Subject: Re: TCP/IP problem in 1.2
To: Jukka Marin <jmarin@pyy.jmp.fi>
From: Stefan Grefen <grefen@hprc.tandem.com>
List: tech-kern
Date: 07/17/1997 11:49:03
In message <19970716141012.56758@pyy.jmp.fi>  Jukka Marin wrote:
> Houston, we have a problem.
> 
> This is out network configuration:
> 
> --> router <--Ether--> NetBSD_A <--PPP--> NetBSD_B <--Ether--> Win95


The TCP stack sets the DF flag (dont't fragment) so packets greater than
MTU size will not be transmitted (netstat -p ip should show the as 
 'datagrams that can't be fragmented').

You can either increase the MTU on the PPP line or add a -mtu MTU to the
routes going over the PPP-line. (the later doesn't help for forwarded packets)

I think windows uses something over 1500 bytes as MTU so increasing  the MTU
for the PPP line may be you're only options (besides hacking the kernel
to ignore the DF flag ...).

As far as I know www.merita.fi runs an OS that  doesn't do MTU discovery.

The packets below are bigger than PPP MTU so they'll never make it. Merita
does set the DF bit but doesn't back down in size (as it should for MTU
discovery).


> 
> Here's a tcpdump output from NetBSD_B:
> 

[...]

> 14:00:47.229362 www.merita.fi.www > torakka.jmp.fi.1034: . 1:1461(1460) ack 1
> 88 win 8573 (DF)
> 14:00:47.323904 www.merita.fi.www > torakka.jmp.fi.1034: . 1461:2921(1460) ac
> k 188 win 8573 (DF)

[...]

> 14:02:21.340368 www.merita.fi.www > torakka.jmp.fi.1034: . 1:1461(1460) ack 1
> 88 win 8573 (DF)
> 14:05:46.693265 torakka.jmp.fi.1034 > www.merita.fi.www: R 11789672:11789672(
> 0) win 0 (DF)
> 

[...]

> The MTU of the PPP link is set to 576 - after having similar problems a few
> months ago.  Some people are pretty annoyed because they can't connect to
> their bank at all...  Even stanger, NetBSD_B can connect to the same WWW
> server just fine.

Thats because netbas sets the MSS size for TCP to the MTU of the PPP interface,
this only works on the machine with the interface. Normaly a TCP stack 
shouldn't advertise an MSS bigger than 512 if it can't do dynamic MTU discovery.
(MSS = MTU - tcp_header - ip_header).


The bug is in windows and on the merita system. Sending to destinations outside
of the local network with DF set, an MSS > 512 and no dynamic MTU discovery is 
a call for trouble. (A lot of routers ignore the DF bit, thats the practical
approach to ...)

I would patch the kernel to ignore the DF bit. Maybe this should become
an sysctl option or an interface option.

Stefan

> 
> Ideas?
> 
>   -jm the problem finder
> 
> 
> -- 
> 
>                        1503 kHz @ 22:30 EET DST Mon-Fri
> 
>                      ---> http://www.jmp.fi/~jmarin/ <---

--
Stefan Grefen                                Tandem Computers Europe Inc.
grefen@hprc.tandem.com                       High Performance Research Center
If a group of N persons implements a COBOL compiler, there will be N-1
passes.  Someone in the group has to be the manager.
                -- T. Cheatham