From: James Cameron <james.cameron@hp.com>
To: linux-ppp@vger.kernel.org
Subject: Re: ppp-2.4.2 released
Date: Mon, 02 Feb 2004 23:11:59 +0000 [thread overview]
Message-ID: <20040202231159.GB5522@hp.com> (raw)
In-Reply-To: <16391.33929.908463.444449@cargo.ozlabs.ibm.com>
On Mon, Feb 02, 2004 at 12:56:52PM +0200, Pasi K?rkk?inen wrote:
> Check http://nrg.joroinen.fi/yle.log
> It's a tcpdump log from pptp server (running pppd 2.4.2).
The reason why PMTU-D is not working here is that the ICMP "need to
frag" message did not change behaviour of www.yle.fi. The pptp-server
host is doing the right thing in generating this ICMP response; it's how
PMTU-D is supposed to work. The www.yle.fi server should reduce the
MSS and retransmit a shorter packet.
Possible reasons why it isn't working;
- the "need to frag" MTU in the ICMP response by pptp-server is wrong,
(but it says 1396, data segment was 1360, plus 40, so it seems right
to me),
- the ICMP response is not reaching www.yle.fi, (a common problem after
that ICMP propogating worm, many admins shut off ICMP blindly),
- www.yle.fi is ignoring ICMP responses.
> why? Because the pptp-server ppp-interface MTU is set to x-4, when
> pptp-client ppp-interface mtu is set to x.
> x is the value that is defined in the ppp-server config file.
What evidence do you have that the pptp-client ppp-interface MTU is set
to X? Is your evidence just the MSS in the SYN packet?
> Now, the problem is, that the web-server is already sending packets which
> have *right* size (the size client told), but the pptp-server rejects them
> because of the ppp-interface MTU is too low (in the pptp server).
The client cannot know the right size for the path, so it only suggests
an MSS of 1360 during the SYN packet. Where did the client get this
size from? (presumably the client isn't running pppd 2.4.2?)
So even if the pptp-client host is incorrectly setting the interface
MTU, and hence the MSS in the SYN packet, PMTU-D should work to sustain
the connection.
Note that the www.yle.fi is honouring the MSS in the SYN packet.
(While it isn't what you want, there is a hack in iptables that will
clamp the MSS to the PMTU ... "iptables --append FORWARD --protocol tcp
--tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu" or even
"--set-mss 1346" see http://lartc.org/howto/lartc.cookbook.mtu-mss.html)
--
James Cameron http://quozl.netrek.org/
HP Open Source, Volunteer http://opensource.hp.com/
PPTP Client Project, Release Engineer http://pptpclient.sourceforge.net/
next prev parent reply other threads:[~2004-02-02 23:11 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-16 6:28 ppp-2.4.2 released Paul Mackerras
2004-01-16 8:48 ` Pasi Kärkkäinen
2004-01-16 12:16 ` Clive Nicolson
2004-01-16 16:21 ` Arvin Schnell
2004-01-16 22:57 ` Paul Mackerras
2004-01-16 23:18 ` Bill Unruh
2004-01-16 23:18 ` Paul Mackerras
2004-01-17 10:45 ` Pasi Kärkkäinen
2004-01-18 4:10 ` Jan Dubiec
2004-02-02 9:27 ` Frank Cusack
2004-02-02 9:34 ` Frank Cusack
2004-02-02 10:56 ` Pasi Kärkkäinen
2004-02-02 18:09 ` Frank Cusack
2004-02-02 23:11 ` James Cameron [this message]
2004-02-03 11:17 ` Pasi Kärkkäinen
2004-02-03 11:24 ` Pasi Kärkkäinen
2004-02-03 14:33 ` Frank Cusack
2004-02-03 15:10 ` Pasi Kärkkäinen
2004-02-03 15:13 ` Frank Cusack
2004-02-03 16:24 ` Andy Gay
2004-02-03 16:25 ` Frank Cusack
2004-02-03 22:01 ` James Cameron
2004-02-03 22:11 ` James Cameron
2004-02-04 12:58 ` Pasi Kärkkäinen
2004-02-04 13:00 ` Pasi Kärkkäinen
2004-02-04 13:01 ` Pasi Kärkkäinen
2004-03-02 23:13 ` Bernard Blackham
2004-03-03 9:09 ` Pasi Kärkkäinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040202231159.GB5522@hp.com \
--to=james.cameron@hp.com \
--cc=linux-ppp@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).