TCP transport again

Alexander Clouter alex at
Sat Sep 26 02:03:12 CEST 2009

Stefan Winter <stefan.winter at> wrote:
>> regarding this - a new feature of 2.1.7 related to the DF bit for the UDP 
>> packets. I believe that the change meant that the do not fragment bit was 
>> changed to be set - 
> No, it *unsets* the bit. Linux sets it by default, and in effect, can 
> cause large packets to be discarded if MTU decreases on the link 
> somewhere. Unsetting it gives at least a good chance that routers *can* 
> fragment the large packet if need be. Unless your routers are broken of 
> course.
Tell me if I am being stupid, but why don't we just crank down the MTU 
for IPv4 traffic to 576 (for IPv6 this should not be necessary IIRC as 
userspace should be informed if the packet is too large...but them with 
DF it should too for IPv4, right?)?  The only time I have seen any MTU 
related problems is with our useless Cisco WLC 4400 that sulks if it 
receives any packets larger than 1300 bytes...

Fragments on networks should always be avoided, I understand crypto 
packed traffic (EAP and isakmp for example) can end up knocking out 
fragmented traffic but surely there is no harm in trying to persuade 
them not to be formed.

Is there something about EAP that prevents payloads being spread across 
several EAP-Messages?  Apologies for not munching the RFC's, but they 
do not exactly make for light bedtime reading :)


Alexander Clouter
.sigmonster says: He is the best of men who dislikes power.
                  		-- Mohammed

More information about the Freeradius-Devel mailing list