Date: Thu, 26 Jul 2007 11:41:56 +0300 From: Mihai Tanasescu <mihai@duras.ro> To: Artyom Viklenko <artem@aws-net.org.ua> Cc: freebsd-net@freebsd.org, mav@freebsd.org Subject: Re: MPD and fragmentation Message-ID: <46A85E54.5090303@duras.ro> In-Reply-To: <46A83A91.9090803@aws-net.org.ua> References: <46A7B14B.4000603@duras.ro> <46A83A91.9090803@aws-net.org.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Artyom Viklenko wrote: > Mihai Tanasescu wrote: >> Hello, >> >> >> With help from another FreeBSD user on this list I was able to set up >> an MPD pptp server to allow windows machines to connect to it. >> >> Unfortunately now I've stumbled upon some strange behaviors. >> >> First of all I'm getting icmp losses even if I use a test LAN to make >> a tunnel to the local FBSD machine, but these don't seem to affect my >> transfer rate when trying to get a large file via HTTP from the same >> machine. >> >> What bothers me most is that some sites (like msn.com, microsoft.com, >> etc) don't seem to be loading. >> What I first thought about was the mss problem and so I discovered >> the following: >> >> 22:54:36.633254 IP (tos 0x0, ttl 64, id 14254, offset 0, flags [DF], >> proto: ICMP (1), length: 56) FBSD-IP > 207.68.183.32: ICMP FBSD-IP >> unreachable - need to frag (mtu 1336), length 36 >> >> In my config file I have: >> set iface mtu 1500 >> set link mtu 1440 >> set iface enable tcpmssfix >> >> My full config is posted here: >> http://pastebin.com/m66a3c05f >> My system: >> FreeBSD 6.1-RELEASE-p17 >> MPD 4.1 >> >> I played a bit with the above mentioned values with no luck >> unfortunately. >> I'm still wondering (don't know if I'm right) if a too large packet >> comes from 207.68.183.32 why doesn't it get fragmented upon being >> sent via ng0 -> pptp1 and instead of this happening my machine sends >> an ICMP unreachable back. >> Also I have pf running on that machine with a NAT rule for traffic >> not destined to the local network (but after several experiments with >> that nothing changed in regard to the problem I have). >> >> I'm banging my head against the wall as I don't know what else to try >> anymore. >> >> Can someone help me out ? > > > If you use PF, try to add rule > > scrub in all fragment rassemble no-df > > And VERY carefully check your ruleset. May be you block icmp in some > place > and PMTU doesn't work. > > As as last resort you can add > max-mss <some-size> to scrub rule. <some-size> may be some value in > range of 1300-1460. > > Sometimes it helps. > Tried playing with the pf options. I have removed from mpd the iface mtu option and now I only have set iface mtu 1460. Still when trying to access www.msn.com (and similar sites) I see with tcpdump: After lowering the MSS from pf the communication started like this: 11:25:02.980179 IP (tos 0x0, ttl 127, id 31152, offset 0, flags [DF], proto: TCP (6), length: 48) 86.105.56.134.65390 > 207.68.183.32.80: S, cksum 0x977a (correct), 942644994:942644994(0) win 65535 <mss 1300,nop,nop,sackOK> (the outgoing mss got lowered to 1300) 86.105.56.134 = my test IP address on which I'm NAT-ing packets from ng0 with pf 11:25:03.190826 IP (tos 0x0, ttl 63, id 40014, offset 0, flags [none], proto: TCP (6), length: 44) 207.68.183.32.80 > 86.105.56.134.65390: S, cksum 0x5fb4 (correct), 3691466834:3691466834(0) ack 942644995 win 8190 <mss 1400> 11:25:03.191677 IP (tos 0x0, ttl 127, id 31155, offset 0, flags [DF], proto: TCP (6), length: 40) 86.105.56.134.65390 > 207.68.183.32.80: ., cksum 0x9733 (correct), 1:1(0) ack 1 win 65535 11:25:03.192210 IP (tos 0x0, ttl 127, id 31157, offset 0, flags [DF], proto: TCP (6), length: 804) 86.105.56.134.65390 > 207.68.183.32.80: P 1:765(764) ack 1 win 65535 11:25:03.422363 IP (tos 0x0, ttl 63, id 40290, offset 0, flags [DF], proto: TCP (6), length: 1440) 207.68.183.32.80 > 86.105.56.134.65390: P 1:1401(1400) ack 765 win 8190 11:25:03.422417 IP (tos 0x0, ttl 64, id 58490, offset 0, flags [DF], proto: ICMP (1), length: 56) 86.105.56.134 > 207.68.183.32: ICMP 86.105.56.134 unreachable - need to frag (mtu 1396), length 36 IP (tos 0x0, ttl 63, id 40290, offset 0, flags [DF], proto: TCP (6), length: 1440) 207.68.183.32.80 > 86.105.56.134.65390: [|tcp] The is the ng0 established MTU: ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1396 inet 192.168.1.129 --> 192.168.1.130 netmask 0xffffffff I have upgraded MPD to 4.2 pkg_info | grep mpd mpd-4.2.2 Multi-link PPP daemon based on netgraph(4) I have disabled windowing: set pptp disable windowing I have enabled the multilink for a test: set bundle enable multilink The Ethernet interface (rl0 - 86.105.56.134) that is used both as the endpoint for tunnel connections and for NAT for anything not destined to the local net: rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 Also I'm upgrading the system today from 6.1 to 6.2. I tried transferring data inside my net without going through the pf NAT but unfortunately I'm not seeing any problem here that could help me replicate the icmp unreachable need frag mtu 1396 problem. Have you got any more ideas on what I should try ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46A85E54.5090303>