Addressed copilot's comments

Author: danielinux

docs/API.md

@@ -27,14 +27,15 @@ struct wolfIP_ll_dev {
     uint8_t mac[6];          // Device MAC address
     char ifname[16];         // Interface name
     uint8_t non_ethernet;    // L3-only link (no Ethernet header/ARP when set)
-    uint32_t mtu;            // Optional max frame size, defaults to LINK_MTU
+    uint32_t mtu;            // Optional internal frame budget, defaults to LINK_MTU
     int (*poll)(struct wolfIP_ll_dev *ll, void *buf, uint32_t len);  // Receive function
     int (*send)(struct wolfIP_ll_dev *ll, void *buf, uint32_t len);  // Transmit function
 };
 ```
 wolfIP maintains an array of these descriptors sized by `WOLFIP_MAX_INTERFACES` (default `1`). Call `wolfIP_getdev_ex()` to access a specific slot; the legacy `wolfIP_getdev()` helper targets the first hardware slot (index `0` normally, or `1` when the optional loopback interface is enabled).
 
 When `non_ethernet` is set, the interface is treated as L3-only point-to-point: the stack skips ARP/neighbor resolution, omits Ethernet headers on transmit, and expects receive buffers to begin at the IP header.
+The `mtu` field still describes wolfIP's internal frame budget including Ethernet headroom, so on non-Ethernet links the payload passed to `ll->send()` is effectively capped at `mtu - ETH_HEADER_LEN` on Ethernet-enabled builds.
 
 ### IP Configuration
 ```c
@@ -209,6 +210,7 @@ int wolfIP_mtu_get(struct wolfIP *s, unsigned int if_idx, uint32_t *mtu);
 ```
 Access the link-layer descriptor(s) that should be wired to hardware drivers. `_ex` returns `NULL` if `if_idx` exceeds `WOLFIP_MAX_INTERFACES`.
 `wolfIP_mtu_set()` updates the effective per-interface MTU, treating `0` as the default `LINK_MTU` and clamping to `[LINK_MTU_MIN, LINK_MTU]`. `wolfIP_mtu_get()` returns the effective MTU currently used by the stack.
+For `non_ethernet` devices this value remains the internal frame budget; the maximum IP bytes handed to the driver are reduced by `ETH_HEADER_LEN` when Ethernet support is compiled in.
 
 ## DHCP Client Functions
 

src/test/unit/unit.c

@@ -9233,7 +9233,7 @@ START_TEST(test_arp_queue_packet_uses_empty_slot)
 }
 END_TEST
 
-START_TEST(test_arp_queue_packet_truncates_len)
+START_TEST(test_arp_queue_packet_drops_oversize_len)
 {
     struct wolfIP s;
     uint8_t ip_buf[LINK_MTU];
@@ -9245,7 +9245,8 @@ START_TEST(test_arp_queue_packet_truncates_len)
     memset(ip_buf, 0, sizeof(ip_buf));
 
     arp_queue_packet(&s, TEST_PRIMARY_IF, 0x0A0000A3U, ip, len);
-    ck_assert_uint_eq(s.arp_pending[0].len, LINK_MTU);
+    ck_assert_uint_eq(s.arp_pending[0].len, 0U);
+    ck_assert_uint_eq(s.arp_pending[0].dest, IPADDR_ANY);
 }
 END_TEST
 
@@ -10544,6 +10545,24 @@ START_TEST(test_ll_send_frame_non_ethernet_short_len)
 }
 END_TEST
 
+START_TEST(test_ll_send_frame_drops_oversize)
+{
+    struct wolfIP s;
+    uint8_t buf[ETH_HEADER_LEN + IP_HEADER_LEN + 32];
+
+    wolfIP_init(&s);
+    mock_link_init(&s);
+    ck_assert_int_eq(wolfIP_mtu_set(&s, TEST_PRIMARY_IF,
+            (uint32_t)(sizeof(buf) - 1U)), 0);
+
+    memset(buf, 0, sizeof(buf));
