Path MTU Problem
Sergey
_lion_2000 at mail.ru
Thu Mar 6 23:48:03 PST 2008
alright, i found who changing packets - it's cisco PIX
# tcpdump -s 0 -nveXi stge1 icmp and host 10.23.0.241
tcpdump: WARNING: stge1: no IPv4 address assigned
tcpdump: listening on stge1, link-type EN10MB (Ethernet), capture size 65535
bytes
this is packet from router with lower mtu just before PIX
10:32:54.775244 00:1c:f6:2e:4b:6f > 00:1d:45:21:a6:51, ethertype IPv4
(0x0800), length 70: (tos 0x0, ttl 255, id 18463, offset 0, flags [none],
proto: ICMP (1), length: 56) 10.23.5.3 > 10.23.0.241: ICMP 10.35.1.3
unreachable - need to frag (mtu 1280), length 36
(tos 0x8, ttl 61, id 2080, offset 0, flags [DF], proto: TCP (6),
length: 1420) 10.23.0.241.22 > 10.35.1.3.64856: tcp 1384 [bad hdr length 16
- too short, < 20]
0x0000: 4500 0038 481f 0000 ff01 5984 0a17 0503 E..8H.....Y.....
0x0010: 0a17 00f1 0304 bdf6 0000 0500 4508 058c ............E...
0x0020: 0820 4000 3d06 1a17 0a17 00f1 0a23 0103 .. at .=........#..
0x0030: 0016 fd58 2723 1573 ...X'#.s
--------------------------^^^^^^^^^^^
note the bytes
and this is the same packet _after_ PIX
10:32:54.775492 00:1d:45:21:a6:52 > 00:1b:78:e3:c7:66, ethertype IPv4
(0x0800), length 70: (tos 0x0, ttl 255, id 18463, offset 0, flags [none],
proto: ICMP (1), length: 56) 10.23.5.3 > 10.23.0.241: ICMP 10.35.1.3
unreachable - need to frag (mtu 1280), length 36
(tos 0x8, ttl 61, id 2080, offset 0, flags [DF], proto: TCP (6),
length: 1420) 10.23.0.241.22 > 10.35.1.3.64856: tcp 1400 [bad hdr length 0
- too short, < 20]
0x0000: 4500 0038 481f 0000 ff01 5984 0a17 0503 E..8H.....Y.....
0x0010: 0a17 00f1 0304 a065 0000 0500 4508 058c .......e....E...
0x0020: 0820 4000 3d06 1a17 0a17 00f1 0a23 0103 .. at .=........#..
0x0030: 0016 fd58 2e89 2b9e ...X..+.
---------------------------^^^^^^^^^
bytes changed
and it seems what FreeBSD takes into account not only IPs:Ports data of ICMP
FRAG packet, but also these four bytes of tcp header after is that RFC-style
behaviour? Who's violating RFC? PIX or BSD?
> -----Original Message-----
> From: owner-freebsd-net at freebsd.org
> [mailto:owner-freebsd-net at freebsd.org] On Behalf Of Sergey
> Sent: Friday, March 07, 2008 9:33 AM
> To: freebsd-net at freebsd.org
> Subject: RE: Path MTU Problem
>
> > > > here comes icmp frag packets. strange what sometimes
> > > tcpdump complains
> > > > about tcp header in icmp packet and sometimes not
>
> After looking more closely, if found something strange:
>
> here is part of tcp header of first large packet:
>
> 10:32:04.610317 IP (tos 0x8, ttl 64, id 1208, offset 0,
> flags [DF], proto:
> TCP (6), length: 1420) 10.23.0.241.22 > 10.35.1.3.60122: .
> 2064:3432(1368) ack 1666 win 32832 <nop,nop,timestamp
> 38279810 48942931>
> 0x0000: 4508 058c 04b8 4000 4006 1a7f 0a17 00f1
> E..... at .@.......
> 0x0010: 0a23 0103 0016 eada 5c06 97bb 6284 63e5
> .#......\...b.c.
> take note of numbers after
> port numbers:------------------------^^^^^^^^^
>
> And now look at bytes in ICMP packet:
>
> 10:32:04.612895 IP (tos 0x0, ttl 254, id 15170, offset 0,
> flags [none],
> proto: ICMP (1), length: 56) 10.23.5.3 > 10.23.0.241: ICMP
> 10.35.1.3 unreachable - need to frag (mtu 1280), length 36
> IP (tos 0x8, ttl 61, id 1208, offset 0, flags [DF],
> proto: TCP (6),
> length: 1420) 10.23.0.241.22 > 10.35.1.3.60122: tcp 1396
> [bad hdr length 4
> - too short, < 20]
> 0x0000: 4500 0038 3b42 0000 fe01 6761 0a17 0503
> E..8;B....ga....
> 0x0010: 0a17 00f1 0304 479f 0000 0500 4508 058c
> ......G.....E...
> 0x0020: 04b8 4000 3d06 1d7f 0a17 00f1 0a23 0103
> .. at .=........#..
> 0x0030: 0016 eada c207 0364 .......d
> here:----------------------^^^^^^^^^
>
> Can they be different? Are they taken into account when doing
> PathMTU ?
>
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
More information about the freebsd-net
mailing list