[Bug 207208] ping has a problem with fragmented replies

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue Feb 16 09:36:57 UTC 2016


--- Comment #3 from Jasper Siepkes <jasper at siepkes.nl> ---
Thanks for the prompt response Maxim.

I did some checks:

# sysctl net.inet.ip.maxfragsperpacket net.inet.ip.maxfragpackets
net.inet.ip.maxfragsperpacket: 16
net.inet.ip.maxfragpackets: 8192

Those are the defaults I believe. Also double checked any modifications to ICMP
and IP related stuff in loader.conf or sysctl.conf. 

# netstat -sp ip
        5136257 total packets received
        0 bad header checksums
        0 with size smaller than minimum
        0 with data size < data length
        0 with ip length > max ip packet size
        0 with header length < data size
        0 with data length < header length
        0 with bad options
        0 with incorrect version number
        0 fragments received
        0 fragments dropped (dup or out of space)
        0 fragments dropped after timeout
        0 packets reassembled ok
        254049 packets for this host
        12 packets for unknown/unsupported protocol
        0 packets forwarded (0 packets fast forwarded)
        0 packets not forwardable
        0 packets received for unknown multicast group
        0 redirects sent
        702407 packets sent from this host
        0 packets sent with fabricated ip header
        0 output packets dropped due to no bufs, etc.
        0 output packets discarded due to no route
        31 output datagrams fragmented
        62 fragments created
        22 datagrams that can't be fragmented
        0 tunneling packets that can't find gif
        0 datagrams with bad address in header
# netstat -sp icmp
        0 calls to icmp_error
        0 errors not generated in response to an icmp message
        0 messages with bad code fields
        0 messages less than the minimum length
        0 messages with bad checksum
        0 messages with bad length
        0 multicast echo requests ignored
        0 multicast timestamp requests ignored
        Input histogram:
                echo reply: 1
                destination unreachable: 7282
                time exceeded: 1
        0 message responses generated
        0 invalid return addresses
        0 no return routes
        ICMP address mask responses are disabled

I ran the tests again so the single 'echo reply' received is the normal size
and the "time exceeded" is the one with the larger payload.

The host I used is behind NAT (PAT) so that could indeed be a problem. However
I just now also did the test on another host which isn't behind NAT (pinged
another host in its network segment) and he also had the problem.

I will install a vanilla VM today and do some tests to see if this really is an
issue or I messed up somewhere else in the config.

You are receiving this mail because:
You are on the CC list for the bug.

More information about the freebsd-amd64 mailing list