From owner-freebsd-net@FreeBSD.ORG Tue Sep 21 08:51:08 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A8DA816A4CF for ; Tue, 21 Sep 2004 08:51:08 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA35243D1D for ; Tue, 21 Sep 2004 08:51:07 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 45117 invoked from network); 21 Sep 2004 08:45:21 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.54]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 21 Sep 2004 08:45:21 -0000 Message-ID: <414FEB86.5CA8694F@freebsd.org> Date: Tue, 21 Sep 2004 10:51:18 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Aragon Gouveia References: <20040920184431.GA89606@phat.za.net> <20040921084112.GA21160@phat.za.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Wierd tunnel+MTU issue X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2004 08:51:08 -0000 Aragon Gouveia wrote: > > Hi, > > No, it's not that. No filtering is taking place. I've figured out the > problem, but I'm not sure how to solve it. Here's what I think is the > problem. > > >From a tcpdump transcript: > > 09:56:37.652907 .4185 > .80: S 487952620:487952620(0) win 57344 (DF) [tos 0x10] > 09:56:37.653076 .80 > .4185: S 4069940133:4069940133(0) ack 487952621 win 65535 (DF) > > is my notebook running Apache. As can be seen above, it's > negotiating an MSS of 1452 with the peer, which it should not be doing. The > reason it's doing that is because my default route is via an interface with > an MTU of 1492 - the tun interface opened by userland ppp for the PPPoE > session over my ADSL bridge. > > As I said, I'm using ipfw fwd to source route packets from > (the vtun tunnel interface address) to the vtun tunnel's remote end-point. > But I'm guessing MSS is chosen based on the host's routing table. Which > makes perfect sense. > > So to prove my suspicion I added a route on my notebook as follows: > > route add -host 196.15.a.y > > 196.15.a.y being the vtun tunnel's remote end-point. > > Now the tcpdump transcript looks like this: > > 10:10:21.227506 .2404 > .80: S 996010957:996010957(0) win 57344 (DF) [tos 0x10] > 10:10:21.227717 .80 > .2404: S 2935622965:2935622965(0) ack 996010958 win 65535 (DF) > > The tunnel's interface MTU was set at 1256 when I did this. So the > negotiated MSS is now correct and things are working. > > But I need to be able to route based on source address and ipfw fwd is the > only way I know how to do it. Can anyone think of a clever workaround for > this? Is there a way to force the TCP stack to use a set MSS regardless of > what the routing table and interface MTU say? You are onto something. It seems tcp_output() doesn't handle the error cases it gets from ip_output() all too well these days. I suspect this is the same problem we have in kern/71184. I'll look into it later today. Could you please file a PR with all information you have provided so far and your observations etc. Just merge your emails together and submit it as text. Then give me the PR number so I can take it over. -- Andre