Hello, Le 07/30/14 07:42, Gert Doering a écrit : > On Wed, Jul 30, 2014 at 03:15:53AM +0200, Julien Muchembled wrote: >> Le 07/29/14 23:05, Gert Doering a écrit : >>>> For example: >>>> A --[mtu=1500]-- B --[mtu=1400]-- C >>>> >>>> Given a UDP6 socket on A with IPV6_MTU_DISCOVER=IP_PMTUDISC_DO, >>>> sendto(1452 bytes, B) will succeed >>>> but sendto(1452 bytes, C) will return EMSGSIZE (except for the first send >>>> to C) >>>> Yes, at some point, there are icmp packets. >>> >>> So (being lazy again, sorry) how is the maximum message size communicated >>> back to OpenVPN? Ancilliary data again? >> >> ICMP packets contains the size and ping/ping6 even reports it (this is real >> example with mtu=1433 between B & C): > > I know that part, but the ICMP packets are seen by the kernel, not by > OpenVPN. So how does the information arrive in OpenVPN? sendto() fails, > but how does OpenVPN know which max message size will be acceptable?
Although I didn't try all MTU-related options of OpenVPN, it seems to ignore EMSGSIZE. It's not something I planned to study immediately and I don't know how to get the maximum message size programmatically (I could look at the code of ping). What I can say is by only adding '--mtu-disc yes' option, the MTU of the tun/tap interface remains 1500 and does not change automatically to anything else. If a packet is small enough for mtu=1500 but too big for the underlying network, then it's simply dropped. > [..] >> What I've experienced is that fragmentation is bad for perf and that some >> routers on the internet don't route fragmented UDP packets properly, which >> is why I've switched to TCP-only for the moment: >> >> http://git.erp5.org/gitweb/re6stnet.git/commit/cd653523a1474ff9f8956a331c42235454887f65 > > Of course. Having that functionality for IPv6 is a good thing. I was > just trying to understand code that I've not yet had to look into :-) By the way, I forgot to mention that this patch could be a regression for platforms that define IP_MTU_DISCOVER but not IPV6_MTU_DISCOVER. I don't know if such platform exist. Maybe the 'switch' clause added by the patch should be splitted.
