tunnelmtu 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: cbb39e99dfbd5897b0eaecebc385f68594d586ad9489c7927904879d9bcc614f
+  data.tar.gz: 9105d16c4f10f2afa09ef5eb8dcae4b38c0b539dcc1bf4fda1120aaf2ed1f862
+SHA512:
+  metadata.gz: 01dfc6e9f4b84676d21c2fc71db58068f608895c3de631141b45bfdb7e6b1bd5ca8774e23400da2f84e43368f74ee214057120f0af1ac5ab7aab4a1c9fdc4672
+  data.tar.gz: cba995f38a8eef1a03c04bbc025fe3d2f963ff98e8667b31397a5840dafec681be2ea49d7d022d1d217b77fcb9085ff0f465cb766c7b476125ecbb177ffc82e4

data/LICENSE

@@ -0,0 +1,11 @@
+DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+Version 2, December 2004
+
+Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
+
+Everyone is permitted to copy and distribute verbatim or modified copies of this license document, and changing it is allowed as long as the name is changed.
+
+DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. You just DO WHAT THE FUCK YOU WANT TO.

data/README.md

@@ -0,0 +1,3 @@
+# tunnelmtu
+
+Interactive script that calculates the optimal MTU for tunnel protocols.

data/bin/tunnelmtu

@@ -0,0 +1,261 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+# sharable_constant_value: literal
+
+require 'cli/ui'
+
+def ask_openssl_digest
+  digests = [
+    { name: 'SHA3-512', size: 64 },
+    { name: 'SHA512-256', size: 32 },
+    { name: 'SHA224', size: 28 },
+    { name: 'SHA3-224', size: 28 },
+    { name: 'SHA1', size: 20 },
+    { name: 'SHA3-384', size: 48 },
+    { name: 'RIPEMD160', size: 20 },
+    { name: 'SHA512', size: 64 },
+    { name: 'SHA512-224', size: 28 },
+    { name: 'SHA384', size: 48 },
+    { name: 'SM3', size: 32 },
+    { name: 'SHA3-256', size: 32 },
+    { name: 'MD5', size: 16 },
+    { name: 'BLAKE2s256', size: 32 },
+    { name: 'SHA256', size: 32 },
+    { name: 'BLAKE2b512', size: 64 },
+    { name: 'MD5-SHA1', size: 36 },
+    { name: 'SHA2-256/192', bits: 192 },
+    { name: 'KECCAK-224', size: 28 },
+    { name: 'KECCAK-256', size: 32 },
+    { name: 'KECCAK-384', size: 48 },
+    { name: 'KECCAK-512', size: 64 },
+    { name: 'KECCAK-KMAC-128', size: 32 },
+    { name: 'KECCAK-KMAC-256', size: 64 }
+  ]
+  digests_list = digests.map { |v| v[:name] }
+
+  selected_digest = CLI::UI.ask('Which digest/hash algorithm?', options: digests_list)
+
+  return digests.find { |d| d[:name] == selected_digest }
+end
+
+def ask_openssl_cipher
+  ciphers = [
+    { name: 'AES', iv_size: 16 },
+    { name: 'ARIA', iv_size: 16 },
+    { name: 'CAMELLIA', iv_size: 16 },
+    { name: 'DES', iv_size: 8 }
+  ]
+  ciphers_list = ciphers.map { |v| v[:name] }
+
+  selected_cipher = CLI::UI.ask('Which cipher algorithm?', options: ciphers_list)
+
+  return ciphers.find { |d| d[:name] == selected_cipher }
+end
+
+def get_cbc_mtu(temporary_mtu, in_packet_overhead)
+  return temporary_mtu - in_packet_overhead if (temporary_mtu % 16).zero?
+
+  (temporary_mtu + in_packet_overhead - 1).downto(1) do |i|
+    return i - in_packet_overhead - 1 if (i % 16).zero?
+  end
+end
+
+CLI::UI::StdoutRouter.enable
+CLI::UI.frame_style = :bracket
+
+CLI::UI::Frame.open('Tunneling MTU calculator', color: :cyan) do
+  outer_mtu = CLI::UI.ask('What is the outer MTU?').to_i
+  mtu = outer_mtu
+  explanations = []
+
+  CLI::UI.ask('Which IP protocol is used?') do |handler|
+    handler.option 'IPv6 or Dual-Stack (RECOMMENDED)' do
+      mtu -= 40
+      explanations << { bytes: 40, description: 'IPv6 or Dual-Stack' }
+    end
+
+    handler.option 'IPv4 only' do
+      mtu -= 20
+      explanations << { bytes: 20, description: 'IPv4' }
+    end
+  end
+
+  CLI::UI.ask('Will PPPoE be used for connection?') do |handler|
+    handler.option 'Yes' do
+      mtu -= 8
+      explanations << { bytes: 8, description: 'PPPoE' }
