Dummynet Broke fragmets in 5.x and 6.x
xds at LanGame.Net
Tue Dec 6 01:09:59 PST 2005
This problem exist in 5.x and 6.x implementations i wrote the email to
luiggi for this problem
but no answer yet , there is a problem with fragmented traffic that
going throut pipes,
dummynet whithout a problem change the ids of the framents and with
reassembling of the fragments , this is true not only for icmp udp icmp
its true for all ip traffic.
CCNP Atanas Yankov
Alvaro Saurin wrote:
> On 5 Dec 2005, at 14:41, Spadge wrote:
>> Alvaro Saurin wrote:
>>> The problem comes here: if I 'ping' between these two machines,
>>> everything is fine, but if I 'ping' with a packet size of, ie,
>>> 2000, no packets arrive at the receiver. Does it have to do with
>>> fragmented packets? Do I have to include any other rule for
>>> dealing with fragments?
>> 65100 0 0 deny log logamount 5000 ip from any to any frag
>> Does this not effectively kill all frags? Are your unreceived
>> packets showing up in the log? And if not, are you sure that it's
>> BSD4 that's losing them, and not ubuntu3?
>> Here's how my firewall handles frags:
>> # Allow IP fragments to pass through
>> /sbin/ipfw add pass all from any to any frag
>> You may also want to set up something similar to handle ICMP.
>> I've not used dummynet pipes in ages, I wonder if setting a larger
>> queue would help with my disconnect problems, or whether I really do
>> just need to give up and reinstall the entire OS.
> Thank you, you're right, but adding something like 'pass all from any
> to any frag' does not put the IICMP packets through the dummynet
> pipe. I am not specially interested in 'ping's, but it happens the
> same for UDP traffic...
> The problem is that, if I put ICMP/UDP/etc traffic through a pipe, it
> doesn't work when packets are fragmented. And letting fragments out
> of the pipe does not improve things...
> Any idea? Thanks.
More information about the freebsd-net