From owner-freebsd-net@FreeBSD.ORG Mon Dec 5 15:50:32 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A443416A41F for ; Mon, 5 Dec 2005 15:50:32 +0000 (GMT) (envelope-from saurin@dcs.gla.ac.uk) Received: from mr1.dcs.gla.ac.uk (mr1.dcs.gla.ac.uk [130.209.249.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3348043D60 for ; Mon, 5 Dec 2005 15:50:32 +0000 (GMT) (envelope-from saurin@dcs.gla.ac.uk) Received: from ex1.ad.dcs.gla.ac.uk ([130.209.249.157]:31756) by mr1.dcs.gla.ac.uk with esmtp (Exim 4.42) id 1EjIbn-0001fk-4R; Mon, 05 Dec 2005 15:50:31 +0000 Received: from [130.209.254.20] ([130.209.254.20]) by ex1.ad.dcs.gla.ac.uk over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Mon, 5 Dec 2005 15:50:31 +0000 In-Reply-To: <4394518C.1030104@fromley.net> References: <79336124-B4D5-43A3-88D2-9FE0D4A4D120@dcs.gla.ac.uk> <4394518C.1030104@fromley.net> Mime-Version: 1.0 (Apple Message framework v746.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <88B4FA57-0A01-410C-9DCF-67E1F23DD827@dcs.gla.ac.uk> Content-Transfer-Encoding: 7bit From: Alvaro Saurin Date: Mon, 5 Dec 2005 15:56:44 +0000 To: Spadge X-Mailer: Apple Mail (2.746.2) X-OriginalArrivalTime: 05 Dec 2005 15:50:31.0088 (UTC) FILETIME=[9EEF6B00:01C5F9B3] Cc: freebsd-net@freebsd.org Subject: Re: Dummynet and fragments X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2005 15:50:32 -0000 On 5 Dec 2005, at 14:41, Spadge wrote: > Alvaro Saurin wrote: > >> The problem comes here: if I 'ping' between these two machines, >> everything is fine, but if I 'ping' with a packet size of, ie, >> 2000, no packets arrive at the receiver. Does it have to do with >> fragmented packets? Do I have to include any other rule for >> dealing with fragments? > > 65100 0 0 deny log logamount 5000 ip from any to any frag > > Does this not effectively kill all frags? Are your unreceived > packets showing up in the log? And if not, are you sure that it's > BSD4 that's losing them, and not ubuntu3? > > Here's how my firewall handles frags: > > # Allow IP fragments to pass through > /sbin/ipfw add pass all from any to any frag > > You may also want to set up something similar to handle ICMP. > > I've not used dummynet pipes in ages, I wonder if setting a larger > queue would help with my disconnect problems, or whether I really > do just need to give up and reinstall the entire OS. Thank you, you're right, but adding something like 'pass all from any to any frag' does not put the IICMP packets through the dummynet pipe. I am not specially interested in 'ping's, but it happens the same for UDP traffic... The problem is that, if I put ICMP/UDP/etc traffic through a pipe, it doesn't work when packets are fragmented. And letting fragments out of the pipe does not improve things... Any idea? Thanks. Alvaro -- Alvaro Saurin