5.x can ping 25152 bytes but not 25153
rwatson at freebsd.org
Sat Jan 8 16:33:17 PST 2005
On Sat, 8 Jan 2005, Jay Teutenberg wrote:
> We are up against an interesting problem.
> We have several FBSD servers, the ones that are 5.x do not seem to be
> able to respond to pings larger than 25152, but 4.x kernels can.
> We are getting I/O errors from sendmail and want to make sure our
> networking is ok. We have tried swapping cables, ports in the cisco cat
> 2912, swapped 3com905's, no luck.
> Thanks all, my apologies if this is a bikeshed, I did my best to
> research it. Found some postings in this group last year where someone
> mentions this phenomena, but no fix or answer was offered.
This is probably due to resource limits on the maximum number of fragments
that may be supported for an IP packet. You can take a look at the
fragment limits using sysctl:
If you increase maxfragsperpacket, you should be able to see FreeBSD
clients and servers handle ICMP pings larger in size. These resources
limits were put in place to address a widely observed denial of service
attack involving the delivery of many small fragments to hosts in a form
that prevents reassembly but consumes large amounts of memory and CPU.
Let me know if tweaking the above doesn't help, though!
Robert N M Watson
More information about the freebsd-questions