LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: MTU problem

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: MTU problem
From: Horms <horms@xxxxxxxxxxxx>
Date: Tue, 28 Nov 2006 13:07:11 +0900
On Wed, Nov 22, 2006 at 04:27:20PM +0100, Roberto Nibali wrote:
> Salü Per,
> 
> Long time no talk.
> 
> >>>After many attempts, lots of research, wielding a magic wand and
> >>>uttering the odd curse, I ended up with the following iptables
> >>>setup on each of my real servers:
> >>>
> >>>iptables -I OUTPUT -p tcp --tcp-flags SYN,RST,ACK SYN,ACK  -j
> >>>TCPMSS --clamp-mss-to-pmtu
> >All, is there any possibility, even the slightest, that the change
> >above could cause corruption in emails (with e.g. Word or PDF
> >attachments) ? 
> 
> Yes, there's always a chance. You check for SYN/ACK flags and clamp
> mss there, probably killing fragmented packets (which could be
> generated with such things like Word or PDF attachments). I would need
> to take a deeper look at what you've created this time :).

[ This problem has subsequently been found to be an application
  fault, but here is my 2c worth anyway ]

I would be thinking that the effect of killing fragmented packets would
be very slow communication or dropped connections. If the fragments are
missing, then the kernel shouldn't be passing subsequent data in the
stream up to user space. I'd be quite suprised if missing TCP packets or
fragments would lead to data corruption.

-- 
Horms
  H: http://www.vergenet.net/~horms/
  W: http://www.valinux.co.jp/en/


<Prev in Thread] Current Thread [Next in Thread>