From owner-freebsd-net@FreeBSD.ORG Thu Jul 26 08:41:58 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 61C9816A41B for ; Thu, 26 Jul 2007 08:41:58 +0000 (UTC) (envelope-from mihai@duras.ro) Received: from mail.duras.ro (mail.duras.ro [86.105.56.133]) by mx1.freebsd.org (Postfix) with ESMTP id B824A13C459 for ; Thu, 26 Jul 2007 08:41:57 +0000 (UTC) (envelope-from mihai@duras.ro) Received: from localhost (localhost [127.0.0.1]) by mail.duras.ro (Postfix) with ESMTP id 677E48CD44; Thu, 26 Jul 2007 11:41:58 +0300 (EEST) Received: from mail.duras.ro ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 24444-02; Thu, 26 Jul 2007 11:41:56 +0300 (EEST) Received: from [192.168.1.130] (unknown [192.168.1.130]) by mail.duras.ro (Postfix) with ESMTP id 41B918A2F2; Thu, 26 Jul 2007 11:41:56 +0300 (EEST) Message-ID: <46A85E54.5090303@duras.ro> Date: Thu, 26 Jul 2007 11:41:56 +0300 From: Mihai Tanasescu User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) MIME-Version: 1.0 To: Artyom Viklenko References: <46A7B14B.4000603@duras.ro> <46A83A91.9090803@aws-net.org.ua> In-Reply-To: <46A83A91.9090803@aws-net.org.ua> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (RedHat) at duras.ro Cc: freebsd-net@freebsd.org, mav@freebsd.org Subject: Re: MPD and fragmentation X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2007 08:41:58 -0000 Artyom Viklenko wrote: > Mihai Tanasescu wrote: >> Hello, >> >> >> With help from another FreeBSD user on this list I was able to set up >> an MPD pptp server to allow windows machines to connect to it. >> >> Unfortunately now I've stumbled upon some strange behaviors. >> >> First of all I'm getting icmp losses even if I use a test LAN to make >> a tunnel to the local FBSD machine, but these don't seem to affect my >> transfer rate when trying to get a large file via HTTP from the same >> machine. >> >> What bothers me most is that some sites (like msn.com, microsoft.com, >> etc) don't seem to be loading. >> What I first thought about was the mss problem and so I discovered >> the following: >> >> 22:54:36.633254 IP (tos 0x0, ttl 64, id 14254, offset 0, flags [DF], >> proto: ICMP (1), length: 56) FBSD-IP > 207.68.183.32: ICMP FBSD-IP >> unreachable - need to frag (mtu 1336), length 36 >> >> In my config file I have: >> set iface mtu 1500 >> set link mtu 1440 >> set iface enable tcpmssfix >> >> My full config is posted here: >> http://pastebin.com/m66a3c05f >> My system: >> FreeBSD 6.1-RELEASE-p17 >> MPD 4.1 >> >> I played a bit with the above mentioned values with no luck >> unfortunately. >> I'm still wondering (don't know if I'm right) if a too large packet >> comes from 207.68.183.32 why doesn't it get fragmented upon being >> sent via ng0 -> pptp1 and instead of this happening my machine sends >> an ICMP unreachable back. >> Also I have pf running on that machine with a NAT rule for traffic >> not destined to the local network (but after several experiments with >> that nothing changed in regard to the problem I have). >> >> I'm banging my head against the wall as I don't know what else to try >> anymore. >> >> Can someone help me out ? > > > If you use PF, try to add rule > > scrub in all fragment rassemble no-df > > And VERY carefully check your ruleset. May be you block icmp in some > place > and PMTU doesn't work. > > As as last resort you can add > max-mss to scrub rule. may be some value in > range of 1300-1460. > > Sometimes it helps. > Tried playing with the pf options. I have removed from mpd the iface mtu option and now I only have set iface mtu 1460. Still when trying to access www.msn.com (and similar sites) I see with tcpdump: After lowering the MSS from pf the communication started like this: 11:25:02.980179 IP (tos 0x0, ttl 127, id 31152, offset 0, flags [DF], proto: TCP (6), length: 48) 86.105.56.134.65390 > 207.68.183.32.80: S, cksum 0x977a (correct), 942644994:942644994(0) win 65535 (the outgoing mss got lowered to 1300) 86.105.56.134 = my test IP address on which I'm NAT-ing packets from ng0 with pf 11:25:03.190826 IP (tos 0x0, ttl 63, id 40014, offset 0, flags [none], proto: TCP (6), length: 44) 207.68.183.32.80 > 86.105.56.134.65390: S, cksum 0x5fb4 (correct), 3691466834:3691466834(0) ack 942644995 win 8190 11:25:03.191677 IP (tos 0x0, ttl 127, id 31155, offset 0, flags [DF], proto: TCP (6), length: 40) 86.105.56.134.65390 > 207.68.183.32.80: ., cksum 0x9733 (correct), 1:1(0) ack 1 win 65535 11:25:03.192210 IP (tos 0x0, ttl 127, id 31157, offset 0, flags [DF], proto: TCP (6), length: 804) 86.105.56.134.65390 > 207.68.183.32.80: P 1:765(764) ack 1 win 65535 11:25:03.422363 IP (tos 0x0, ttl 63, id 40290, offset 0, flags [DF], proto: TCP (6), length: 1440) 207.68.183.32.80 > 86.105.56.134.65390: P 1:1401(1400) ack 765 win 8190 11:25:03.422417 IP (tos 0x0, ttl 64, id 58490, offset 0, flags [DF], proto: ICMP (1), length: 56) 86.105.56.134 > 207.68.183.32: ICMP 86.105.56.134 unreachable - need to frag (mtu 1396), length 36 IP (tos 0x0, ttl 63, id 40290, offset 0, flags [DF], proto: TCP (6), length: 1440) 207.68.183.32.80 > 86.105.56.134.65390: [|tcp] The is the ng0 established MTU: ng0: flags=88d1 mtu 1396 inet 192.168.1.129 --> 192.168.1.130 netmask 0xffffffff I have upgraded MPD to 4.2 pkg_info | grep mpd mpd-4.2.2 Multi-link PPP daemon based on netgraph(4) I have disabled windowing: set pptp disable windowing I have enabled the multilink for a test: set bundle enable multilink The Ethernet interface (rl0 - 86.105.56.134) that is used both as the endpoint for tunnel connections and for NAT for anything not destined to the local net: rl0: flags=8843 mtu 1500 Also I'm upgrading the system today from 6.1 to 6.2. I tried transferring data inside my net without going through the pf NAT but unfortunately I'm not seeing any problem here that could help me replicate the icmp unreachable need frag mtu 1396 problem. Have you got any more ideas on what I should try ?