Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2d0750b2 authored by Maciej Żenczykowski's avatar Maciej Żenczykowski Committed by Automerger Merge Worker
Browse files

Dns over TLS - lower mss for ipv4 by 8 am: 2c10321e

parents 775c74d3 2c10321e
Loading
Loading
Loading
Loading
+13 −17
Original line number Original line Diff line number Diff line
@@ -68,36 +68,32 @@ int waitForWriting(int fd, int timeoutMs = -1) {
}  // namespace
}  // namespace


Status DnsTlsSocket::tcpConnect() {
Status DnsTlsSocket::tcpConnect() {
    if (mServer.protocol != IPPROTO_TCP) return Status(EPROTONOSUPPORT);

    LOG(DEBUG) << mMark << " connecting TCP socket";
    LOG(DEBUG) << mMark << " connecting TCP socket";
    int type = SOCK_NONBLOCK | SOCK_CLOEXEC;
    switch (mServer.protocol) {
        case IPPROTO_TCP:
            type |= SOCK_STREAM;
            break;
        default:
            return Status(EPROTONOSUPPORT);
    }


    mSslFd.reset(socket(mServer.ss.ss_family, type, mServer.protocol));
    mSslFd.reset(socket(mServer.ss.ss_family, SOCK_STREAM | SOCK_NONBLOCK | SOCK_CLOEXEC, 0));
    if (mSslFd.get() == -1) {
    if (mSslFd.get() == -1) {
        PLOG(ERROR) << "Failed to create socket";
        const int err = errno;
        return Status(errno);
        PLOG(ERROR) << "Failed to create socket, errno=" << err;
        return Status(err);
    }
    }


    resolv_tag_socket(mSslFd.get(), AID_DNS, NET_CONTEXT_INVALID_PID);
    resolv_tag_socket(mSslFd.get(), AID_DNS, NET_CONTEXT_INVALID_PID);


    const socklen_t len = sizeof(mMark);
    const socklen_t len = sizeof(mMark);
    if (setsockopt(mSslFd.get(), SOL_SOCKET, SO_MARK, &mMark, len) == -1) {
    if (setsockopt(mSslFd.get(), SOL_SOCKET, SO_MARK, &mMark, len)) {
        const int err = errno;
        const int err = errno;
        PLOG(ERROR) << "Failed to set socket mark";
        PLOG(ERROR) << "Failed to set socket mark, errno=" << err;
        mSslFd.reset();
        mSslFd.reset();
        return Status(err);
        return Status(err);
    }
    }


    // Set TCP MSS to a suitably low value to be more reliable.
    // Set TCP MSS to a suitably low value to be more reliable.
    const int v = 1220;
    const int v = (mServer.ss.ss_family == AF_INET) ? 1212 : 1220;
    if (setsockopt(mSslFd.get(), SOL_TCP, TCP_MAXSEG, &v, sizeof(v)) == -1) {
    if (setsockopt(mSslFd.get(), SOL_TCP, TCP_MAXSEG, &v, sizeof(v))) {
        LOG(WARNING) << "Failed to set TCP_MAXSEG: " << errno;
        const int err = errno;
        LOG(WARNING) << "Failed to set TCP_MAXSEG, errno=" << err;
    }
    }


    const Status tfo = enableSockopt(mSslFd.get(), SOL_TCP, TCP_FASTOPEN_CONNECT);
    const Status tfo = enableSockopt(mSslFd.get(), SOL_TCP, TCP_FASTOPEN_CONNECT);
@@ -112,7 +108,7 @@ Status DnsTlsSocket::tcpConnect() {
                sizeof(mServer.ss)) != 0 &&
                sizeof(mServer.ss)) != 0 &&
            errno != EINPROGRESS) {
            errno != EINPROGRESS) {
        const int err = errno;
        const int err = errno;
        PLOG(WARNING) << "Socket failed to connect";
        PLOG(WARNING) << "Socket failed to connect, errno=" << err;
        mSslFd.reset();
        mSslFd.reset();
        return Status(err);
        return Status(err);
    }
    }