From: Frank Cusack <fcusack@fcusack.com>
To: linux-ppp@vger.kernel.org
Subject: Re: ppp-2.4.2 released
Date: Mon, 02 Feb 2004 18:09:56 +0000 [thread overview]
Message-ID: <20040202100956.A7180@google.com> (raw)
In-Reply-To: <16391.33929.908463.444449@cargo.ozlabs.ibm.com>
On Mon, Feb 02, 2004 at 12:56:52PM +0200, Pasi K?rkk?inen wrote:
> Check http://nrg.joroinen.fi/yle.log
>
> It's a tcpdump log from pptp server (running pppd 2.4.2).
>
> The pptp-client tries to load www.yle.fi in the web browser, but the
> pptp-server _rejects_ all the packets coming from www.yle.fi web server.
>
> why? Because the pptp-server ppp-interface MTU is set to x-4, when
> pptp-client ppp-interface mtu is set to x.
> x is the value that is defined in the ppp-server config file.
I see. So the client is not running pppd? This client will send frames
larger than the link MTU. :(
> Basicly the pptp-server tells to web-server (all the time) that the
> web-server needs to fragment the packets, because they cannot fit to the
> ppp-tunnel (and the packets have Dont Fragment-bit set). This is part of the
> PMTUD.
Yes, that is correct operation.
> Now, the problem is, that the web-server is already sending packets which
> have *right* size (the size client told), but the pptp-server rejects them
> because of the ppp-interface MTU is too low (in the pptp server).
The right size? The server is doing PMTU-D (evidenced by DF bit) but
not handling ICMP frag-needed messages. This is broken. Consider that
*any* link in the path could have a smaller MTU. The TCP session will
still have the same MSS because the endpoints don't know about the
smaller MTU (unless they've already performed and cached PMTU-D data
between themselves; I think most implementations do this).
RFC 2923 is some interesting things to say on this subject.
So I'm loathe to "fix" this because pppd is doing the right thing.
If the site in question isn't going to handle ICMP frag-needed, then
it shouldn't be setting DF!
It wouldn't be hard to add an option mppe-broken-pmtu-for-stupid-sites
or something equally nasty sounding. But you will have a problem with
1500 MTU links (as oppposed to the 1400 in your example -- does pptpd
automatically reduce by 100 for some reason?) And you can't fix the
case when some other link has a smaller MTU. I guess there could
be another option capping the point at which the MTU isn't reduced.
Now we're talking about ugly workarounds for someone else's problem.
ugh.
I'd really rather not change correct operation.
/fc
next prev parent reply other threads:[~2004-02-02 18:09 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-16 6:28 ppp-2.4.2 released Paul Mackerras
2004-01-16 8:48 ` Pasi Kärkkäinen
2004-01-16 12:16 ` Clive Nicolson
2004-01-16 16:21 ` Arvin Schnell
2004-01-16 22:57 ` Paul Mackerras
2004-01-16 23:18 ` Bill Unruh
2004-01-16 23:18 ` Paul Mackerras
2004-01-17 10:45 ` Pasi Kärkkäinen
2004-01-18 4:10 ` Jan Dubiec
2004-02-02 9:27 ` Frank Cusack
2004-02-02 9:34 ` Frank Cusack
2004-02-02 10:56 ` Pasi Kärkkäinen
2004-02-02 18:09 ` Frank Cusack [this message]
2004-02-02 23:11 ` James Cameron
2004-02-03 11:17 ` Pasi Kärkkäinen
2004-02-03 11:24 ` Pasi Kärkkäinen
2004-02-03 14:33 ` Frank Cusack
2004-02-03 15:10 ` Pasi Kärkkäinen
2004-02-03 15:13 ` Frank Cusack
2004-02-03 16:24 ` Andy Gay
2004-02-03 16:25 ` Frank Cusack
2004-02-03 22:01 ` James Cameron
2004-02-03 22:11 ` James Cameron
2004-02-04 12:58 ` Pasi Kärkkäinen
2004-02-04 13:00 ` Pasi Kärkkäinen
2004-02-04 13:01 ` Pasi Kärkkäinen
2004-03-02 23:13 ` Bernard Blackham
2004-03-03 9:09 ` Pasi Kärkkäinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040202100956.A7180@google.com \
--to=fcusack@fcusack.com \
--cc=linux-ppp@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.