Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-25 08:48:31 -05:00
Code Issues Projects Releases Wiki Activity

Disable PMTU discovery for RADIUS packets (sent them without DF)

Browse Source 
When Linux has Path MTU discovery enabled, it sets by default the DF bit
on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger
than the smallest MTU size to the target, it will be discarded.

This effectively limits RADIUS messages to ~ 1500 Bytes, while they can
be up to 4k according to RFC2865. In practice, this can mean trouble
when doing EAP-TLS with many RADIUS attributes besides the EAP-Message.
[Bug 326]
This commit is contained in:
Jouni Malinen 2009-08-23 21:32:27 +03:00
parent a2fbf12524
commit 5cd89c26f9
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/radius/radius_server.c
View File

@ -765,6 +765,22 @@ fail:
}
static int radius_server_disable_pmtu_discovery(int s)
{
int r = -1;
#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
/* Turn off Path MTU discovery on IPv4/UDP sockets. */
int action = IP_PMTUDISC_DONT;
r = setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, &action,
sizeof(action));
if (r == -1)
wpa_printf(MSG_ERROR, "Failed to set IP_MTU_DISCOVER: "
"%s", strerror(errno));
#endif
return r;
}
static int radius_server_open_socket(int port)
{
int s;
@ -776,6 +792,8 @@ static int radius_server_open_socket(int port)
return -1;
}
radius_server_disable_pmtu_discovery(s);
os_memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(port);