Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932414AbaBKUUv (ORCPT ); Tue, 11 Feb 2014 15:20:51 -0500 Received: from fep16.mx.upcmail.net ([62.179.121.36]:42560 "EHLO fep16.mx.upcmail.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755951AbaBKUUs (ORCPT ); Tue, 11 Feb 2014 15:20:48 -0500 X-SourceIP: 77.56.27.120 X-Authenticated-Sender: odi.ch@hispeed.ch Message-ID: <52FA8618.5030509@odi.ch> Date: Tue, 11 Feb 2014 21:20:40 +0100 From: =?UTF-8?B?T3J0d2luIEdsw7xjaw==?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Hannes Frederic Sowa CC: linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: Re: xfrm: is pmtu broken with ESP tunneling? References: <52F890D2.2060109@odi.ch> <20140211023258.GC11150@order.stressinduktion.org> In-Reply-To: <20140211023258.GC11150@order.stressinduktion.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 02/11/2014 03:32 AM, Hannes Frederic Sowa wrote: >> net.ipv4.ip_no_pmtu_disc=1. > > This setting will shrink the path mtu to min_pmtu when a frag needed icmp is > received. The UDP+ESP encapsulation adds 60 bytes to the original packet size. ifconfig wla0 shows an mtu of 1500. The size of the first big packet on the interface: net.ipv4.ip_no_pmtu_disc=1: packet length is 1300 net.ipv4.ip_no_pmtu_disc=0: packet length is 1500 Length is without the ESP wrapper and UDP encapsulation. The packets are so big that they can't even leave the wireless interface and never show up on the router. So no ICMP packets are received. PMTU can't work with initial packets of that size. dump question: which layer discard these packets? qdisc? why no notification to the sender? When I increase the mtu of the interface to 2000 with ifconfig, then I start seeing ICMP fragmentation needed from the next hop, indicating 1500 as the mtu as response to a 1560 byte UDP[ESP] packet. The next UDP[ESP] packet is shorter: 1360 bytes. It gets hard to see what's going on after that, but the connection is still not working. So, instead of somehow losing these packets on the way out of the interface should the kernel not start with a lower mtu in the first place? Now it seems it is trying with the maximum of the interface and expecting to scale down with pmtu - which can ever happen. > Can you send a ip route get to the problematic target to see how > far off the calculated value is? That command doesn't return anything useful. No hint on the mtu here. BTW, instead of disabling pmtu, setting mtu explicitly also helps: ip route add 10.6.6.0/24 via ${localip} mtu 1300 Thanks, Ortwin -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/