DF (Don't frag) issues

From: Matthew Sullivan <matthew_at_uq.edu.au> Date: Tue, 19 Apr 2005 07:29:18 +1000 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:32 UTC

Any reason why FreeBSD 5.2.1+ and 5.3-p9 set DF on all packets?

I'm getting some real problems with VPNs, setting the interface MTU to 
1024 fixes them, but it really is less than ideal.

example with dominator [203.15.51.36] MTU at 1500, vpn server is at 
203.15.51.36 (all interfaces are MTU 1500 except gif0 which is 1280), 
other end of the VPN has interfaces at MTU 1500 which serices the 
10.200.254.0 network (wireless)....

root_at_dominator:~# tcpdump -n | grep 10.200.254.98
tcpdump: listening on bge0
23:36:22.638202 10.200.254.98.33118 > 203.15.51.36.24: SWE 
742813284:742813284(0) win 5840 <mss 1460,sackOK,timestamp 1548890 
0,nop,wscale 0> (DF)
23:36:22.638259 203.15.51.36.24 > 10.200.254.98.33118: S 
2275901409:2275901409(0) ack 742813285 win 65535 <mss 1460,nop,wscale 
1,nop,nop,timestamp 45880291 1548890> (DF)
23:36:22.680880 10.200.254.98.33118 > 203.15.51.36.24: . ack 1 win 5840 
<nop,nop,timestamp 1548895 45880291> (DF)
23:36:22.683004 203.15.51.36.24 > 10.200.254.98.33118: P 1:43(42) ack 1 
win 33304 <nop,nop,timestamp 45880295 1548895> (DF)
23:36:22.728581 10.200.254.98.33118 > 203.15.51.36.24: . ack 43 win 5840 

<nop,nop,timestamp 1548900 45880295> (DF)
.
.
.
23:36:23.474807 203.15.51.36.24 > 10.200.254.98.33118: P 2075:2171(96) 
ack 2425 win 33304 <nop,nop,timestamp 45880374 1548974> (DF)
23:36:23.475751 10.200.254.98.33118 > 203.15.51.36.24: P 2425:2537(112) 
ack 2075 win 10496 <nop,nop,timestamp 1548974 45880368> (DF) [tos 0x10]
23:36:23.510998 203.15.51.36.24 > 10.200.254.98.33118: P 2171:2219(48) 
ack 2537 win 33304 <nop,nop,timestamp 45880378 1548974> (DF) [tos 0x10]
23:36:23.511752 203.15.51.36.24 > 10.200.254.98.33118: P 2219:2315(96) 
ack 2537 win 33304 <nop,nop,timestamp 45880378 1548974> (DF) [tos 0x10]
23:36:23.514316 203.15.51.36.24 > 10.200.254.98.33118: P 2315:3643(1328) 
ack 2537 win 33304 <nop,nop,timestamp 45880378 1548974> (DF) [tos 0x10]
23:36:23.515060 203.15.51.61 > 203.15.51.36: icmp: 10.200.254.98 
unreachable - need to frag (DF)
23:36:23.516599 203.15.51.36.24 > 10.200.254.98.33118: P 3643:3723(80) 
ack 2537 win 33304 <nop,nop,timestamp 45880379 1548974> (DF) [tos 0x10]
23:36:23.517255 203.15.51.36.24 > 10.200.254.98.33118: P 3723:3771(48) 
ack 2537 win 33304 <nop,nop,timestamp 45880379 1548974> (DF) [tos 0x10]
23:36:23.517337 203.15.51.36.24 > 10.200.254.98.33118: P 3771:3995(224) 
ack 2537 win 33304 <nop,nop,timestamp 45880379 1548974> (DF) [tos 0x10]
23:36:23.527961 203.15.51.36.24 > 10.200.254.98.33118: P 3995:4059(64) 
ack 2537 win 33304 <nop,nop,timestamp 45880380 1548974> (DF) [tos 0x10]
23:36:23.552652 10.200.254.98.33118 > 203.15.51.36.24: . ack 2171 win 
10496 <nop,nop,timestamp 1548983 45880374> (DF) [tos 0x10]
23:36:23.561291 10.200.254.98.33118 > 203.15.51.36.24: . ack 2219 win 
10496 <nop,nop,timestamp 1548983 45880378> (DF) [tos 0x10]
23:36:23.565812 10.200.254.98.33118 > 203.15.51.36.24: . ack 2315 win 
10496 <nop,nop,timestamp 1548983 45880378> (DF) [tos 0x10]
23:36:23.570650 10.200.254.98.33118 > 203.15.51.36.24: . ack 2315 win 
10496 <nop,nop,timestamp 1548983 45880378> (DF) [tos 0x10]
23:36:23.577811 10.200.254.98.33118 > 203.15.51.36.24: . ack 2315 win 
10496 <nop,nop,timestamp 1548984 45880378> (DF) [tos 0x10]
23:36:23.577829 10.200.254.98.33118 > 203.15.51.36.24: . ack 2315 win 
10496 <nop,nop,timestamp 1548984 45880378> (DF) [tos 0x10]
23:36:23.577880 203.15.51.36.24 > 10.200.254.98.33118: . 2315:3763(1448) 
ack 2537 win 33304 <nop,nop,timestamp 45880385 1548984> (DF) [tos 0x10]
23:36:23.578406 203.15.51.61 > 203.15.51.36: icmp: 10.200.254.98 
unreachable - need to frag (DF)
23:36:23.582784 10.200.254.98.33118 > 203.15.51.36.24: . ack 2315 win 

-- 
Matthew Sullivan
Specialist Systems Programmer
Information Technology Services
The University of Queensland