Bug 72857
Summary: | MSS in the router does not work arourn CIPE dead-connection problem | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Alexandre Oliva <aoliva> |
Component: | kernel | Assignee: | Arjan van de Ven <arjanv> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Brian Brock <bbrock> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 8.0 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | athlon | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-09-30 15:39:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 752980, 1045207, 1045208 | ||
Bug Blocks: |
Description
Alexandre Oliva
2002-08-28 14:39:54 UTC
A new bit of info just came in: the problem seems to be caused by the lack of MASQuerading in ICMP need to fragment packets. The IP address of the target machine remains unchanged, instead of being masqueraded, so the sender of the big packet has no way to tell on which connections to lower the mtu. And iptables' TCPMSS rules seem to be able to `fix' the problem for me. I'll only be able to tell for sure after all PMTUs get dropped from caches all over, but it's looking like it's exactly the right solution for the problem. Unless a connection is set up before the MTU is discovered, in which case there's not much that can be done... I can confirm that adding a line such as this to my gateway's iptables configuration file fixes the problem: [0:0] -A FORWARD -o cipcb0 -p tcp -m tcp --syn -j TCPMSS --clamp-mss-to-pmtu Thanks for the bug report. However, Red Hat no longer maintains this version of the product. Please upgrade to the latest version and open a new bug if the problem persists. The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, and if you believe this bug is interesting to them, please report the problem in the bug tracker at: http://bugzilla.fedora.us/ |