Re: [9fans] Re: IP_DF bit and broken connections

Re: [9fans] Re: IP_DF bit and broken connections

[Richard Miller]

> Some routers eat packets with size 1500 (eg.  adsl from telefonica in
> spain) without fragmenting or sending icmps. Too bad.
> ...
> With tcp, Linux has its mtu at 1500 and negotiates its mss of 1460.
> The same does Plan 9, but despite this, Linux sends packets of at most
> 1444 bytes when going through the router and Plan 9 sends up to 1500
> (which IMHO is legitimate)...

Users of ADSL as provided by British Telecom and its resellers have been
advised that "the optimum MTU setting is 1458".

Re: [9fans] Re: IP_DF bit and broken connections

[presotto]

[-- Attachment #1: Type: text/plain, Size: 1490 bytes --]

The only problem is that TCP always sets the DF bit to zero
since it zeros it in the proto header and copies the protoheader
into every packet.

ICMP does screw up by just copying the input header to the output
packet and thus inheriting the DF bit.

I just put new 9/ip/ip.[ch] and 9/ip/icmp.c on sources.

The new ip.c sends back an icmp message if it couldn't forward
the packet because of the DF bit.

It also zero's the frag field when it passes it up the stack so
that no upper level protocol can reflect it back.  The DF should
only remain when we're acting as a router.  There's now
a check and a print to make sure we're not sending a DF bit
for packets originated on the machine.

Nemo, could you try these?  If you are still
sending out anything with DF set, please track it down.  I
don't see how it could have been happening except in ICMP but this
should make it impossible to copy the DF bit from input to output
and complain about any locally generated DF's.

By the way, Linux is probably doing path MTU discovery.  By setting the
DF bit, it gets an ICMP packet bounced back to it when the
packet can't fit at some router without being fragged.  The
system backs off when it gets the ICMP message eventually
discovering the MTU.

If people are using VPN's big time that reduce packet size,
I should probably throw in MTU discovery also.  It's not that
hard to do.  It does have some pretty severe problems though.
Look at rfc's 1191 & 2923.

[-- Attachment #2: Type: message/rfc822, Size: 2675 bytes --]

From: Fco.J.Ballesteros <nemo@plan9.escet.urjc.es>
To: 9fans@cse.psu.edu, paurea@plan9.escet.urjc.es
Subject: [9fans] Re: IP_DF bit and broken connections
Date: Thu, 5 Dec 2002 11:34:56 +0100
Message-ID: <08fdc73b5f22a6134f7ef266a02a68a0@plan9.escet.urjc.es>

This is what we found regarding broken connections when
going through some routers. The setting is

	Plan 9 <-⋯ether⋯-> adsl router <--> Linux.

Linux always sets the DF bit in outgoing packets.
Plan 9 doesnt, but setting it does not change things (we tested that).

Some routers eat packets with size 1500 (eg.  adsl from telefonica in
spain) without fragmenting or sending icmps. Too bad.

With icmp (sized 1500), Linux sends two fragments despite the mtu
being big enough.  We get both fragments in Plan 9 but since they came
with the DF bit set, the reply is dropped by the if in ip.c.
Perhaps once reassembled, the DF bit could be cleared; I don't know.

With tcp, Linux has its mtu at 1500 and negotiates its mss of 1460.
The same does Plan 9, but despite this, Linux sends packets of at most
1444 bytes when going through the router and Plan 9 sends up to 1500
(which IMHO is legitimate). Thus, the linux packets get through and our
1500 packets don't get through. (The connection gets hanged so that
Plan 9 retransmits the poor 1500 packet once and again).

The workaround is simply to adjust the mtu not to reach 1500. Doing so
either on Linux or on Plan 9 lets things work (because the negotiated
mss is smaller).

I don't know how linux discovers that it shouldn't send 1500 bytes.
There are no icmp packets, and the negotiated mss is the same (as I
said before).

[9fans] Re: IP_DF bit and broken connections

[Fco.J.Ballesteros]

This is what we found regarding broken connections when
going through some routers. The setting is

	Plan 9 <-⋯ether⋯-> adsl router <--> Linux.

Linux always sets the DF bit in outgoing packets.
Plan 9 doesnt, but setting it does not change things (we tested that).

Some routers eat packets with size 1500 (eg.  adsl from telefonica in
spain) without fragmenting or sending icmps. Too bad.

With icmp (sized 1500), Linux sends two fragments despite the mtu
being big enough.  We get both fragments in Plan 9 but since they came
with the DF bit set, the reply is dropped by the if in ip.c.
Perhaps once reassembled, the DF bit could be cleared; I don't know.

With tcp, Linux has its mtu at 1500 and negotiates its mss of 1460.
The same does Plan 9, but despite this, Linux sends packets of at most
1444 bytes when going through the router and Plan 9 sends up to 1500
(which IMHO is legitimate). Thus, the linux packets get through and our
1500 packets don't get through. (The connection gets hanged so that
Plan 9 retransmits the poor 1500 packet once and again).

The workaround is simply to adjust the mtu not to reach 1500. Doing so
either on Linux or on Plan 9 lets things work (because the negotiated
mss is smaller).

I don't know how linux discovers that it shouldn't send 1500 bytes.
There are no icmp packets, and the negotiated mss is the same (as I
said before).

Re: [9fans] Re: IP_DF bit and broken connections

[paurea]

> This is what we found regarding broken connections when
> going through some routers. The setting is
>
> 	Plan 9 <-⋯ether⋯-> adsl router <--> Linux.

More precisely, the adsl router is a Speedstream 5600 from
Efficient Technologies.


							Saludos,
									Gorka