Need to frag (DF) :)

Ivailo Tanusheff i.tanusheff at procreditbank.com
Mon Mar 31 03:28:05 PST 2003 

Hi,

I think you should lower the mtu value of the ng0 interface. This is
because of the packet overhead.
If you are using Windows XP, than you should enable multilink or you
can't bypass this.

Ivailo Tanusheff
 


-----Original Message-----
From: owner-freebsd-net at freebsd.org
[mailto:owner-freebsd-net at freebsd.org] On Behalf Of Dennis S. Davidoff
Sent: Monday, March 31, 2003 1:27 PM
To: freebsd-net
Subject: Need to frag (DF) :)

Hi all.

After successful authorization and setting tunnel by mpd I've got a
problem with packet fragmentation. 

rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
		net 172.16.1.2 netmask 0xffffff00 broadcast 172.16.1.255
		ether 00:02:44:2e:35:da
		media: Ethernet autoselect (100baseTX <full-duplex>)
		status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
		inet 172.16.0.1 netmask 0xffffff00 broadcast
172.16.0.255
		ether 00:10:dc:06:e8:91
		media: Ethernet autoselect (100baseTX <full-duplex>)
		status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
		inet 127.0.0.1 netmask 0xff000000
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1392
        inet 10.0.0.1 --> 10.0.0.2 netmask 0xffffffff

As you can see, mtu is 1392. So any attempt to open big content from
site or download a big file will fail. tcpdump shows:

14:13:09.876867 172.16.1.2 > 217.106.231.104: icmp: 192.168.0.168
unreachable - need to frag (mtu 1392) (DF)
...and so on.

Also I'll trying to test my gateway like that:
C:\Documents and Settings\null>ping -f -l 1500 172.16.0.1

Pinging 172.16.0.1 with 1500 bytes of data:

Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

Ping statistics for 172.16.0.1:
	Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C

Someone from obsd tells me that in obsd pf it could be solved by the
rule:
scrub in all no-df fragment reassemble
...which defragments all packets and removes DF flag (i guess)

P.S. On my gateway I have an ipfw rule that allows any icmp type.

Thanks for any advices.

-- 
Sincerely,
Dennis
_______________________________________________
freebsd-net at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

More information about the freebsd-net mailing list