Re: Kernel panic with pptpd when mss > mtu

Frank Cusack (fcusack@fcusack.com)
Tue, 20 May 2003 21:43:01 -0700


On Wed, May 21, 2003 at 09:14:42AM +1000, Menno Smits wrote:
> I'm seeing a kernel oops with 2.4.20 which seems to be related to the
> PopTop PPTP server. When certain clients connect in (seems to be
> Win98) and begin large data transfers the kernel will reliably oops.
> The system crashes hard, the oops doesn't make it to the logs.
...
> I have been able to deal with the issue by using the workaround
> suggested in the the second post. That is, adding netfilter rules with
> the TCPMSS target to limit the TCP MSS to PMTU - 40. Apparently the
> problem is triggered by the MSS being bigger than the MTU (which is
> 750 in this case).

Yup. win98 ignores the negotiated MRU from the PPP peer (MTU on the win98
side) and sends PPP packets larger than MTU. As you've discovered. :-)

Linux doesn't allocate enough space for the decompressor output, and the
mppe module doesn't properly check that enough space exists. (That's
because PPP MPPE packets *shrink* after "decompression", and the mppe
module assumes at least the same amount of space as the PPP packet is
allocated for the decompressor.)

Grab the latest ftp://ftp.samba.org/pub/unpacked/ppp which corrects both
of the above problems.

I'll be posting a patch to lkml to correct the decompressor allocation
problem, shortly (a few weeks).

/fc
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/