similar to: MTU, PMTU & DF flag

On Thu, May 14, 2015 at 10:12:40 +0200, Florent B wrote: > On 05/13/2015 05:00 PM, Guus Sliepen wrote: > > I have no experience with Ubuntu, but I find it hard to believe it would > > block ICMP Fragmentation Needed packets out of the box. > > I can confirm you that this is the case. Ubuntu ignores those ICMP > packets... :( (rp_filter settings) > > You can see it

On Wed, May 13, 2015 at 04:41:30PM +0200, Florent B wrote: > I have MTU problems when all these conditions are true: > - a client is running Ubuntu (ICMP messages about PMTUd are ignored on > it by default) I have no experience with Ubuntu, but I find it hard to believe it would block ICMP Fragmentation Needed packets out of the box. > - a client is accessing us from a particular

Hi all, I have two nodes, connected to a switch, using Tinc 1.1 from git. They connect each other with sptps, and to other nodes in the Internet with old protocol because they have Tinc 1.0. There is no problem with remote nodes, but between my 2 local nodes, they see 1518 PMTU. But local network is 1500 MTU !!! So nodes can ping each other but larger data does not go. test1=sllm1 test2=sllm2

Hi Guus, while checking the source code, I stumbled upon PMTU Discovery. I've got a question regarding the process of sending/receiving PMTU packets. As I understand, the packet flow is like this: 1 .Tinc creates a packet with a specific payload length to send it as an PMTU probe. (The data part is just some random bytes.) 2. This packet gets compressed and sent

Hi, I get de following error messages in the logfile: var/log/tinc.ci1070300036.log:2011-08-16 14:12:54 tinc.ci1070300036[10834]: Possible node with same Name as us! Sleeping 10 seconds. I know that i don't have duplicate node names. But i see some strange node names: Al my node names start with ci but there is a node a did not create my self, and that is ca1070300036 How can i remove

Hi there, I am experiencing an annoying but not critical issue with (I think) tinc's internal routing. My setup is this: HostA (local. ConnectTo = HostC) HostB (geographically close. ConnectTo = HostC) HostC (far away. ConnectTo = nothing) Without tinc, pings from HostA to HostB take around 10ms, and from HostA/B to HostC around 200ms. With tinc, pings from HostA to HostB take nearly

Hi, I've got a relatively simple tinc setup. I've got two "servers" that are on the public internet that act as routers for three "clients" that are behind NATs. Those servers are called aaaaa and bbbbb the clients are xxxxx, yyyyy and zzzzz Unfortunatly the servers have problems accepting a connection from the clients syslog on aaaaa: Sep 29 18:28:58 schuerrer

Dear Guus, while improving the PMTU Discovery algorithm, I found the following behavior in the method "send_udppacket": 1) The code checks, whether the data size is smaller than the MTU, thus if it fits into a single UDP packet. If not, you send the packet via TCP. 2) The data is compressed, changing its size. (Usually, making it smaller, but that's not always

Hi Guus and List, Since the CVE-2013-1428 was announced, I followed the recommendation to update my windows machines to tinc1.1pre7. I've had connectivity issues since upgrading. I've done some debugging but I can't figure out when or why its happening. All machines on the network are running Windows 7 or Windows 2008R2 Enterprise server and tinc 1.1pre7. I've got one master

We have an issue with some customers who refuse to accept ICMP traffic to their mail servers. It seems that they have put Mordac, preventer of information services in charge of their firewall policy (http://en.wikipedia.org/wiki/List_of_minor_characters_in_Dilbert#Mordac). My mail logs are showing that customers who specifically disallow ICMP traffic have many "Connection Reset"

Hi, I'm sometimes getting a failure of connecting 2 nodes when Tinc is started and configured in a LAN. In the logs, there are some unexpected dropped packets with very high or negative seq. I can reproduce this issue ~2% of the time. When this happens, the 2 nodes can no longer ping or ssh each other through the tunnel interface but using eth0 works fine. The connection can recover after at

Hello, all! I have many questions about tap device architecture. What is a right way to calc mtu on TAP device to avoid fragmentation on real eth device? I suppose TAP MTU = 1500-8(UDP)-20(IP)-18(Ethernet) = 1454. So I'd set 1454 for tap device: "ip link set mtu 1454 dev eth0" I'm not shure about what is the exact size of ethernet frame header, which tap device use in switch

Hello, I'm running a tinc network including dozens of nodes in switch mode. Some are running stable branch 1.0, while a small set of nodes are running 1.1 with ed25519 support. I discovered some routing issue between two nodes: (names are hidden) A (1.1): ConnectTo = B ConnectTo = C IndirectData = yes Mode = Switch B (1.0): Mode = Switch C (1.1 but only with RSA key): Mode = Switch

Hello, I try to set up my Linux 2.4.x system to respond by "ICMP Destination Unreachable message" subtype 4 ("fragmentation needed and DF set") in order to support the Path MTU Discovery (RFC 1191) as a router. There is any /proc/xxx parameter to do this? Thanks Mugur _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl

https://bugzilla.netfilter.org/show_bug.cgi?id=662 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED CC| |netfilter at linuxace.com Resolution|

While working on SPTPS UDP relaying I realized that there is one issue I didn't account for, which is that the sending node only knows the PMTU to the first relay node. It doesn't know the PMTU of the entire relay path beyond the first hop, because the relay nodes don't provide their own PMTU information over the metaprotocol. Now, in the legacy protocol this is not really an issue,

https://bugzilla.netfilter.org/show_bug.cgi?id=1058 Bug ID: 1058 Summary: Add clamp MSS to MTU Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

current content below is annotated by some suggestions of things to add along with questions for those who know more than I do [in brackets] ================ # iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu This calculates the proper MSS for your link. [If I understand the code correctly ... - expert intervention invited] More precisely, this sets the

Hi, I''m trying to make a shaper / firewall to improve sharing of bandwidth on a ADSL (3mbit down / ½ mbit up) Since the ADSL is very asymmetric, down is unimportant, I make a ingress rate limit shaper to ensure, all shaping is at the Shaper, and not on the Router or the ISP. The Idea is then to make one HTB hierarchy and have each client (IP) filtererd and put in a child-HTB queue.

Dear Guus, I've attached my first git commit to your repository. It does not contain any new functionalities, but it is a first try to interact with your git copy. Could you please verify, if you can push this commit to your repository? If it works, I'll send you the rest of my work, which contains: 1) some small improvements in logging (using flags instead of counters) 2) the