+    last_frame_sent_size = 0;
+
+    wolfIP_ll_send_frame(&s, TEST_PRIMARY_IF, buf, (uint32_t)sizeof(buf));
+    ck_assert_uint_eq(last_frame_sent_size, 0U);
+}
+END_TEST
+
 START_TEST(test_ll_helpers_invalid_inputs)
 {
     struct wolfIP s;
@@ -13816,7 +13835,7 @@ START_TEST(test_tcp_connect_syn_advertises_interface_mss)
 
     wolfIP_init(&s);
     mock_link_init(&s);
-    wolfIP_getdev(&s)->mtu = 640U;
+    ck_assert_int_eq(wolfIP_mtu_set(&s, TEST_PRIMARY_IF, 640U), 0);
     wolfIP_ipconfig_set(&s, 0x0A000001U, 0xFFFFFF00U, 0);
 
     tcp_sd = wolfIP_sock_socket(&s, AF_INET, IPSTACK_SOCK_STREAM, WI_IPPROTO_TCP);
@@ -13843,6 +13862,49 @@ START_TEST(test_tcp_connect_syn_advertises_interface_mss)
 }
 END_TEST
 
+START_TEST(test_tcp_connect_syn_limits_options_to_small_mtu)
+{
+    struct wolfIP s;
+    int tcp_sd;
+    struct tsocket *ts;
+    struct wolfIP_sockaddr_in sin;
+    struct pkt_desc *desc;
+    struct wolfIP_tcp_seg *syn;
+    struct tcp_parsed_opts po;
+    uint32_t mtu = 0;
+
+    wolfIP_init(&s);
+    mock_link_init(&s);
+    ck_assert_int_eq(wolfIP_mtu_set(&s, TEST_PRIMARY_IF, 64U), 0);
+    ck_assert_int_eq(wolfIP_mtu_get(&s, TEST_PRIMARY_IF, &mtu), 0);
+    ck_assert_uint_eq(mtu, 64U);
+    wolfIP_ipconfig_set(&s, 0x0A000001U, 0xFFFFFF00U, 0);
+
+    tcp_sd = wolfIP_sock_socket(&s, AF_INET, IPSTACK_SOCK_STREAM, WI_IPPROTO_TCP);
+    ck_assert_int_gt(tcp_sd, 0);
+    ts = &s.tcpsockets[SOCKET_UNMARK(tcp_sd)];
+
+    memset(&sin, 0, sizeof(sin));
+    sin.sin_family = AF_INET;
+    sin.sin_port = ee16(5006);
+    sin.sin_addr.s_addr = ee32(0x0A000002U);
+    ck_assert_int_eq(wolfIP_sock_connect(&s, tcp_sd,
+            (struct wolfIP_sockaddr *)&sin, sizeof(sin)), -WOLFIP_EAGAIN);
+
+    desc = fifo_peek(&ts->sock.tcp.txbuf);
+    ck_assert_ptr_nonnull(desc);
+    ck_assert_uint_le(desc->len, mtu);
+    syn = (struct wolfIP_tcp_seg *)(ts->txmem + desc->pos + sizeof(*desc));
+
+    memset(&po, 0, sizeof(po));
+    tcp_parse_options(syn, desc->len, &po);
+    ck_assert_int_eq(po.mss_found, 1);
+    ck_assert_int_eq(po.ws_found, 1);
+    ck_assert_int_eq(po.sack_permitted, 0);
+    ck_assert_int_eq(po.ts_found, 0);
+}
+END_TEST
+
 START_TEST(test_sock_sendto_tcp_respects_negotiated_peer_mss)
 {
     struct wolfIP s;
@@ -14018,7 +14080,7 @@ START_TEST(test_sock_sendto_tcp_respects_interface_mtu)
 
     wolfIP_init(&s);
     mock_link_init(&s);
-    wolfIP_getdev(&s)->mtu = 320U;
+    ck_assert_int_eq(wolfIP_mtu_set(&s, TEST_PRIMARY_IF, 320U), 0);
     wolfIP_ipconfig_set(&s, 0x0A000001U, 0xFFFFFF00U, 0);
 
     tcp_sd = wolfIP_sock_socket(&s, AF_INET, IPSTACK_SOCK_STREAM, WI_IPPROTO_TCP);
@@ -17409,7 +17471,7 @@ START_TEST(test_wolfip_ll_frame_mtu_enforces_minimum)
     ll = wolfIP_getdev(&s);
     ck_assert_ptr_nonnull(ll);
 
-    ll->mtu = LINK_MTU_MIN - 1U;
+    ck_assert_int_eq(wolfIP_mtu_set(&s, TEST_PRIMARY_IF, LINK_MTU_MIN - 1U), 0);
     ck_assert_uint_eq(wolfIP_ll_frame_mtu(ll), LINK_MTU_MIN);
 }
 END_TEST
@@ -17507,7 +17569,7 @@ START_TEST(test_wolfip_loopback_send_paths)
 }
 END_TEST
 
-START_TEST(test_wolfip_loopback_send_truncates)
