From owner-freebsd-net@FreeBSD.ORG Tue Dec 6 09:09:59 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9645516A41F for ; Tue, 6 Dec 2005 09:09:59 +0000 (GMT) (envelope-from xds@LanGame.Net) Received: from netmail.langame.net (netmail.langame.net [80.80.128.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB1BF43D6B for ; Tue, 6 Dec 2005 09:09:44 +0000 (GMT) (envelope-from xds@LanGame.Net) Received: (qmail 18258 invoked by uid 0); 6 Dec 2005 06:13:07 -0000 Received: from xds@LanGame.Net by netmail.langame.net by uid 0 with qmail-scanner-1.22 (clamdscan: 0.72. Clear:RC:1(80.80.128.68):. Processed in 0.040938 secs); 06 Dec 2005 06:13:07 -0000 X-Qmail-Scanner-Mail-From: xds@LanGame.Net via netmail.langame.net X-Qmail-Scanner: 1.22 (Clear:RC:1(80.80.128.68):. Processed in 0.040938 secs) Received: from unknown (HELO ?80.80.128.68?) (xds%langame.net@80.80.128.68) by netmail.langame.net with SMTP; 6 Dec 2005 06:13:07 -0000 Message-ID: <4395555C.90407@LanGame.Net> Date: Tue, 06 Dec 2005 11:09:48 +0200 From: Atanas Yankov User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050729) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Alvaro Saurin , freebsd-net@freebsd.org References: <79336124-B4D5-43A3-88D2-9FE0D4A4D120@dcs.gla.ac.uk> <4394518C.1030104@fromley.net> <88B4FA57-0A01-410C-9DCF-67E1F23DD827@dcs.gla.ac.uk> In-Reply-To: <88B4FA57-0A01-410C-9DCF-67E1F23DD827@dcs.gla.ac.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: Dummynet Broke fragmets in 5.x and 6.x X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Dec 2005 09:09:59 -0000 This problem exist in 5.x and 6.x implementations i wrote the email to luiggi for this problem but no answer yet , there is a problem with fragmented traffic that going throut pipes, dummynet whithout a problem change the ids of the framents and with this prevent reassembling of the fragments , this is true not only for icmp udp icmp its true for all ip traffic. br, CCNP Atanas Yankov Network Administrator AngelSoft Ltd. Alvaro Saurin wrote: > > On 5 Dec 2005, at 14:41, Spadge wrote: > >> Alvaro Saurin wrote: >> >>> The problem comes here: if I 'ping' between these two machines, >>> everything is fine, but if I 'ping' with a packet size of, ie, >>> 2000, no packets arrive at the receiver. Does it have to do with >>> fragmented packets? Do I have to include any other rule for >>> dealing with fragments? >> >> >> 65100 0 0 deny log logamount 5000 ip from any to any frag >> >> Does this not effectively kill all frags? Are your unreceived >> packets showing up in the log? And if not, are you sure that it's >> BSD4 that's losing them, and not ubuntu3? >> >> Here's how my firewall handles frags: >> >> # Allow IP fragments to pass through >> /sbin/ipfw add pass all from any to any frag >> >> You may also want to set up something similar to handle ICMP. >> >> I've not used dummynet pipes in ages, I wonder if setting a larger >> queue would help with my disconnect problems, or whether I really do >> just need to give up and reinstall the entire OS. > > > Thank you, you're right, but adding something like 'pass all from any > to any frag' does not put the IICMP packets through the dummynet > pipe. I am not specially interested in 'ping's, but it happens the > same for UDP traffic... > > The problem is that, if I put ICMP/UDP/etc traffic through a pipe, it > doesn't work when packets are fragmented. And letting fragments out > of the pipe does not improve things... > > Any idea? Thanks. > > Alvaro >