+    end
+    handler.option 'No' do
+    end
+  end
+
+  CLI::UI.ask('Which tunneling protocol would you like to use?') do |handler|
+    handler.option 'fastd' do
+      mtu -= 8
+      explanations << { bytes: 8, description: 'UDP' }
+
+      CLI::UI.ask('Which tunneling mode is used?') do |handler|
+        handler.option 'TUN (layer 3)' do
+          explanations << { bytes: 0, description: 'TUN' }
+        end
+        handler.option 'TAP (layer 2)' do
+          mtu -= 14
+          explanations << { bytes: 14, description: 'TAP' }
+        end
+      end
+
+      CLI::UI.ask('What encryption and authentication method is used?') do |handler|
+        handler.option 'null' do
+          mtu -= 1
+          explanations << { bytes: 1, description: 'null method' }
+        end
+        handler.option 'null@l2tp' do
+          mtu -= 8
+          explanations << { bytes: 8, description: 'null@l2tp method' }
+        end
+        handler.option 'other encryption and authentication method' do
+          mtu -= 24
+          explanations << { bytes: 24, description: 'encryption and authentication method' }
+        end
+      end
+    end
+    handler.option 'WireGuard' do
+      mtu -= 40
+      explanations << { bytes: 8, description: 'UDP' }
+      explanations << { bytes: 32, description: 'WireGuard' }
+    end
+    handler.option('OpenVPN') do
+      CLI::UI.ask('Which transport protocol do you use?') do |handler|
+        handler.option 'UDP' do
+          mtu -= 8
+          explanations << { bytes: 8, description: 'UDP' }
+        end
+        handler.option 'TCP' do
+          mtu -= 60
+          explanations << { bytes: 60, description: 'TCP' }
+        end
+      end
+      CLI::UI.ask('What encryption and authentication method is used?') do |handler|
+        handler.option 'AEAD ciphers / GCM mode (including CHACHA20-POLY1305)' do
+          mtu -= 24
+          explanations << { bytes: 24, description: 'OpenVPN' }
+        end
+        handler.option 'CBC mode' do
+          mtu -= 4
+          explanations << { bytes: 4, description: 'Opcode, Key-ID and Peer-ID' }
+
+          hmac = ask_openssl_digest
+          mtu -= hmac[:size]
+          explanations << { bytes: hmac[:size], description: hmac[:name] }
+
+          cipher = ask_openssl_cipher
+          mtu -= cipher[:iv_size]
+          explanations << { bytes: cipher[:iv_size], description: cipher[:name] }
+
+          CLI::UI.ask('Is a PSK used?') do |handler|
+            handler.option 'Yes, a PSK is used.' do
+              bmtu = mtu
+              mtu = get_cbc_mtu mtu, 8
+              explanations << { bytes: bmtu - mtu, description: 'Padding' }
+
+              explanations << { bytes: 4, description: 'Timestamp' } # subtracted in get_cbc_mtu
+            end
+            handler.option 'No, PSK is not used.' do
+              bmtu = mtu
+              mtu = get_cbc_mtu mtu, 4
+              explanations << { bytes: bmtu - mtu, description: 'Padding' }
+            end
+          end
+
+          explanations << { bytes: 4, description: 'Packet-ID' } # subtracted in get_cbc_mtu
+        end
+        handler.option 'CFB/OFB mode' do
+          mtu -= 4
+          explanations << { bytes: 4, description: 'Opcode, Key-ID and Peer-ID' }
+
+          hmac = ask_openssl_digest
+          mtu -= hmac[:size]
+          explanations << { bytes: hmac[:size], description: hmac[:name] }
+
+          cipher = ask_openssl_cipher
+          mtu -= cipher[:iv_size]
+          explanations << { bytes: cipher[:iv_size], description: cipher[:name] }
+        end
+        handler.option 'No encryption' do
+          mtu -= 4
+          explanations << { bytes: 4, description: 'Opcode, Key-ID and Peer-ID' }
+
+          mtu -= 4
