LIT-134 Initial implementation of Path MTU Discovery

expressvpn · Oct 18, 2023 · 6f0f8dc · 6f0f8dc
1 parent de27cfe
commit 6f0f8dc
Show file tree

Hide file tree

Showing 12 changed files with 734 additions and 16 deletions.
diff --git a/ios/Lightway/Lightway.xcodeproj/project.pbxproj b/ios/Lightway/Lightway.xcodeproj/project.pbxproj
@@ -37,6 +37,8 @@
 		DD5977CC25C0FA8400DAB7BF /* he_plugin.h in Headers */ = {isa = PBXBuildFile; fileRef = DD5977CB25C0FA8400DAB7BF /* he_plugin.h */; };
 		DDA0C8C525F1DDFD00B7903F /* memory.h in Headers */ = {isa = PBXBuildFile; fileRef = DDA0C8C325F1DDFD00B7903F /* memory.h */; };
 		DDA0C8C625F1DDFD00B7903F /* memory.c in Sources */ = {isa = PBXBuildFile; fileRef = DDA0C8C425F1DDFD00B7903F /* memory.c */; };
+		DDFE22BF2AD80FAD00172C79 /* pmtud.h in Headers */ = {isa = PBXBuildFile; fileRef = DDFE22BD2AD80FAD00172C79 /* pmtud.h */; };
+		DDFE22C02AD80FAD00172C79 /* pmtud.c in Sources */ = {isa = PBXBuildFile; fileRef = DDFE22BE2AD80FAD00172C79 /* pmtud.c */; };
 		E0300B442A8DDF9800008A0A /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E0300B432A8DDF9800008A0A /* Security.framework */; settings = {ATTRIBUTES = (Required, ); }; };
 /* End PBXBuildFile section */
 
@@ -90,6 +92,8 @@
 		DD5977CB25C0FA8400DAB7BF /* he_plugin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = he_plugin.h; path = ../../include/he_plugin.h; sourceTree = "<group>"; };
 		DDA0C8C325F1DDFD00B7903F /* memory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = memory.h; path = ../../src/he/memory.h; sourceTree = "<group>"; };
 		DDA0C8C425F1DDFD00B7903F /* memory.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = memory.c; path = ../../src/he/memory.c; sourceTree = "<group>"; };
+		DDFE22BD2AD80FAD00172C79 /* pmtud.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = pmtud.h; path = ../../src/he/pmtud.h; sourceTree = "<group>"; };
+		DDFE22BE2AD80FAD00172C79 /* pmtud.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = pmtud.c; path = ../../src/he/pmtud.c; sourceTree = "<group>"; };
 		E0300B432A8DDF9800008A0A /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = Platforms/AppleTVOS.platform/Developer/SDKs/AppleTVOS16.4.sdk/System/Library/Frameworks/Security.framework; sourceTree = DEVELOPER_DIR; };
 /* End PBXFileReference section */
 
@@ -139,6 +143,8 @@
 		9969C5082463D837001960F0 /* Sources */ = {
 			isa = PBXGroup;
 			children = (
+				DDFE22BE2AD80FAD00172C79 /* pmtud.c */,
+				DDFE22BD2AD80FAD00172C79 /* pmtud.h */,
 				91F655FF283B897D00FE71D3 /* utils.c */,
 				91F655FE283B897D00FE71D3 /* utils.h */,
 				DDA0C8C425F1DDFD00B7903F /* memory.c */,
@@ -197,6 +203,7 @@
 				9969C5162463D86E001960F0 /* client.h in Headers */,
 				DD5977C025C0FA6400DAB7BF /* conn.h in Headers */,
 				DDA0C8C525F1DDFD00B7903F /* memory.h in Headers */,
+				DDFE22BF2AD80FAD00172C79 /* pmtud.h in Headers */,
 				9969C50D2463D860001960F0 /* he.h in Headers */,
 				DD5977C125C0FA6400DAB7BF /* plugin_chain.h in Headers */,
 				9969C51C2463D86E001960F0 /* msg_handlers.h in Headers */,
@@ -286,6 +293,7 @@
 				9969C51B2463D86E001960F0 /* core.c in Sources */,
 				DD5977C525C0FA6400DAB7BF /* flow.c in Sources */,
 				9969C51A2463D86E001960F0 /* wolf.c in Sources */,
+				DDFE22C02AD80FAD00172C79 /* pmtud.c in Sources */,
 				9969C5182463D86E001960F0 /* client.c in Sources */,
 				91F65601283B897D00FE71D3 /* utils.c in Sources */,
 				9969C5172463D86E001960F0 /* msg_handlers.c in Sources */,

diff --git a/src/he/conn.c b/src/he/conn.c
@@ -16,20 +16,19 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  */
-
-#include "conn.h"
-#include "conn_internal.h"
-#include "core.h"
-#include "config.h"
-#include "ssl_ctx.h"
-
 #ifndef WOLFSSL_USER_SETTINGS
 #include <wolfssl/options.h>
 #endif
 #include <wolfssl/error-ssl.h>
 #include <wolfssl/ssl.h>
 #include <wolfssl/wolfcrypt/settings.h>
 
