Made starting MTU value for the BIO filter configurable

certs/README.md

@@ -0,0 +1,15 @@
+Certificates
+============
+
+This folder contains a sample certificate and key that you can use in Janus for everything that's related to security, most importantly DTLS-SRTP and, in case you need it (see the deployment instructions in the docs on why you may not), for HTTPS and/or secure WebSockets as well. Please beware that these certificates are just for testing: they're self signed and not certificated by any authority (and certainly not by us!).
+
+You can change the certificates to use in the ```janus.cfg``` settings. Should you want to generate some certificates yourself, refer to the instructions on how to do so that can be found pretty much everywhere.
+
+Please beware, though, that 512 bit certificates should be avoided, as explained in #251.
+
+# Feeling lazy?
+Just as an example and for the lazy (you'll probably find better samples around), here's how you can quickly create a certificate as needed by Janus:
+
+	openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1024 -keyout privateKey.key -out certificate.crt
+
+Just follow the instructions. This will create a private key in ```privateKey.key``` and a certificate in ```certificate.crt```. To use them, update the configuration file ```janus.cfg``` accordingly, to have the ```cert_pem``` and ```cert_key``` in ```[certificates]``` point to the newly created files.

conf/janus.cfg.sample.in

@@ -95,14 +95,16 @@ cert_key = @certdir@/mycert.key
 
 ; Media-related stuff: right now, you can only configure whether you want
 ; to enable IPv6 support (still WIP, so handle with care), the maximum size
-; of the NACK queue for retransmissions per handle and the range of
-; ports to use for RTP and RTCP (by default, no range is envisaged).
+; of the NACK queue for retransmissions per handle the range of ports to
+; use for RTP and RTCP (by default, no range is envisaged) and the
+; starting MTU for DTLS (1472 by default, it adapts automatically).
 ; If you change any setting in the lines below, remember to uncomment the
 ; [media] category as well, which is commented by default!
 ;[media]
 ;ipv6 = true
 ;max_nack_queue = 300
 ;rtp_port_range = 20000-40000
+;dtls_mtu = 1200
 
 
 ; NAT-related stuff: specifically, you can either manually specify the 

dtls-bio.c

@@ -1,7 +1,7 @@
 /*! \file    dtls-bio.h
  * \author   Lorenzo Miniero <[email protected]>
  * \copyright GNU General Public License v3
- * \brief    OpenSSL BIO filter for fragmentation (headers)
+ * \brief    OpenSSL BIO filter for fragmentation
  * \details  Implementation of an OpenSSL BIO filter to fix the broken
  * behaviour of fragmented packets when using mem BIOs (as we do in
  * Janus). See https://mta.openssl.org/pipermail/openssl-users/2015-June/001503.html
@@ -18,12 +18,23 @@
 #include "mutex.h"
 
 
-/* We keep the MTU lower thatn 1472 just to stay on the safe side 
- * NOTE: should we make this configurable in janus.cfg? */
-static int mtu = 1200;
-
+/* Starting MTU value for the DTLS BIO filter */
+static int mtu = 1472;
+void janus_dtls_bio_filter_set_mtu(int start_mtu) {
+	if(start_mtu < 0) {
+		JANUS_LOG(LOG_ERR, "Invalid MTU...\n");
+		return;
+	}
+	mtu = start_mtu;
+	JANUS_LOG(LOG_VERB, "Setting starting MTU in the DTLS BIO filter: %d\n", mtu);
+}
 
 /* Filter implementation */
+int janus_dtls_bio_filter_write(BIO *h, const char *buf,int num);
+long janus_dtls_bio_filter_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+int janus_dtls_bio_filter_new(BIO *h);
+int janus_dtls_bio_filter_free(BIO *data);
+
 static BIO_METHOD janus_dtls_bio_filter_methods = {
 	BIO_TYPE_FILTER,
 	"janus filter",
@@ -102,7 +113,7 @@ long janus_dtls_bio_filter_ctrl(BIO *bio, int cmd, long num, void *ptr) {
 			/* The OpenSSL library needs this */
 			return 1;
 		case BIO_CTRL_DGRAM_QUERY_MTU:
-			/* Let's force a 1200 MTU */
+			/* Let's force the MTU that was configured */
 			JANUS_LOG(LOG_HUGE, "Advertizing MTU: %d\n", mtu);
 			return mtu;
 		case BIO_CTRL_WPENDING:

dtls-bio.h

@@ -17,12 +17,17 @@
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 
-int janus_dtls_bio_filter_write(BIO *h, const char *buf,int num);
-long janus_dtls_bio_filter_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-int janus_dtls_bio_filter_new(BIO *h);
-int janus_dtls_bio_filter_free(BIO *data);
-
 /*! \brief OpenSSL BIO filter for fragmentation constructor */
 BIO_METHOD *BIO_janus_dtls_filter(void);
 
+/*! \brief Set the MTU for the BIO filter
+ * \note The default starting MTU is 1472, in case fragmentation is needed
+ * the OpenSSL DTLS stack automatically decreases it. That said, if
+ * you know for sure the MTU in the network Janus is deployed in is
+ * smaller than that, it makes sense to configure an according value to
+ * start from
+ * @param start_mtu The MTU to start from (1472 by default)
+ */
+void janus_dtls_bio_filter_set_mtu(int start_mtu);
+
 #endif

janus.c

@@ -4403,6 +4403,10 @@ gint main(int argc, char *argv[])
 	if(janus_dtls_srtp_init(server_pem, server_key) < 0) {
 		exit(1);
 	}
+	/* Check if there's any custom value for the starting MTU to use in the BIO filter */
+	item = janus_config_get_item_drilldown(config, "media", "dtls_mtu");
+	if(item && item->value)
+		janus_dtls_bio_filter_set_mtu(atoi(item->value));
 
 #ifdef HAVE_SCTP
 	/* Initialize SCTP for DataChannels */