[gnutls-devel] [sr #108715] DTLS send does not respect MTU

Nikos Mavrogiannopoulos INVALID.NOREPLY at gnu.org
Mon Jan 5 19:33:24 CET 2015

Follow-up Comment #5, sr #108715 (project gnutls):

>>   If there is a transport protocol indication (either via ICMP or via a
>>   refusal to send the datagram as in Section 14 of [DCCP]), then the
>>   DTLS record layer MUST inform the upper layer protocol of the error.
>That works only partially. The second part:
>>   or via a refusal to send the datagram
>does work, the push function would return the error and all is well.
>However with datagram sockets, sending an over sized datagram does not always
result in an immediate EMSGSIZE error (at least under linux).

Correct. We rely on the OS for that.

> This ICMP error is not read nor handled in the DTLS layer. The only
indication the caller gets is after the transmission timer expires and GNUTLS
tries to send the packet again.

Indeed. I don't think we can do better than that though. Not with the standard
sockets API at least. I'm open to suggestions on that.

> I might be wrong, but as far as I can see, there is no code that queries the
underlying OS for the MTU (getsockopt IP_MTU under Linux) in case of a
EMSGSIZE, nor does there seem to be any code to adjust the MTU. All of this is
left to the application to handle.

You are correct. There is no generic or cross-platform API to handle that so
the application is responsible to discover and set the MTU. Not sure how
better we can do on that.

>>   -  If repeated retransmissions do not result in a response, and the
>>      PMTU is unknown, subsequent retransmissions SHOULD back off to a
>>      smaller record size, fragmenting the handshake message as
>>      appropriate.  This standard does not specify an exact number of
>>      retransmits to attempt before backing off, but 2-3 seems
>>      appropriate.
> It is arguable if this should be part of the library or not.

I would really have liked to include MTU handling as part of the library.
However, it is very tricky to handle in all cases. There are real world
scenarios where EMSGSIZE is never returned, from the OS because ICMP packets
are blocked from the firewall. That, and the fact that MTU handling is
restricted to handshake only, were the main reason it was not part of the

Having said that, I think it would be a nice idea to add a flag in
gnutls_init() which makes MTU adjustment transparent, for the handshake at


Reply to this item at:


  Message sent via/by Savannah

More information about the Gnutls-devel mailing list