+START_TEST(test_wolfip_loopback_send_drops_oversize)
 {
     struct wolfIP s;
     struct wolfIP_ll_dev *loop;
@@ -17518,10 +17580,10 @@ START_TEST(test_wolfip_loopback_send_truncates)
     ck_assert_ptr_nonnull(loop);
 
     memset(frame, 0xAB, sizeof(frame));
-    ck_assert_int_eq(wolfIP_loopback_send(loop, frame, (uint32_t)sizeof(frame)), LINK_MTU);
+    ck_assert_int_eq(wolfIP_loopback_send(loop, frame, (uint32_t)sizeof(frame)), 0);
 
-    loop->mtu = LINK_MTU_MIN - 1U;
-    ck_assert_int_eq(wolfIP_loopback_send(loop, frame, (uint32_t)sizeof(frame)), LINK_MTU_MIN);
+    ck_assert_int_eq(wolfIP_mtu_set(&s, TEST_LOOPBACK_IF, LINK_MTU_MIN - 1U), 0);
+    ck_assert_int_eq(wolfIP_loopback_send(loop, frame, (uint32_t)sizeof(frame)), 0);
 }
 END_TEST
 
@@ -18994,7 +19056,7 @@ Suite *wolf_suite(void)
 #if WOLFIP_ENABLE_LOOPBACK
     tcase_add_test(tc_utils, test_wolfip_loopback_defaults);
     tcase_add_test(tc_utils, test_wolfip_loopback_send_paths);
-    tcase_add_test(tc_utils, test_wolfip_loopback_send_truncates);
+    tcase_add_test(tc_utils, test_wolfip_loopback_send_drops_oversize);
     tcase_add_test(tc_utils, test_wolfip_loopback_send_null_container);
 #endif
     tcase_add_test(tc_utils, test_wolfip_ipconfig_ex_per_interface);
@@ -19217,6 +19279,7 @@ Suite *wolf_suite(void)
     tcase_add_test(tc_utils, test_forward_packet_filter_drop_udp_icmp);
     tcase_add_test(tc_utils, test_ll_send_frame_non_ethernet_strips);
     tcase_add_test(tc_utils, test_ll_send_frame_non_ethernet_short_len);
+    tcase_add_test(tc_utils, test_ll_send_frame_drops_oversize);
     tcase_add_test(tc_utils, test_ll_helpers_invalid_inputs);
     tcase_add_test(tc_utils, test_non_ethernet_recv_oversize_dropped);
 #endif
@@ -19311,6 +19374,7 @@ Suite *wolf_suite(void)
     tcase_add_test(tc_utils, test_tcp_input_peer_rwnd_growth_sets_writable);
     tcase_add_test(tc_utils, test_tcp_input_synack_negotiates_peer_mss);
     tcase_add_test(tc_utils, test_tcp_connect_syn_advertises_interface_mss);
+    tcase_add_test(tc_utils, test_tcp_connect_syn_limits_options_to_small_mtu);
     tcase_add_test(tc_utils, test_sock_sendto_tcp_respects_negotiated_peer_mss);
     tcase_add_test(tc_utils, test_sock_sendto_tcp_defaults_to_rfc_mss_when_unset_by_peer);
     tcase_add_test(tc_utils, test_sock_sendto_tcp_respects_interface_mtu);
@@ -19414,7 +19478,7 @@ Suite *wolf_suite(void)
     tcase_add_test(tc_proto, test_arp_queue_packet_reuses_existing_slot);
     tcase_add_test(tc_proto, test_arp_queue_packet_same_dest_different_if);
     tcase_add_test(tc_proto, test_arp_queue_packet_uses_empty_slot);
-    tcase_add_test(tc_proto, test_arp_queue_packet_truncates_len);
+    tcase_add_test(tc_proto, test_arp_queue_packet_drops_oversize_len);
     tcase_add_test(tc_proto, test_arp_queue_packet_slot_fallback_zero);
     tcase_add_test(tc_proto, test_arp_flush_pending_no_neighbor);
     tcase_add_test(tc_proto, test_arp_flush_pending_len_zero_clears);

src/wolfip.c

@@ -114,8 +114,10 @@ struct wolfIP_icmp_packet;
 
 #define NO_TIMER 0
 
-#define WI_IP_MTU (LINK_MTU - ETH_HEADER_LEN)
