Opened 2 years ago
Closed 2 years ago
#1452 closed Bug / Defect (fixed)
--mtu-disc yes not working
| Reported by: | Gert Döring | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | release 2.6 |
| Component: | Generic / unclassified | Version: | OpenVPN git master branch (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | networking, mtu, socket error |
| Cc: |
Description
tried to test "new mssfix/fragment" code, set up --fragment 1000 mtu --mtu-disc yes and reduced MTU on the network path (adding a route with "mtu 800" on the next-hop router).
Router sent ICMP packet, sending Linux box received ICMP packet, put
$ ip route get 199.102.77.82
199.102.77.82 via 193.149.48.190 dev eno1 src 193.149.48.174 uid 202
cache expires 475sec mtu 800
in its route cache (good), and OpenVPN was told
write UDPv4: Message too long (fd=3,code=90)
... but OpenVPN did not actually *do* anything as a consequence, like "update sending MTU".
As this also happens without the "frame" patchset it seems to be a general brokenness - so, revisit these code paths, understand what is supposed to happen ("extended socket error API" seems to be related), and make it work.
Change History (5)
comment:1 Changed 2 years ago by
comment:2 Changed 2 years ago by
commit 4225114b96723bdecd68398f7a89765879b31b5d (master)
commit 3e0c506e5d9135ef4b08547db8679cc5bd2a7582 (release/2.5)
commit 4d63d15ef9e1eb34ffdc4028a96f506decced99c (release/2.4)
Author: Gert Doering
Date: Tue Feb 22 12:38:32 2022 +0100
Fix --mtu-disc maybe|yes on Linux.
... this fixed, UDP over IPv4 does the right thing, but UDP over IPv6 still fails...
comment:3 Changed 2 years ago by
possibly this never worked... inside mtu.c, format_extended_socket_error() has
res = recvmsg(fd, &msg, MSG_ERRQUEUE);
and this fails with "Resource temporarily unavailable (errno=11)"...
... because "extended error message reporting" was never turned on.
Patch in patchwork!
comment:4 Changed 2 years ago by
For reference, 2.4.3 failed with "not supported on this OS" (wtf?), see #909
comment:5 Changed 2 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
IPv6 still failed because it was lacking the necessary code. This is now added as a new feature to master/2.6, with these two commits:
commit 043c67f36342969cd171d24c70ee6b62ebc95fee
Author: Gert Doering <gert@…>
Date: Tue Feb 22 15:35:14 2022 +0100
Implement --mtu-disc for IPv6 UDP sockets.
commit c96249696cf6d6217443bc93f8208571f289623e
Author: Gert Doering <gert@…>
Date: Fri May 13 12:15:26 2022 +0200
Pass proper sockaddr_* structure for IPv6 socket errors.
Since this is a new feature, it will not be backported to 2.4/2.5.
Patch for "master" is on the list, for initial review
https://patchwork.openvpn.net/patch/2308/
... turns out that our #ifdef mess in "syshead.h" got broken at some point, and misconfigured
when it should be "1" on Linux...