tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IPv6 TCP sessions hangs when using PF keep state

On Monday, at 22:26, Greg Troxel wrote:
| > Also, if you are on a host on the LAN behind the gateway, is it
| > possible that the host starts tcp with the correct MSS?
| I don't follow what you are asking.  I saw outgoing SYN packets with mss
| 1440.  That's ok, except that it's too high for the tunnel.

I meant this:
 Host A   --> GW       --> Host B
 MTU 1500     MTU 1480     MTU 1500

Host A sends SYN with MSS 1440, which is not optimal since for every connection
this will eventually drop to 1420 after some ICMP message. From what I
understand from PMTUD, host A should be able to figure out the 1480 MTU. I
don't see this happening.

Even when connecting from GW to Host B, SYN packets from GW are sent with MSS
1440. I don't understand why.

| What I don't understand is why the far side doesn't drop when it gets
| the packet-too-big messsage.

In this situation:
 NetBSD -->  Internet --> Solaris 10
 MTU 1480                 MTU 1500

A SYN packet with MSS 1440 is sent from NetBSD to Solaris. Solaris enventually
gets a "packet too big" from internet. It then starts sending fragments of size
1494, which is correct IMHO. If running PF, those fragments will be dropped.

I mention Solaris explicitly, because Linux has a different behaviour. When it
gets the "packet too big", it seems that it sends smaller regular tcp packets
instead of using fragments.

All in all, nothing like this would be happening if NetBSD would send SYN with
MSS 1420.

| On what system/version?  On a netbsd-5 system, where I did not try to
| set the MTU, 'ifconfig -a' included the line:
|   gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280

This is on i386 -current. I filed

Home | Main Index | Thread Index | Old Index