-#define TCP_MSS (WI_IP_MTU - (IP_HEADER_LEN + TCP_HEADER_LEN))
+#define IP_MTU_MAX 1500U
+#define WI_IP_STD_MTU IP_MTU_MAX
+#define WI_IP_MTU WI_IP_STD_MTU
+#define TCP_MSS (WI_IP_STD_MTU - (IP_HEADER_LEN + TCP_HEADER_LEN))
 #define TCP_DEFAULT_MSS 536U
 #define TCP_CTRL_RTO_MAXRTX 6U
 #define TCP_RTO_MAX_BACKOFF 15U  /* Max retries before closing; also clamps shift */
@@ -1248,7 +1250,10 @@ static inline uint32_t wolfIP_ip_mtu(struct wolfIP *s, unsigned int if_idx)
 
     if (mtu <= ETH_HEADER_LEN)
         return 0;
-    return mtu - ETH_HEADER_LEN;
+    mtu -= ETH_HEADER_LEN;
+    if (mtu > IP_MTU_MAX)
+        mtu = IP_MTU_MAX;
+    return mtu;
 }
 
 static inline uint32_t wolfIP_socket_ip_mtu(const struct tsocket *t)
@@ -1297,7 +1302,7 @@ static int wolfIP_loopback_send(struct wolfIP_ll_dev *ll, void *buf, uint32_t le
     if (!s)
         return -1;
     if (copy > wolfIP_ll_frame_mtu(ll))
-        copy = wolfIP_ll_frame_mtu(ll);
+        return 0;
     memcpy(frame, buf, copy);
     wolfIP_recv_on(s, WOLFIP_LOOPBACK_IF_IDX, frame, copy);
     return (int)copy;
@@ -1330,7 +1335,7 @@ static inline void wolfIP_ll_send_frame(struct wolfIP *s, unsigned int if_idx,
         return;
     frame_mtu = wolfIP_ll_frame_mtu(ll);
     if (len > frame_mtu)
-        len = frame_mtu;
+        return;
     if (ll->non_ethernet) {
         if (len <= ETH_HEADER_LEN)
             return;
@@ -2250,6 +2255,8 @@ static void tcp_send_syn(struct tsocket *t, uint8_t flags)
     uint8_t include_sack = 0;
     uint8_t include_ts = 0;
     uint8_t opt_len = 0;
+    uint8_t max_opt_len = 0;
+    uint32_t ip_mtu = wolfIP_socket_ip_mtu(t);
     tcp = (struct wolfIP_tcp_seg *)buffer;
     memset(tcp, 0, sizeof(buffer));
     if (flags & TCP_FLAG_SYN) {
@@ -2265,6 +2272,12 @@ static void tcp_send_syn(struct tsocket *t, uint8_t flags)
             include_ts = t->sock.tcp.ts_offer;
         }
     }
+    if (ip_mtu > (IP_HEADER_LEN + TCP_HEADER_LEN)) {
+        uint32_t opt_budget = ip_mtu - (IP_HEADER_LEN + TCP_HEADER_LEN);
+        if (opt_budget > TCP_MAX_OPTIONS_LEN)
+            opt_budget = TCP_MAX_OPTIONS_LEN;
+        max_opt_len = (uint8_t)opt_budget;
+    }
     tcp->src_port = ee16(t->src_port);
     tcp->dst_port = ee16(t->dst_port);
     tcp->seq = ee32(t->sock.tcp.seq);
@@ -2274,37 +2287,41 @@ static void tcp_send_syn(struct tsocket *t, uint8_t flags)
     tcp->csum = 0;
     tcp->urg = 0;
     opt = tcp->data;
-    if (include_ts) {
-        ts = (struct tcp_opt_ts *)opt;
-        ts->opt = TCP_OPTION_TS;
-        ts->len = TCP_OPTION_TS_LEN;
-        ts->val = ee32(t->S->last_tick & 0xFFFFFFFFU);
-        ts->ecr = t->sock.tcp.last_ts;
-        ts->pad = TCP_OPTION_NOP;
-        ts->eoo = TCP_OPTION_NOP;
-        opt += sizeof(*ts);
-        opt_len += sizeof(*ts);
-    }
-    mss = (struct tcp_opt_mss *)opt;
-    mss->opt = TCP_OPTION_MSS;
-    mss->len = TCP_OPTION_MSS_LEN;
-    mss->mss = ee16((uint16_t)wolfIP_socket_tcp_mss(t));
-    opt += sizeof(*mss);
-    opt_len += sizeof(*mss);
-    if (include_ws) {
+    if (max_opt_len >= sizeof(*mss)) {
+        mss = (struct tcp_opt_mss *)opt;
