Re: ppp-2.4.2 released

["Pasi Kärkkäinen" <pasik@iki.fi>]

On Tue, Feb 03, 2004 at 10:11:59AM +1100, James Cameron wrote:
> On Mon, Feb 02, 2004 at 12:56:52PM +0200, Pasi K?rkk?inen wrote:
> > Check http://nrg.joroinen.fi/yle.log
> > It's a tcpdump log from pptp server (running pppd 2.4.2).
> 
> The reason why PMTU-D is not working here is that the ICMP "need to
> frag" message did not change behaviour of www.yle.fi.  The pptp-server
> host is doing the right thing in generating this ICMP response; it's how
> PMTU-D is supposed to work.  The www.yle.fi server should reduce the
> MSS and retransmit a shorter packet.
> 

The reason why www.yle.fi is not reducing the size, is that the size already
is what the client told (mss+headers). I think so..

> Possible reasons why it isn't working;
> 
> - the "need to frag" MTU in the ICMP response by pptp-server is wrong,
>   (but it says 1396, data segment was 1360, plus 40, so it seems right
>   to me),
> 

Yep. 

> - the ICMP response is not reaching www.yle.fi, (a common problem after
>   that ICMP propogating worm, many admins shut off ICMP blindly),
> 

ICMP is working well between the sites.. and the fragmentation needed packets
are going to to the www.yle.fi web server.

> - www.yle.fi is ignoring ICMP responses.
>

Hmm.. I don't think so. 

btw. the same web site works well with win2k-server's pptp server.
 

> > why? Because the pptp-server ppp-interface MTU is set to x-4, when
> > pptp-client ppp-interface mtu is set to x. 
> > x is the value that is defined in the ppp-server config file.
> 
> What evidence do you have that the pptp-client ppp-interface MTU is set
> to X?  Is your evidence just the MSS in the SYN packet?
> 

Yep. If I understood the code right, only the MTU of the interface is
changed, but the client get's the MTU specified in the config file.. ?

> > Now, the problem is, that the web-server is already sending packets which
> > have *right* size (the size client told), but the pptp-server rejects them
> > because of the ppp-interface MTU is too low (in the pptp server). 
> 
> The client cannot know the right size for the path, so it only suggests
> an MSS of 1360 during the SYN packet.  Where did the client get this
> size from?  (presumably the client isn't running pppd 2.4.2?)
>

The client in this case was winxp. I think it calculates the MSS from the
MTU/MRU of the PPP link.
 
> So even if the pptp-client host is incorrectly setting the interface
> MTU, and hence the MSS in the SYN packet, PMTU-D should work to sustain
> the connection.
>

I think so too. but www.yle.fi web server doesn't want to go below
mss (told by the client) + headers.
 
> Note that the www.yle.fi is honouring the MSS in the SYN packet.
>

Yep, it is.
 
> (While it isn't what you want, there is a hack in iptables that will
> clamp the MSS to the PMTU ... "iptables --append FORWARD --protocol tcp 
> --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu" or even
> "--set-mss 1346" see http://lartc.org/howto/lartc.cookbook.mtu-mss.html)
> 

I'll take a look at this. Thanks.

-- Pasi Kärkkäinen
       
                                   ^
                                .     .
                                 Linux
                              /    -    \
                             Choice.of.the
                           .Next.Generation.