ppp/sme7/mppe_lower_mtu.diff

--- ppp-2.4.3/pppd/ccp.c        2004-11-13 02:28:15.000000000 +0000
+++ ppp-2.4.3/pppd/ccp.c        2004-11-22 16:36:21.654092711 +0000
@@ -67,6 +67,7 @@
  */
 #ifdef MPPE
 bool refuse_mppe_stateful = 1;         /* Allow stateful mode? */
+bool mppe_lower_mtu = 1; /* Set to 0 to disable dropping the MTU by 4 */
 #endif
 
 static option_t ccp_option_list[] = {
@@ -156,6 +157,15 @@
       "allow MPPE stateful mode", OPT_PRIO },
     { "nomppe-stateful", o_bool, &refuse_mppe_stateful,
       "disallow MPPE stateful mode", OPT_PRIO | 1 },
+    
+    /* Option to avoid lowering our MTU by 4 (as should be done) to avoid
+     * breakage with devices that don't handle PMTUD
+     */
+    { "mppe-lower-mtu", o_bool, &mppe_lower_mtu,
+      "lower the MTU by 4 bytes for MPPE connections", OPT_PRIO | 1 },
+    { "nomppe-lower-mtu", o_bool, &mppe_lower_mtu,
+      "don't lower the MTU by 4 bytes for MPPE connections", OPT_PRIO },
+
 #endif /* MPPE */
 
     { NULL }
@@ -1185,9 +1195,16 @@
                     * allocate MPPE_PAD extra bytes in xmit buffers.
                     */
                    mtu = netif_get_mtu(f->unit);
-                   if (mtu)
-                       netif_set_mtu(f->unit, mtu - MPPE_PAD);
-                   else
+                   if (mtu) {
+                       /* Dropping the MTU seems to break Path MTU discovery
+                        * particularly where load-balancers are involved.
+                        * Not dropping the MTU may mean the occasional packet
+                        * goes unencrypted due to them being 4 bytes larger
+                        * and CCP thinking it's not worth encrypting.
+                        */
+                       if (mppe_lower_mtu)
+                           netif_set_mtu(f->unit, mtu - MPPE_PAD);
+                   } else
                        newret = CONFREJ;
                }
 
--- ppp-2.4.3/pppd/pppd.8       2004-11-22 16:36:21.663090491 +0000
+++ ppp-2.4.3/pppd/pppd.8       2004-11-22 16:43:15.169028425 +0000
@@ -622,6 +622,10 @@
 Enables the use of PPP multilink; this is an alias for the `multilink'
 option.  This option is currently only available under Linux.
 .TP
+.B mppe\-lower\-mtu
+Lowers the MTU by 4 bytes for MPPE connections. This is the correct
+behaviour but breaks accessing some sites. This is the default.
+.TP
 .B mppe\-stateful
 Allow MPPE to use stateful mode.  Stateless mode is still attempted first.
 The default is to disallow stateful mode.  
@@ -766,6 +770,11 @@
 .B nomppe\-128
 Disable 128-bit encryption with MPPE.
 .TP
+.TP
+.B nomppe\-lower\-mtu
+Disables lowering the MTU by 4 bytes for MPPE connections. This is sometimes
+required to access servers behind load balancing devices that break Path
+MTU Discovery.
 .B nomppe\-stateful
 Disable MPPE stateful mode.  This is the default.
 .TP
1	slords	1.1	--- ppp-2.4.3/pppd/ccp.c 2004-11-13 02:28:15.000000000 +0000
2			+++ ppp-2.4.3/pppd/ccp.c 2004-11-22 16:36:21.654092711 +0000
3			@@ -67,6 +67,7 @@
4			*/
5			#ifdef MPPE
6			bool refuse_mppe_stateful = 1; /* Allow stateful mode? */
7			+bool mppe_lower_mtu = 1; /* Set to 0 to disable dropping the MTU by 4 */
8			#endif
9
10			static option_t ccp_option_list[] = {
11			@@ -156,6 +157,15 @@
12			"allow MPPE stateful mode", OPT_PRIO },
13			{ "nomppe-stateful", o_bool, &refuse_mppe_stateful,
14			"disallow MPPE stateful mode", OPT_PRIO \| 1 },
15			+
16			+ /* Option to avoid lowering our MTU by 4 (as should be done) to avoid
17			+ * breakage with devices that don't handle PMTUD
18			+ */
19			+ { "mppe-lower-mtu", o_bool, &mppe_lower_mtu,
20			+ "lower the MTU by 4 bytes for MPPE connections", OPT_PRIO \| 1 },
21			+ { "nomppe-lower-mtu", o_bool, &mppe_lower_mtu,
22			+ "don't lower the MTU by 4 bytes for MPPE connections", OPT_PRIO },
23			+
24			#endif /* MPPE */
25
26			{ NULL }
27			@@ -1185,9 +1195,16 @@
28			* allocate MPPE_PAD extra bytes in xmit buffers.
29			*/
30			mtu = netif_get_mtu(f->unit);
31			- if (mtu)
32			- netif_set_mtu(f->unit, mtu - MPPE_PAD);
33			- else
34			+ if (mtu) {
35			+ /* Dropping the MTU seems to break Path MTU discovery
36			+ * particularly where load-balancers are involved.
37			+ * Not dropping the MTU may mean the occasional packet
38			+ * goes unencrypted due to them being 4 bytes larger
39			+ * and CCP thinking it's not worth encrypting.
40			+ */
41			+ if (mppe_lower_mtu)
42			+ netif_set_mtu(f->unit, mtu - MPPE_PAD);
43			+ } else
44			newret = CONFREJ;
45			}
46
47			--- ppp-2.4.3/pppd/pppd.8 2004-11-22 16:36:21.663090491 +0000
48			+++ ppp-2.4.3/pppd/pppd.8 2004-11-22 16:43:15.169028425 +0000
49			@@ -622,6 +622,10 @@
50			Enables the use of PPP multilink; this is an alias for the `multilink'
51			option. This option is currently only available under Linux.
52			.TP
53			+.B mppe\-lower\-mtu
54			+Lowers the MTU by 4 bytes for MPPE connections. This is the correct
55			+behaviour but breaks accessing some sites. This is the default.
56			+.TP
57			.B mppe\-stateful
58			Allow MPPE to use stateful mode. Stateless mode is still attempted first.
59			The default is to disallow stateful mode.
60			@@ -766,6 +770,11 @@
61			.B nomppe\-128
62			Disable 128-bit encryption with MPPE.
63			.TP
64			+.TP
65			+.B nomppe\-lower\-mtu
66			+Disables lowering the MTU by 4 bytes for MPPE connections. This is sometimes
67			+required to access servers behind load balancing devices that break Path
68			+MTU Discovery.
69			.B nomppe\-stateful
70			Disable MPPE stateful mode. This is the default.
71			.TP