ppp/sme8/mppe_lower_mtu.diff

--- ppp-2.4.3/pppd/ccp.c        2004-11-13 02:28:15.000000000 +0000
+++ ppp-2.4.3/pppd/ccp.c        2004-11-22 16:36:21.654092711 +0000
@@ -67,6 +67,7 @@
  */
 #ifdef MPPE
 bool refuse_mppe_stateful = 1;         /* Allow stateful mode? */
+bool mppe_lower_mtu = 1; /* Set to 0 to disable dropping the MTU by 4 */
 #endif
 
 static option_t ccp_option_list[] = {
@@ -156,6 +157,15 @@
       "allow MPPE stateful mode", OPT_PRIO },
     { "nomppe-stateful", o_bool, &refuse_mppe_stateful,
       "disallow MPPE stateful mode", OPT_PRIO | 1 },
+    
+    /* Option to avoid lowering our MTU by 4 (as should be done) to avoid
+     * breakage with devices that don't handle PMTUD
+     */
+    { "mppe-lower-mtu", o_bool, &mppe_lower_mtu,
+      "lower the MTU by 4 bytes for MPPE connections", OPT_PRIO | 1 },
+    { "nomppe-lower-mtu", o_bool, &mppe_lower_mtu,
+      "don't lower the MTU by 4 bytes for MPPE connections", OPT_PRIO },
+
 #endif /* MPPE */
 
     { NULL }
@@ -1185,9 +1195,16 @@
                     * allocate MPPE_PAD extra bytes in xmit buffers.
                     */
                    mtu = netif_get_mtu(f->unit);
-                   if (mtu)
-                       netif_set_mtu(f->unit, mtu - MPPE_PAD);
-                   else
+                   if (mtu) {
+                       /* Dropping the MTU seems to break Path MTU discovery
+                        * particularly where load-balancers are involved.
+                        * Not dropping the MTU may mean the occasional packet
+                        * goes unencrypted due to them being 4 bytes larger
+                        * and CCP thinking it's not worth encrypting.
+                        */
+                       if (mppe_lower_mtu)
+                           netif_set_mtu(f->unit, mtu - MPPE_PAD);
+                   } else
                        newret = CONFREJ;
                }
 
--- ppp-2.4.3/pppd/pppd.8       2004-11-22 16:36:21.663090491 +0000
+++ ppp-2.4.3/pppd/pppd.8       2004-11-22 16:43:15.169028425 +0000
@@ -622,6 +622,10 @@
 Enables the use of PPP multilink; this is an alias for the `multilink'
 option.  This option is currently only available under Linux.
 .TP
+.B mppe\-lower\-mtu
+Lowers the MTU by 4 bytes for MPPE connections. This is the correct
+behaviour but breaks accessing some sites. This is the default.
+.TP
 .B mppe\-stateful
 Allow MPPE to use stateful mode.  Stateless mode is still attempted first.
 The default is to disallow stateful mode.  
@@ -766,6 +770,11 @@
 .B nomppe\-128
 Disable 128-bit encryption with MPPE.
 .TP
+.TP
+.B nomppe\-lower\-mtu
+Disables lowering the MTU by 4 bytes for MPPE connections. This is sometimes
+required to access servers behind load balancing devices that break Path
+MTU Discovery.
 .B nomppe\-stateful
 Disable MPPE stateful mode.  This is the default.
 .TP
1	--- ppp-2.4.3/pppd/ccp.c 2004-11-13 02:28:15.000000000 +0000
2	+++ ppp-2.4.3/pppd/ccp.c 2004-11-22 16:36:21.654092711 +0000
3	@@ -67,6 +67,7 @@
4	*/
5	#ifdef MPPE
6	bool refuse_mppe_stateful = 1; /* Allow stateful mode? */
7	+bool mppe_lower_mtu = 1; /* Set to 0 to disable dropping the MTU by 4 */
8	#endif
9
10	static option_t ccp_option_list[] = {
11	@@ -156,6 +157,15 @@
12	"allow MPPE stateful mode", OPT_PRIO },
13	{ "nomppe-stateful", o_bool, &refuse_mppe_stateful,
14	"disallow MPPE stateful mode", OPT_PRIO \| 1 },
15	+
16	+ /* Option to avoid lowering our MTU by 4 (as should be done) to avoid
17	+ * breakage with devices that don't handle PMTUD
18	+ */
19	+ { "mppe-lower-mtu", o_bool, &mppe_lower_mtu,
20	+ "lower the MTU by 4 bytes for MPPE connections", OPT_PRIO \| 1 },
21	+ { "nomppe-lower-mtu", o_bool, &mppe_lower_mtu,
22	+ "don't lower the MTU by 4 bytes for MPPE connections", OPT_PRIO },
23	+
24	#endif /* MPPE */
25
26	{ NULL }
27	@@ -1185,9 +1195,16 @@
28	* allocate MPPE_PAD extra bytes in xmit buffers.
29	*/
30	mtu = netif_get_mtu(f->unit);
31	- if (mtu)
32	- netif_set_mtu(f->unit, mtu - MPPE_PAD);
33	- else
34	+ if (mtu) {
35	+ /* Dropping the MTU seems to break Path MTU discovery
36	+ * particularly where load-balancers are involved.
37	+ * Not dropping the MTU may mean the occasional packet
38	+ * goes unencrypted due to them being 4 bytes larger
39	+ * and CCP thinking it's not worth encrypting.
40	+ */
41	+ if (mppe_lower_mtu)
42	+ netif_set_mtu(f->unit, mtu - MPPE_PAD);
43	+ } else
44	newret = CONFREJ;
45	}
46
47	--- ppp-2.4.3/pppd/pppd.8 2004-11-22 16:36:21.663090491 +0000
48	+++ ppp-2.4.3/pppd/pppd.8 2004-11-22 16:43:15.169028425 +0000
49	@@ -622,6 +622,10 @@
50	Enables the use of PPP multilink; this is an alias for the `multilink'
51	option. This option is currently only available under Linux.
52	.TP
53	+.B mppe\-lower\-mtu
54	+Lowers the MTU by 4 bytes for MPPE connections. This is the correct
55	+behaviour but breaks accessing some sites. This is the default.
56	+.TP
57	.B mppe\-stateful
58	Allow MPPE to use stateful mode. Stateless mode is still attempted first.
59	The default is to disallow stateful mode.
60	@@ -766,6 +770,11 @@
61	.B nomppe\-128
62	Disable 128-bit encryption with MPPE.
63	.TP
64	+.TP
65	+.B nomppe\-lower\-mtu
66	+Disables lowering the MTU by 4 bytes for MPPE connections. This is sometimes
67	+required to access servers behind load balancing devices that break Path
68	+MTU Discovery.
69	.B nomppe\-stateful
70	Disable MPPE stateful mode. This is the default.
71	.TP