RFC 4638 (PPPoE 1500 MTU/MRU) - let's pitch in
-
As mentioned in the topic. I pledge $50
Issue:
root: ping -D -s 1472 yahoo.com
PING yahoo.com (206.190.36.45): 1472 data bytes
36 bytes from localhost (127.0.0.1): frag needed and DF set (MTU 1492)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 05dc 6b46 0 0000 40 01 abcc 2.97.247.19 206.190.36.45vmx0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=60079b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,tso6,lro,rxcsum_ipv6,txcsum_ipv6>ether 00:01:0a:21:6b:60
inet6 fe80::201:aff:fe21:6b60%vmx0 prefixlen 64 scopeid 0x1
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
status: active
pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492
inet6 fe80::201:aff:fe21:6b60%pppoe0 prefixlen 64 scopeid 0x7
inet 2.98.156.223 –> 117.165.190.1 netmask 0xffffffff
nd6 options=21<performnud,auto_linklocal></performnud,auto_linklocal></up,pointopoint,running,noarp,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,tso6,lro,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast>Expected behavior:
[root@box ~]# ping -M do -c 2 -s 1472 yahoo.com
PING yahoo.com (98.139.183.24) 1472(1500) bytes of data.
1480 bytes from ir2.fp.vip.bf1.yahoo.com (98.139.183.24): icmp_seq=1 ttl=53 time=230 ms
1480 bytes from ir2.fp.vip.bf1.yahoo.com (98.139.183.24): icmp_seq=2 ttl=53 time=232 ms
–- yahoo.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 230.180/231.415/232.651/1.325 ms[root@box ~]# ifconfig
green0 Link encap:Ethernet HWaddr 00:0C:29:7F:27:44
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15078 errors:0 dropped:0 overruns:0 frame:0
TX packets:12171 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4349698 (4.1 Mb) TX bytes:3450290 (3.2 Mb)lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:112 errors:0 dropped:0 overruns:0 frame:0
TX packets:112 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12176 (11.8 Kb) TX bytes:12176 (11.8 Kb)ppp0 Link encap:Point-to-Point Protocol
inet addr:2.97.90.54 P-t-P:117.165.190.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:8070 errors:0 dropped:0 overruns:0 frame:0
TX packets:9131 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:2842073 (2.7 Mb) TX bytes:3536328 (3.3 Mb)red0 Link encap:Ethernet HWaddr 00:0C:29:7F:27:3A
UP BROADCAST RUNNING MULTICAST MTU:1508 Metric:1
RX packets:8645 errors:0 dropped:0 overruns:0 frame:0
TX packets:9718 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3300161 (3.1 Mb) TX bytes:3893666 (3.7 Mb)RFC 4638 - Accommodating a Maximum Transit Unit/Maximum Receive Unit (MTU/MRU) Greater Than 1492 in the Point-to-Point Protocol over Ethernet (PPPoE)
OpenBSD RFC 4638 support for pppoe -
US$15 from me if done.
-
US $50 if done before June 10th. US$15 after.
-
Only reason that I don't use pfSense at this moment is lack of support for RCF4638
10euro / 10$ dollar from me when it's done. -
$50 from me when done
-
Though the mpd5 part of this is a bit messy at the moment, the kernel and mpd5 work required for RFC 4638 support are now done.
Dmitry Luhtionov, one of the mpd5 developers, is responsible for the kernel patch to FreeBSD HEAD and mpd5 CVS.
The kernel patch applies trivially to any FreeBSD 10.x RELEASE as the ng_pppoe(4) code has been very stable in recent years. I've backported the RFC 4638 patch for mpd5 to mpd 5.7, so it's not necessary to switch to the CVS HEAD version of mpd5 that contains a lot of other changes. I also fixed a bug I found in Dmitry's code during testing. I've posted this work online today in the Sourceforge bug for RFC 4638 support in mpd5.
Unfortunately, I don't have a build VM for pfSense, nor do I have access to the pfsense-tools repository, otherwise I'd build a custom version of pfSense-2.2.4 with the patches incorporated and complete the GUI work.
The changes required to the pfSense PHP code are fairly trivial. I've documented the slight mpd*.conf syntax difference for MTU > 1492 in the Sourceforge bug.
It is necessary to ensure that the parent interface of the PPPoE connection has an MTU at least 8 bytes greater than the desired PPPoE MTU. The same MTU change also needs to be made to any parents of the parent interface. For example, on my pfSense box, the PPPoE parent interface is a vlan, so the MTU of the network needs raising first, then the MTU of the vlan. This means that the PPPoE parent interface and any relevant network infrastructure must support jumbo frames.
-
perhaps someone should update https://redmine.pfsense.org/issues/4542 and provide the "trivial' patches
-
I've updated redmine, have executed the pfSense contributor and licence agreements, and hope the pfSense team will set me up with access to the pfSense-tools repository. If so, I will attempt to complete this work over the next few days.
-
I'm continuing to work on this.
I've now got a build VM for pfSense 2.2.x and, having fought with the build system, I can see why it's being abandoned for pfSense 2.3! Despite all this, I've managed to build a patched kernel and mpd5 binary, which I've manually installed into my 2.2.4-RELEASE amd64 box.
If anyone wants to see the pfsense-tools part of the work, it's on Github (that link will only work if you have been granted access to the private pfsense-tools repository).