+          explanations << { bytes: 4, description: 'Packet-ID' }
+
+          hmac = ask_openssl_digest
+          mtu -= hmac[:size]
+          explanations << { bytes: hmac[:size], description: hmac[:name] }
+        end
+      end
+    end
+    handler.option('Tinc') do
+      CLI::UI.ask('Which Tinc transfer protocol do you use?') do |handler|
+        handler.option 'SFTPS (Tinc 1.1)' do
+          CLI::UI.ask('Which Tinc protocol version is used?') do |handler|
+            handler.option '17.4 or later (IF IN DOUBT, SELECT THIS)' do
+              # https://github.com/gsliepen/tinc/commit/8dd1c8a020e3babf5054179b0d30e2aa850d2e2b
+              # https://github.com/gsliepen/tinc/blob/940d15c46be812821f134fd7d6333088445b914c/src/net_packet.c#L1293
+              mtu -= 12
+              explanations << { bytes: 12, description: 'Protocol improvements' }
+            end
+            handler.option '17.3 or earlier' do
+            end
+          end
+
+          mtu -= 21
+          explanations << { bytes: 21, description: 'SFTPS' }
+        end
+        handler.option 'Legacy protocol (Tinc 1.0)' do
+          hmac = ask_openssl_digest
+          mtu -= hmac[:size]
+          explanations << { bytes: hmac[:size], description: hmac[:name] }
+
+          cipher = ask_openssl_cipher
+          mtu -= cipher[:iv_size]
+          explanations << { bytes: cipher[:iv_size], description: cipher[:name] }
+
+          bmtu = mtu
+          mtu = get_cbc_mtu mtu, 4
+          explanations << { bytes: bmtu - mtu, description: 'Padding' }
+
+          explanations << { bytes: 4, description: 'Sequence number' } # subtracted in get_cbc_mtu
+        end
+      end
+    end
+    # handler.option('GRE') { |selection| selection }
+    # handler.option('GRETAP') { |selection| selection }
+  end
+
+  CLI::UI::Frame.open('Overhead Breakdown', color: :blue) do
+    puts CLI::UI.fmt '{{bold:Starting Point:}}'
+    puts CLI::UI.fmt "  Outer MTU: {{cyan:#{outer_mtu}}} Bytes\n"
+
+    puts CLI::UI.fmt '{{bold:Overhead Components:}}'
+    explanations.each do |exp|
+      color = if exp[:bytes] > 30
+                'red'
+              else
+                exp[:bytes] > 15 ? 'yellow' : 'green'
+              end
+      puts CLI::UI.fmt "  {{v}} {{bold:#{exp[:description]}:}} {{#{color}:-#{exp[:bytes]}}} Bytes"
+    end
+  end
+
+  CLI::UI::Frame.open('Result', color: :green) do
+    puts CLI::UI.fmt "{{bold:Optimal MTU: {{cyan:#{mtu}}} Bytes}}"
+  end
+
+  if mtu < 1280
+    CLI::UI::Frame.open('Warning', color: :red) do
+      puts CLI::UI.fmt '{{red:{{bold:MTU below 1280 Bytes!}}}}'
+      puts 'IPv6 requires a minimum MTU of 1280 Bytes.'
+      puts 'Fragmentation will be unavoidable.'
+    end
+  end
+end

metadata

@@ -0,0 +1,68 @@
+--- !ruby/object:Gem::Specification
+name: tunnelmtu
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Marek Küthe
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: cli-ui
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.7.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.7.0
+description: Interactive script that calculates the optimal MTU for tunnel protocols.
+email: m.k@mk16.de
+executables:
+- tunnelmtu
+extensions: []
+extra_rdoc_files:
+- LICENSE
+- README.md
+files:
+- LICENSE
+- README.md
+- bin/tunnelmtu
+homepage: https://codeberg.org/mark22k/tunnelmtu
+licenses:
+- WTFPL
+metadata:
+  source_code_uri: https://codeberg.org/mark22k/tunnelmtu
+  bug_tracker_uri: https://codeberg.org/mark22k/tunnelmtu/issues
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.1'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 4.0.4
+specification_version: 4
+summary: Interactive script that calculates the optimal MTU for tunnel protocols.
+test_files: []