pyrad
pyrad copied to clipboard
pyradius
Suggestion: clear DF bit in replies (IP_MTU_DISCOVER to IP_PMTUDISC_DONT)
Hello people and thank you for your work and for sharing it.
I have a server with pyrad, and a client is behind a PPPoE link with MTU 1492, both client and server are normal machines with the usual MTU of 1500.
Requests are always small and are OK. When the answer is small, OK. When it is big, it is fragmented at the source and the DF bit is clear, the full-size fragment is fragmented again, and everything is OK.
When the answer is between 1492 and 1500, DF bit is set, no ICMP unreachable is seen, the answer is lost. This is an unlikely "edge" situation, it took a lot of time to actually happen. When it did, it was not immediate to troubleshoot.
I ended up with the following in my code:
import socket
IP_MTU_DISCOVER = 10
IP_PMTUDISC_DONT = 0
....
reply = self.server.CreateReplyPacket(pkt)
pkt.fd.setsockopt(socket.SOL_IP, IP_MTU_DISCOVER, IP_PMTUDISC_DONT)
self.server.SendReplyPacket(pkt.fd, reply)
....
Replies now have DF bit clear and arrive, fragmented, at the client, and everything is OK.
I understand that having client and server with an MTU bottleneck in between is probably not very common, but you might want to consider adding something similar to the distributed code.
Best regards and thank you again,
Bergonz
