Re: DF (Don't frag) issues

From: Andre Oppermann <andre_at_freebsd.org>
Date: Mon, 25 Apr 2005 19:04:07 +0200
Matthew Sullivan wrote:
> 
> As David suggested my config is shown here:
> 
> http://lists.freebsd.org/pipermail/freebsd-current/2005-April/048980.html

Ok, I see.  Do you still have this setup at your disposal?  I need
to know the suggested MTU value in the ICMP packet.  Best you look
at it with ethereal.  This will help a lot to get ahold of the bug.

> After talking with people I see 2 issues.....
> 
> 1/ The bug is being triggered when the incoming 'need frag' ICMP message
> doesn't have a suggested value.

If it comes from a FreeBSD box is certainly does have a suggested
value but tcpdump does not show it.  We need to know what it put
in there to be able to figure out what is going wrong.

> This ICMP message is being generated by 'stealth.sorbs.net' which is a
> FreeBSD 5.3 p9 server running FAST_IPSEC (no crypto card yet - waiting
> for delivery), and otherwise pretty standard kernel. As for fast forwarding:
> 
> net.inet.ip.fastforwarding: 0

That's fine.

> 2/ The bug itself is also a problem, as it cannot be guarenteed that the
> host returning the ICMP 'need frag' will fill in a suggested mtu, so
> that also needs to be looked at (but I guess you know that already ;-))

I'm testing a fix right now.  Unfortunatly the whole situation is a lot
more complex than thought at first.  While stepping through the code
I found some other incorrect assumptions.

-- 
Andre
Received on Mon Apr 25 2005 - 15:04:06 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:33 UTC