Opened 8 months ago

Closed 4 months ago

#1452 closed Bug / Defect (fixed)

--mtu-disc yes not working

Reported by: Gert Döring Owned by:
Priority: major Milestone: release 2.6
Component: Generic / unclassified Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: networking, mtu, socket error
Cc:

Description

tried to test "new mssfix/fragment" code, set up --fragment 1000 mtu --mtu-disc yes and reduced MTU on the network path (adding a route with "mtu 800" on the next-hop router).

Router sent ICMP packet, sending Linux box received ICMP packet, put

$ ip route get 199.102.77.82
  199.102.77.82 via 193.149.48.190 dev eno1 src 193.149.48.174 uid 202   
      cache expires 475sec mtu 800

in its route cache (good), and OpenVPN was told

write UDPv4: Message too long (fd=3,code=90)

... but OpenVPN did not actually *do* anything as a consequence, like "update sending MTU".

As this also happens without the "frame" patchset it seems to be a general brokenness - so, revisit these code paths, understand what is supposed to happen ("extended socket error API" seems to be related), and make it work.

Change History (5)

comment:1 Changed 7 months ago by Gert Döring

Patch for "master" is on the list, for initial review

https://patchwork.openvpn.net/patch/2308/

... turns out that our #ifdef mess in "syshead.h" got broken at some point, and misconfigured

#define EXTENDED_SOCKET_ERROR_CAPABILITY 0

when it should be "1" on Linux...

comment:2 Changed 7 months ago by Gert Döring

commit 4225114b96723bdecd68398f7a89765879b31b5d (master)
commit 3e0c506e5d9135ef4b08547db8679cc5bd2a7582 (release/2.5)
commit 4d63d15ef9e1eb34ffdc4028a96f506decced99c (release/2.4)
Author: Gert Doering
Date: Tue Feb 22 12:38:32 2022 +0100

Fix --mtu-disc maybe|yes on Linux.

... this fixed, UDP over IPv4 does the right thing, but UDP over IPv6 still fails...

comment:3 Changed 7 months ago by Gert Döring

possibly this never worked... inside mtu.c, format_extended_socket_error() has

        res = recvmsg(fd, &msg, MSG_ERRQUEUE);

and this fails with "Resource temporarily unavailable (errno=11)"...

... because "extended error message reporting" was never turned on.

Patch in patchwork!

https://patchwork.openvpn.net/patch/2318/

comment:4 Changed 7 months ago by Gert Döring

For reference, 2.4.3 failed with "not supported on this OS" (wtf?), see #909

comment:5 Changed 4 months ago by Gert Döring

Resolution: fixed
Status: newclosed

IPv6 still failed because it was lacking the necessary code. This is now added as a new feature to master/2.6, with these two commits:

commit 043c67f36342969cd171d24c70ee6b62ebc95fee
Author: Gert Doering <gert@…>
Date: Tue Feb 22 15:35:14 2022 +0100

Implement --mtu-disc for IPv6 UDP sockets.

commit c96249696cf6d6217443bc93f8208571f289623e
Author: Gert Doering <gert@…>
Date: Fri May 13 12:15:26 2022 +0200

Pass proper sockaddr_* structure for IPv6 socket errors.

Since this is a new feature, it will not be backported to 2.4/2.5.

Note: See TracTickets for help on using tickets.