Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#73347 - aur.arch PMTUD is not working and cause tunnelled users cannot access aur
Attached to Project:
Arch Linux
Opened by Hertz Yang (hertzyang) - Thursday, 13 January 2022, 10:29 GMT
Last edited by Evangelos Foutras (foutrelis) - Saturday, 12 February 2022, 07:40 GMT
Opened by Hertz Yang (hertzyang) - Thursday, 13 January 2022, 10:29 GMT
Last edited by Evangelos Foutras (foutrelis) - Saturday, 12 February 2022, 07:40 GMT
|
DetailsIf there's:
Client <-(Ethernet MTU 1500)-> Router 1 <-(Tunnel MTU 1420)-> Router 2 <-Ethernet MTU 1500-> ยทยทยท <-Ethernet MTU 1500-> aur.archlinux.org For TCP connection, the client will initiate the connection using a little bigger mss, which actually cannot be carried by the link, destination aur will agree and use the same mss. However, when aur is sending actual data used full of mss, since the link between router 1 and 2 cannot carry the packet, the packet will be dropped at router 2, and router 2 will send an ICMP message to aur telling aur "your packet is too big and I just dropped it, please reduce your packet size", and that is ICMPv6 Packet Too Big. This is PMTUD, Path MTU Discovery, as expected, aur will reduce packet size wisely using the MTU specified by the ICMP message, so the connection can go on. However, aur is not responding to it, but still sending packets using the incorrect mss, so the client will never get the response, the connection cannot be initiated, so users will not be able to use aur. Please see the attachments. 
workingsites.png
(1.77 MiB)
|
This task depends upon
Closed by Evangelos Foutras (foutrelis)
Saturday, 12 February 2022, 07:40 GMT
Reason for closing: None
Additional comments about closing: Does not appear to be a server configuration issue and PMTUD works within our immediate network.
Saturday, 12 February 2022, 07:40 GMT
Reason for closing: None
Additional comments about closing: Does not appear to be a server configuration issue and PMTUD works within our immediate network.
Running tcpdump '(ip6 and icmp6 and ip6[40] = 2)' on aur.archlinux.org shows the following when doing a request from a client behind the tunnel:
05:11:47.125975 IP6 tserv1.bud1.he.net > aur.archlinux.org: ICMP6, packet too big, mtu 1420, length 1240
The MTU value is also correctly cached for 10 minutes:
[root@aur ~]# ip route get to <client-ipv6>
<client-ipv6> from :: via fe80::1 dev ens3 src 2a01:4f9:c010:50::1 metric 1024 expires 593sec mtu 1420 pref medium
I made it a loop to query aur.arch, and my machine will keep sending ICMP packet too big messages to aur.arch:
00:44:14.369523 IP6 (flowlabel 0x5bc91, hlim 64, next-header ICMPv6 (58) payload length: 1240) 2001:7f8:33::a113:5395:1 > 2a01:4f9:c010:50::1: [icmp6 sum ok] ICMP6, packet too big, mtu 1420
Can you please confirm if the packets reach aur.arch?
Can you try something like `tracepath -6 aur.archlinux.org` to see where the packets might be getting dropped?
Can you try tracepath -6 2a0f:9400:7a00:1111::2 ?