
>
> Yeah. OK. And I don't think we need a DTLS_set_data_mtu(). If the
> application knows the largest data payload it'll ever send... who cares
> about telling OpenSSL the MTU? Just call SSL_set_mtu(s, 65536) and then
> send what you like.
Fair enough.
Matt
More information about the openssl-dev
mailing list