On Sat, Aug 05, 2000 at 02:26:26PM +1000, Roland Turner wrote:
>
> Have you read the docs that Andrew Morton pointed out yesterday?
>
i've read goddamn everything (except the atm rfc's, i wasn't in the
mood)
since neither of you can stick to the questions without trying to
guess what problems i was having: ;)
a bit of background first (for those listening in):
(this is all assuming IPv4, of course)
pppoe (ppp over ethernet) adds an 8 byte overhead (6 bytes header, 2
bytes frame delimiters). thus your mtu (maximum transmissable unit)
(normally 1500 for ethernet) goes to 1492 bytes for a pppoe
connection.
when a router has to forward a packet larger than the mtu its about to
shove it down, it does one of two things:
if the don't fragment (DF) bit is set, it drops the packet and sends
an ICMP "host unreachable - needed to fragment, but don't fragment
bit set. the mtu i was trying to stuff the packet into is xxx" packet
back to the originating host.
otherwise, it fragments the packet into smaller pieces and shoves the
smaller pieces down the pipe.
its more efficient on everyone involved if fragmenting is unecessary,
so TCP sets the DF bit and does "mtu discovery" (it keeps trying the
returned mtu's, until the packet finally gets there)
just to make it a little more efficient, during tcp connection an MSS
(maximum segment size) option is given to the other end. this value is
pretty much always the mru (max receivable unit) of the interface you
are expecting to receive the traffic on. when you send, you use the
lower of the received mss and the mtu of your interface as the initial
value for your mtu discovery.
</tcp 101>
now, the problem:
when i send stuff to/from my adsl box (out the adsl line), it
correctly gives its mss as 1492 to the other side, they use that
instead of their 1500 (assuming they are connected to ethernet), and
everything works fine. (this is why normal single-machine adsl users
don't see any problems)
now, when you are behind a masq'ing box, neither end knows
(immediately) there is a 1492 byte mtu anywhere along the line.
large packets going out of my network, correctly get the icmp error
from my adsl box and try again at 1492, everything happy.
the first large packet coming in however, seems to hang for 2.5
minutes (or so) and then i get a fragmented tcp packet (one 1492, one
8 byte fragments). the rest of the incoming packets are similarly
fragmented but without the delay. interestingly, traffic from
melbourne.cache.telstra.net (the recommended web proxy) is always
fragmented immediately.
mucking about with "traceroute -F {1492,1500}" (from outside the
telstra network to my adsl IP) suggests the packet is getting to 3
hops away from my adsl box, and then disappearing.
i can "fix" it by setting my all my computer's mtu to 1412 or so (to
allow for worst-case tcp options), but that means doing that on every
machine, and its a hack.
(alternatively, i suppose i could write a netfilter module that would
rewrite mss options in both directions. but thats also a hack)
--
- Gus
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
