DF (Don't frag) issues
Andre Oppermann
andre at freebsd.org
Mon Apr 25 10:04:06 PDT 2005
Matthew Sullivan wrote:
>
> As David suggested my config is shown here:
>
> http://lists.freebsd.org/pipermail/freebsd-current/2005-April/048980.html
Ok, I see. Do you still have this setup at your disposal? I need
to know the suggested MTU value in the ICMP packet. Best you look
at it with ethereal. This will help a lot to get ahold of the bug.
> After talking with people I see 2 issues.....
>
> 1/ The bug is being triggered when the incoming 'need frag' ICMP message
> doesn't have a suggested value.
If it comes from a FreeBSD box is certainly does have a suggested
value but tcpdump does not show it. We need to know what it put
in there to be able to figure out what is going wrong.
> This ICMP message is being generated by 'stealth.sorbs.net' which is a
> FreeBSD 5.3 p9 server running FAST_IPSEC (no crypto card yet - waiting
> for delivery), and otherwise pretty standard kernel. As for fast forwarding:
>
> net.inet.ip.fastforwarding: 0
That's fine.
> 2/ The bug itself is also a problem, as it cannot be guarenteed that the
> host returning the ICMP 'need frag' will fill in a suggested mtu, so
> that also needs to be looked at (but I guess you know that already ;-))
I'm testing a fix right now. Unfortunatly the whole situation is a lot
more complex than thought at first. While stepping through the code
I found some other incorrect assumptions.
--
Andre
More information about the freebsd-current
mailing list