+#include "conn.h"
+#include "conn_internal.h"
+#include "core.h"
+#include "config.h"
+#include "ssl_ctx.h"
+#include "pmtud.h"
 #include "memory.h"
 
 bool he_conn_is_error_fatal(he_conn_t *conn, he_return_code_t error_msg) {
@@ -179,10 +178,15 @@ he_return_code_t he_internal_conn_configure(he_conn_t *conn, he_ssl_ctx_t *ctx)
   conn->auth_buf_cb = ctx->auth_buf_cb;
   conn->auth_token_cb = ctx->auth_token_cb;
   conn->populate_network_config_ipv4_cb = ctx->populate_network_config_ipv4_cb;
+  conn->pmtud_time_cb = ctx->pmtud_time_cb;
+  conn->pmtud_state_change_cb = ctx->pmtud_state_change_cb;
 
   // Copy the RNG to allow for generation of session IDs
   conn->wolf_rng = ctx->wolf_rng;
 
+  // Initialize internal variables
+  conn->ping_next_id = 1;
+
   return HE_SUCCESS;
 }
 
@@ -487,7 +491,7 @@ he_return_code_t he_conn_send_keepalive(he_conn_t *conn) {
     return HE_ERR_NULL_POINTER;
   }
 
-  if(conn->state != HE_STATE_ONLINE) {
+  if(conn->state != HE_STATE_ONLINE || conn->pmtud_state != HE_PMTUD_STATE_DISABLED) {
     return HE_ERR_INVALID_CONN_STATE;
   }
 
@@ -1175,3 +1179,38 @@ const char *he_conn_get_curve_name(he_conn_t *conn) {
   }
   return wolfSSL_get_curve_name(conn->wolf_ssl);
 }
+
+he_return_code_t he_conn_start_pmtu_discovery(he_conn_t *conn) {
+  if(!conn) {
+    return HE_ERR_NULL_POINTER;
+  }
+  if(conn->state != HE_STATE_ONLINE) {
+    return HE_ERR_INVALID_CONN_STATE;
+  }
+  if(conn->pmtud_state_change_cb == NULL || conn->pmtud_time_cb == NULL) {
+    return HE_ERR_PMTUD_CALLBACKS_NOT_SET;
+  }
+  if(conn->pmtud_state != HE_PMTUD_STATE_DISABLED) {
+    // PMTUD is already started
+    return HE_SUCCESS;
+  }
+
+  // Enter Base state
+  he_internal_pmtud_start_base_probing(conn);
+
+  return HE_SUCCESS;
+}
+
+uint16_t he_conn_get_effective_pmtu(he_conn_t *conn) {
+  if(!conn || conn->effective_pmtu == 0) {
+    return HE_MAX_MTU;
+  }
+  return conn->effective_pmtu;
+}
+
+he_return_code_t he_conn_pmtud_probe_timeout(he_conn_t *conn) {
+  if(!conn) {
+    return HE_ERR_NULL_POINTER;
+  }
+  return he_internal_pmtud_handle_probe_timeout(conn);
+}
diff --git a/src/he/he_internal.h b/src/he/he_internal.h
@@ -244,7 +244,6 @@ struct he_conn {
   uint8_t pmtud_probe_count;
   uint16_t pmtud_probing_size;
   bool pmtud_is_using_big_step;
-  uint16_t pmtud_probe_next_id;
   uint16_t pmtud_probe_pending_id;
 };
 

diff --git a/src/he/msg_handlers.c b/src/he/msg_handlers.c
@@ -73,13 +73,18 @@ he_return_code_t he_handle_msg_pong(he_conn_t *conn, uint8_t *packet, int length
   // Get the pong message, and ignore it if the id doesn't match
   he_msg_pong_t *pong = (he_msg_pong_t *)packet;
   uint16_t id = ntohs(pong->id);
-  if(id != conn->ping_pending_id) {
+  if(id == conn->ping_pending_id) {
+    // Tell the host application that we received a PONG
+    he_internal_generate_event(conn, HE_EVENT_PONG);
+    return HE_SUCCESS;
+  }
+  if(id == conn->pmtud_probe_pending_id) {
+    // Received ack of a pmtud probe
+    he_internal_pmtud_handle_probe_ack(conn, id);
     return HE_SUCCESS;
   }
 
-  // Tell the host application that we received a PONG
-  he_internal_generate_event(conn, HE_EVENT_PONG);
-
+  // Ignore the pong message
   return HE_SUCCESS;
 }