I've yet to complete the modifications to the pfSense code. The hardest part is to set the MTU of the PPPoE interface's parent interface to 8 bytes above the desired PPPoE MTU, with the added complexity that, on some systems including mine, that parent interface is a vlan.
To verify the work so far, I brought down mpd5 at the command prompt and brought it back up with a modified configuration file set for a 1500 byte MTU.
Here's the results whilst SSHed into the pfSense box:
[2.2.4-RELEASE][admin@[censored]]/root: ifconfig pppoe0
pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1500
inet6 [censored]%pppoe0 prefixlen 64 scopeid 0x11
inet [censored] –> 62.3.84.27 netmask 0xffffffff
inet6 [censored] prefixlen 64 autoconf
nd6 options=23 <performnud,accept_rtadv,auto_linklocal>[2.2.4-RELEASE][admin@[censored]]/root: ping -D -s 1472 8.8.4.4
PING 8.8.4.4 (8.8.4.4): 1472 data bytes
1480 bytes from 8.8.4.4: icmp_seq=0 ttl=57 time=11.178 ms
1480 bytes from 8.8.4.4: icmp_seq=1 ttl=57 time=11.549 ms
1480 bytes from 8.8.4.4: icmp_seq=2 ttl=57 time=11.314 ms
1480 bytes from 8.8.4.4: icmp_seq=3 ttl=57 time=11.552 ms
1480 bytes from 8.8.4.4: icmp_seq=4 ttl=57 time=11.328 ms
1480 bytes from 8.8.4.4: icmp_seq=5 ttl=57 time=11.314 ms
1480 bytes from 8.8.4.4: icmp_seq=6 ttl=57 time=11.581 ms
1480 bytes from 8.8.4.4: icmp_seq=7 ttl=57 time=11.335 ms
1480 bytes from 8.8.4.4: icmp_seq=8 ttl=57 time=11.369 ms
1480 bytes from 8.8.4.4: icmp_seq=9 ttl=57 time=11.610 ms
^C
–- 8.8.4.4 ping statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 11.178/11.413/11.610/0.140 ms
[2.2.4-RELEASE][admin@[censored]]/root: ping6 -D -s 1452 www.google.co.uk
PING6(1500=40+8+1452 bytes) [censored] –> 2a00:1450:4009:80a::2003
72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=0 hlim=59 time=10.081 ms
72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=1 hlim=59 time=10.113 ms
72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=2 hlim=59 time=10.099 ms
72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=3 hlim=59 time=10.130 ms
72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=4 hlim=59 time=10.137 ms
72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=5 hlim=59 time=10.378 ms
72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=6 hlim=59 time=10.121 ms
72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=7 hlim=59 time=10.163 ms
72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=8 hlim=59 time=10.171 ms
72 bytes from 2a00:1450:4009:80a::2003, icmp_seq=9 hlim=59 time=10.396 ms
^C
--- www.google.co.uk ping6 statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 10.081/10.179/10.396/0.107 ms[2.2.4-RELEASE][admin@[censored]]/root:</performnud,accept_rtadv,auto_linklocal></up,pointopoint,running,noarp,simplex,multicast>
I have a Huawei HG612 acting as a VDSL2 bridge. The ISP is Zen Internet (UK) and my account has native IPv6 enabled.
I've censored my IP addresses and domain names in the output above. It is otherwise a verbatim log.
Edit to add: I have submitted the kernel and mpd5 changes as a pull request against the pfsense-tools repository. I am unclear whether this will qualify for inclusion in a future 2.2.x version of pfSense or will have to wait for pfSense 2.3. Either way, the kernel and mpd5 work is now complete and tested.
-
The pfSense team are reviewing the changes to the kernel and mpd5. As pfSense 2.2 is a feature frozen maintenance branch, the decision has been taken that this will not appear in 2.2.x but is targeted for 2.3.
I continue to work on the GUI side of this - well, I say GUI side. The substantive changes are to the support code in interfaces.inc that builds the mpd configuration file and sets interface MTUs. Fortunately, there are currently few changes in that file between pfSense 2.2 and pfSense 2.3, with the only large change being the removal of PPTP support in pfSense 2.3. I can continue to develop and test on pfSense 2.2 before porting the changes to pfSense 2.3 for submission.
Work will be a little slower for a while as my partner was admitted to hospital yesterday. I'll keep going as strength allows.
-
I've completed the GUI work and have posted instructions in the Development forum. Please read the caveats there carefully before proceeding.
-
RFC 4638 support was merged to pfSense 2.3 earlier today, shortly before 2.3 was redesignated as a beta.
I didn't follow any of the procedures relating to bounties before starting to work on this, and it would probably be rather out of order for me to expect any payment for the work I did to implement this.
Should any of those who pledged wish to pay up, I suggest they donate their pledge to the FreeBSD Foundation.
-
RFC 4638 support was merged to pfSense 2.3 earlier today, shortly before 2.3 was redesignated as a beta.
I didn't follow any of the procedures relating to bounties before starting to work on this, and it would probably be rather out of order for me to expect any payment for the work I did to implement this.
Should any of those who pledged wish to pay up, I suggest they donate their pledge to the FreeBSD Foundation.
I've just seen this and have done as you wished :)