+        mss->opt = TCP_OPTION_MSS;
+        mss->len = TCP_OPTION_MSS_LEN;
+        mss->mss = ee16((uint16_t)wolfIP_socket_tcp_mss(t));
+        opt += sizeof(*mss);
+        opt_len += sizeof(*mss);
+    }
+    if (include_ws &&
+            ((uint8_t)((opt_len + sizeof(*ws) + 3U) & ~3U) <= max_opt_len)) {
         ws = (struct tcp_opt_ws *)opt;
         ws->opt = TCP_OPTION_WS;
         ws->len = TCP_OPTION_WS_LEN;
         ws->shift = t->sock.tcp.rcv_wscale;
         opt += sizeof(*ws);
         opt_len += sizeof(*ws);
     }
-    if (include_sack) {
+    if (include_sack &&
+            ((uint8_t)((opt_len + TCP_OPTION_SACK_PERMITTED_LEN + 3U) & ~3U) <= max_opt_len)) {
         *opt++ = TCP_OPTION_SACK_PERMITTED;
         *opt++ = TCP_OPTION_SACK_PERMITTED_LEN;
         opt_len += TCP_OPTION_SACK_PERMITTED_LEN;
     }
-    while ((opt_len % 4) != 0 && opt_len < TCP_MAX_OPTIONS_LEN) {
+    if (include_ts && (uint8_t)(opt_len + sizeof(*ts)) <= max_opt_len) {
+        ts = (struct tcp_opt_ts *)opt;
+        ts->opt = TCP_OPTION_TS;
+        ts->len = TCP_OPTION_TS_LEN;
+        ts->val = ee32(t->S->last_tick & 0xFFFFFFFFU);
+        ts->ecr = t->sock.tcp.last_ts;
+        ts->pad = TCP_OPTION_NOP;
+        ts->eoo = TCP_OPTION_NOP;
+        opt += sizeof(*ts);
+        opt_len += sizeof(*ts);
+    }
+    while ((opt_len % 4) != 0 && opt_len < max_opt_len) {
         *opt++ = TCP_OPTION_NOP;
         opt_len++;
     }
@@ -5253,9 +5270,9 @@ static void arp_queue_packet(struct wolfIP *s, unsigned int if_idx, ip4 dest,
     if (!s || len == 0)
         return;
     if (len > LINK_MTU)
-        len = LINK_MTU;
+        return;
     if (len > wolfIP_frame_mtu(s, if_idx))
-        len = wolfIP_frame_mtu(s, if_idx);
+        return;
 
     for (i = 0; i < WOLFIP_ARP_PENDING_MAX; i++) {
         if (s->arp_pending[i].dest == dest && s->arp_pending[i].if_idx == if_idx) {
@@ -5292,8 +5309,11 @@ static void arp_flush_pending(struct wolfIP *s, unsigned int if_idx, ip4 ip)
             pending->dest = IPADDR_ANY;
             continue;
         }
-        if (pending->len > wolfIP_frame_mtu(s, if_idx))
-            pending->len = wolfIP_frame_mtu(s, if_idx);
+        if (pending->len > wolfIP_frame_mtu(s, if_idx)) {
+            pending->dest = IPADDR_ANY;
+            pending->len = 0;
+            continue;
+        }
         {
             struct wolfIP_ip_packet *pkt =
                 (struct wolfIP_ip_packet *)pending->frame;
@@ -6178,11 +6198,14 @@ int wolfIP_poll(struct wolfIP *s, uint64_t now)
             continue;
         do {
             if (ll->non_ethernet) {
+                uint32_t frame_mtu = wolfIP_ll_frame_mtu(ll);
+                if (frame_mtu <= ETH_HEADER_LEN)
+                    break;
 #if ETH_HEADER_LEN > 0
                 memset(buf, 0, ETH_HEADER_LEN);
 #endif
                 len = ll->poll(ll, buf + ETH_HEADER_LEN,
-                        wolfIP_ll_frame_mtu(ll) - ETH_HEADER_LEN);
+                        frame_mtu - ETH_HEADER_LEN);
                 if (len > 0)
                     len += ETH_HEADER_LEN;
             } else {