Date: Thu, 26 Jul 2007 15:13:12 +0300 From: Artyom Viklenko <artem@aws-net.org.ua> To: Mihai Tanasescu <mihai@duras.ro> Cc: freebsd-net@freebsd.org Subject: Re: MPD and fragmentation Message-ID: <46A88FD8.5010200@aws-net.org.ua> In-Reply-To: <46A85E54.5090303@duras.ro> References: <46A7B14B.4000603@duras.ro> <46A83A91.9090803@aws-net.org.ua> <46A85E54.5090303@duras.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
Mihai Tanasescu wrote:
> Artyom Viklenko wrote:
>> If you use PF, try to add rule
>>
>> scrub in all fragment rassemble no-df
>>
>> And VERY carefully check your ruleset. May be you block icmp in some
>> place
>> and PMTU doesn't work.
>>
>> As as last resort you can add
>> max-mss <some-size> to scrub rule. <some-size> may be some value in
>> range of 1300-1460.
>>
>> Sometimes it helps.
>>
>
> Tried playing with the pf options.
>
> I have removed from mpd the iface mtu option and now I only have set
> iface mtu 1460.
>
> Still when trying to access www.msn.com (and similar sites) I see with
> tcpdump:
From my systems www.msn.com resolves in 65.54.152.126.
When I connect from my book to my freebsd router with pptp - I see mtu 1396 bytes
on ng interface:
ng5: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1396
inet 192.168.35.254 --> 192.168.35.1 netmask 0xffffffff
I connect to Internet via ADSL/PPPoE which runs to same freebsd router with mpd.
MTU is 1496. In pf I have
scrub in all fragment reassemble no-df max-mss 1452
so, mss is notaffected by max-mss when tcp connection establishes from notebook.
But www.msn.com sends packets with mss = 1356 bytes which corresponds with ng
interface mtu of 1396.
router runs freebsd 5.5 with mpd 3.18 - yes, have plans to upgrade :)
in mpd.conf my pptp server configured with
pptp_std:
set bundle enable compression
set bundle disable multilink
set bundle enable noretry
set bundle max-logins 0
set bundle enable radius-auth
set bundle enable radius-acct
set iface disable on-demand
set iface disable proxy-arp
set iface idle 1800
set iface enable tcpmssfix
set iface mtu 1460
set iface enable radius-idle radius-session radius-route
set link yes acfcomp protocomp
set link yes pap
set link enable chap-md5 chap-msv1 chap-msv2 chap
set link mtu 1460
set link mru 1460
set link keep-alive 10 60
set link max-redial -1
set ipcp yes vjcomp
set ipcp dns 192.168.32.253 192.168.32.254
set ipcp nbns 192.168.32.253
set ipcp ranges 192.168.35.254/32 192.168.35.1/28
set ipcp enable radius-ip
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e56
set ccp yes mpp-e128
set ccp yes mpp-stateless
set pptp enable incoming
set pptp disable originate
set pptp disable windowing
set pptp disable delayed-ack
set radius retries 3
set radius timeout 3
set radius server 192.168.32.253 XXXXXXXXXXXXXXX 1812 1813
set radius me 192.168.32.254
set radius acct-update 300
All works fine. :)
>
> After lowering the MSS from pf the communication started like this:
>
> 11:25:02.980179 IP (tos 0x0, ttl 127, id 31152, offset 0, flags [DF],
> proto: TCP (6), length: 48) 86.105.56.134.65390 > 207.68.183.32.80: S,
> cksum 0x977a (correct), 942644994:942644994(0) win 65535 <mss
> 1300,nop,nop,sackOK>
> (the outgoing mss got lowered to 1300)
>
> 86.105.56.134 = my test IP address on which I'm NAT-ing packets from ng0
> with pf
>
> 11:25:03.190826 IP (tos 0x0, ttl 63, id 40014, offset 0, flags [none],
> proto: TCP (6), length: 44) 207.68.183.32.80 > 86.105.56.134.65390: S,
> cksum 0x5fb4 (correct), 3691466834:3691466834(0) ack 942644995 win 8190
> <mss 1400>
> 11:25:03.191677 IP (tos 0x0, ttl 127, id 31155, offset 0, flags [DF],
> proto: TCP (6), length: 40) 86.105.56.134.65390 > 207.68.183.32.80: .,
> cksum 0x9733 (correct), 1:1(0) ack 1 win 65535
> 11:25:03.192210 IP (tos 0x0, ttl 127, id 31157, offset 0, flags [DF],
> proto: TCP (6), length: 804) 86.105.56.134.65390 > 207.68.183.32.80: P
> 1:765(764) ack 1 win 65535
> 11:25:03.422363 IP (tos 0x0, ttl 63, id 40290, offset 0, flags [DF],
> proto: TCP (6), length: 1440) 207.68.183.32.80 > 86.105.56.134.65390: P
> 1:1401(1400) ack 765 win 8190
> 11:25:03.422417 IP (tos 0x0, ttl 64, id 58490, offset 0, flags [DF],
> proto: ICMP (1), length: 56) 86.105.56.134 > 207.68.183.32: ICMP
> 86.105.56.134 unreachable - need to frag (mtu 1396), length 36
> IP (tos 0x0, ttl 63, id 40290, offset 0, flags [DF], proto: TCP
> (6), length: 1440) 207.68.183.32.80 > 86.105.56.134.65390: [|tcp]
>
> The is the ng0 established MTU:
>
> ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1396
> inet 192.168.1.129 --> 192.168.1.130 netmask 0xffffffff
>
> I have upgraded MPD to 4.2
>
> pkg_info | grep mpd
> mpd-4.2.2 Multi-link PPP daemon based on netgraph(4)
>
> I have disabled windowing:
> set pptp disable windowing
>
> I have enabled the multilink for a test:
> set bundle enable multilink
>
> The Ethernet interface (rl0 - 86.105.56.134) that is used both as the
> endpoint for tunnel connections and for NAT for anything not destined to
> the local net:
> rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>
> Also I'm upgrading the system today from 6.1 to 6.2.
>
> I tried transferring data inside my net without going through the pf NAT
> but unfortunately I'm not seeing any problem here that could help me
> replicate the icmp unreachable need frag mtu 1396 problem.
>
>
> Have you got any more ideas on what I should try ?
--
Sincerely yours,
Artyom Viklenko.
-------------------------------------------------------
artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem
FreeBSD: The Power to Serve - http://www.freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46A88FD8.5010200>