5,596,700 Members 45,980 Now Online
XDA Developers Android and Mobile Development Forum

Problem with current 4.4 kernels

Tip us?
 
longkas
Old
#1  
Junior Member - OP
Thanks Meter 0
Posts: 6
Join Date: Jun 2013
Default Problem with current 4.4 kernels

I have installed 4.4 rom latest, also using kernels suitable. My problem is that when I use VPN apps like OpenVPN connect, the connection speed gets very slow. I checked the logcat and find errors like:

exec() res=0, status=256 for /system/bin/iptables -t mangle -D st_mangle_POSTROUTING -p tcp -o tun0 --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
12-26 16:04:17.561: I/ip6tables(131): ip6tables: No chain/target/match by that name.
12-26 16:04:17.568: I/ip6tables(131): ip6tables terminated by exit(1)


I have searched this problem and found something useful (prevent spam):

android.googlesource.com/platform/system/netd/+/ca5b4e8%5E!/

it says:
Quote:
SecondaryTableController: force the MSS to match pmtu on TCP SYN

Without this change, the VPN sets up a tun/ppp that needs a small
MTU, and during TCP SYN the MSS will end up matching the outgoing iface
MTU which is potentially too big.
This leads to connection flakiness. The wrong MSS is visible by
tcpdump-ing on the tun/ppp device.

With this change, the MSS now is correct.
It requires the kernel to be configured with
CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
If kernel is not configured, it silently fails.
So I did look for a 4.4 kernel with this config enabled, I have checked config source of all current 4.4 kernels including franko,Mpokang,ASKP,Fancy, etc, but sadly I did not find one. I guess the reason is it's not included is because the code change happened not a long time ago, and for the same time the Galaxy Nexus kernel stood unupdated.

If kernel developers see this thread, thanks for all of your hard work and I wish you can check if the config is the reason of my problem. It will be better if I can post this thread in the development section, but it seems it's forbidden.

--Archie
 
kaijura
Old
#2  
kaijura's Avatar
Recognized Contributor
Thanks Meter 1813
Posts: 1,294
Join Date: Jan 2011
You can try to get their attention by mentioning @nameofdeveloper in here to get them to notice the thread, or send a PM to them directly. I think XDA will not allow you to post in developer sections until 10 or more posts.

Have you tried a 4.4 kernel with that patch to see if it works?
Getting VPNs to work flawlessly has always been tricky issue with the custom kernels, hopefully yours can be addressed soon.
Code:
Mako E960 4.4.2 KOT49H - OmniROM Official - Maguro SC-04D 4.3 JLS36G - OmniROM Unofficial - Maguro i9250M 4.4.2 KOT49H - OmniROM Homemade - Razor 4.4.2 KOT49H - OmniROM Official - Grouper 4.4.2 KOT49H - OmniROM Official
 
longkas
Old
#3  
Junior Member - OP
Thanks Meter 0
Posts: 6
Join Date: Jun 2013
Quote:
Originally Posted by kaijura View Post
You can try to get their attention by mentioning @nameofdeveloper in here to get them to notice the thread, or send a PM to them directly. I think XDA will not allow you to post in developer sections until 10 or more posts.

Have you tried a 4.4 kernel with that patch to see if it works?
Getting VPNs to work flawlessly has always been tricky issue with the custom kernels, hopefully yours can be addressed soon.
Thanks for your reply, since many custom kernels are based on the CM kernel, I think the most efficient way is to let CM team know this bug and fix it. Unfortunately CM team dose not accept a bug report of a nightly build version. Now I have resolved this issue by patching a kernel and building myself. I have built a patched kernel based on CM 11.0 source code and the VPN issue is gone. People have this issue may use this kernel(source from CM, patched by me)

[kernel_tuna_4.4.2_CM_MSS_fixed_Archie_20131227] pan.baidu.com/s/1bnzP2GJ (to prevent link spam)
 
kaijura
Old
#4  
kaijura's Avatar
Recognized Contributor
Thanks Meter 1813
Posts: 1,294
Join Date: Jan 2011
Quote:
Originally Posted by longkas View Post
Thanks for your reply, since many custom kernels are based on the CM kernel, I think the most efficient way is to let CM team know this bug and fix it. Unfortunately CM team dose not accept a bug report of a nightly build version. Now I have resolved this issue by patching a kernel and building myself. I have built a patched kernel based on CM 11.0 source code and the VPN issue is gone. People have this issue may use this kernel(source from CM, patched by me)
Good to know the build worked. You can submit your patch information to the Cyanogenmod JIRA: http://jira.cyanogenmod.org as a feature or improvement, but you want to get the attention of @dhacker29 since he currently maintains the Maguro kernel on Cyanogenmod. You can make a pull request on github or send him a PM here directly.

http://www.github.com/dhacker29
 
JimboVV
Old
#5  
Member
Thanks Meter 5
Posts: 54
Join Date: Apr 2012
Has someone put this bug to jira.cyanogenmod.org ???

Ive the same bug with my htc phone...
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes