Re: XFRM / DF Flag / Fragmentation Needed

From: Herbert Xu
Date: Tue Nov 16 2004 - 20:37:37 EST

Next message: Bob Gill: "Re: Boot failure, 2.6.10-rc2 (resolved)"
Previous message: Werner Almesberger: "Re: Generalize prio_tree, 2nd try"
In reply to: Thomas DuBuisson: "XFRM / DF Flag / Fragmentation Needed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thomas DuBuisson <dubu0874@xxxxxxxxxx> wrote:
>
> After A establishes an SSH connection with C and tries to transfer the
> patches the size of a packet from A destined for C is quickly reaches 1500
> while the MTU
> to A is ~1400. At this point A sends an ICMP 'Fragmentation Needed'
> packet to its self (see xfrm_output.c xfrm4_tunnel_check_size(...)). It
> seems this packet is never acted on - it just disappears into the
> loopback interface. The proper mtu trial/error process never takes
> place.

There is a known problem in xfrm4_tunnel_check_size if your underlying
path MTU is a multiple of 8. So if your path MTU is 1480, you'll need
to lower it to 1476 before it will work.

You can query the path MTU using "ip r g <remote-gateway>". If it
is a multiple of 8, you can change it by doing

ip r a <remote-gateway> ... mtu <current-mtu - 4>
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bob Gill: "Re: Boot failure, 2.6.10-rc2 (resolved)"
Previous message: Werner Almesberger: "Re: Generalize prio_tree, 2nd try"
In reply to: Thomas DuBuisson: "XFRM / DF Flag / Fragmentation Needed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]