Using IPv4 TCPMSS target with IPv6-in-IPv4

Using IPv4 TCPMSS target with IPv6-in-IPv4

Post by Mark T.B. Carro » Mon, 19 Mar 2007 12:13:24



I have a braindead ISP that filters some ICMP but doesn't seem to
realise it. (Yes, I know, but choices are few. ):) With IPv4 I have to
use,

iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

or large packets don't get through.

Now I'm playing with IPv6, again small packets get through and large
packets don't, so I'm guessing that exactly the same problem is
occurring. Unfortunately, the relevant gateway machines tend to run late
2.4 kernels, so ip6tables isn't offering a TCPMSS target.

But, that machine uses IPv6-in-IPv4 anyway (a route for 2000::/3 via
::192.88.99.1) so I am wondering: is there some magic that I can use to
make the IPv6 stuff use the IPv4 TCPMSS target, so I can get sensible
IPv6 connectivity without having to use a very recent kernel?

Mark.

--
Functional programming vacancy at http://www.aetion.com/

 
 
 

Using IPv4 TCPMSS target with IPv6-in-IPv4

Post by Pascal Hambour » Mon, 19 Mar 2007 20:30:37


Hello,

Mark T.B. Carroll a crit :

Quote:> I have a braindead ISP that filters some ICMP but doesn't seem to
> realise it. (Yes, I know, but choices are few. ):) With IPv4 I have to
> use,

> iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

> or large packets don't get through.

> Now I'm playing with IPv6, again small packets get through and large
> packets don't, so I'm guessing that exactly the same problem is
> occurring. Unfortunately, the relevant gateway machines tend to run late
> 2.4 kernels, so ip6tables isn't offering a TCPMSS target.

I have not seen that the latest stable 2.6 kernels and ip6tables offer
an IPv6 TCPMSS target either.

Quote:> But, that machine uses IPv6-in-IPv4 anyway (a route for 2000::/3 via
> ::192.88.99.1) so I am wondering: is there some magic that I can use to
> make the IPv6 stuff use the IPv4 TCPMSS target, so I can get sensible
> IPv6 connectivity without having to use a very recent kernel?

All I can suggest is limit the IPv6 MTU or advertised MSS of your
machines (not only the gateway). It worked for me when I was using PPPoE.

 
 
 

1. ipv4: move proc stuff from net/ipv4/af_inet.c to net/ipv4/proc.c


   Date: Tue, 29 Oct 2002 11:42:07 -0200 (BRDT)

        Please consider pulling from:

   kernel.bkbits.net:/home/acme/net-2.5

Pulled, thanks.

I just did a push to Linus, so this will go show up in the next round.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

2. Linux Winzip utility

3. IPv6: Allow Both IPv6 and IPv4 Sockets on the Same Port Number (IPV6_V6ONLY Support)

4. X with Mystique / xvidtune

5. Remove compile warnings from ipv4/raw.c and ipv4/arp.c

6. Listen up people!!!...

7. [ipv4] move proc init to newly created net/ipv4/ip_proc.c

8. Help on Handler function

9. IPv4 vs IPv6

10. ipv4 program sends ipv6

11. what are the advantages of IPv6 over IPv4??

12. How to support IPv6 passthrough/bridge with a IPv4-only router?

13. IPv4 --> IPv6