From owner-freebsd-hackers Thu Jun 8 0: 4:34 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from kbgroup.co.nz (gateway.kbgroup.co.nz [203.96.151.81]) by hub.freebsd.org (Postfix) with ESMTP id 5AC5437B510 for ; Thu, 8 Jun 2000 00:04:24 -0700 (PDT) (envelope-from dave.preece@kbgroup.co.nz) Received: from kb_exchange.kbgroup.co.nz ([202.202.203.10]) by gateway.kbgroup.co.nz with ESMTP id <115201>; Thu, 8 Jun 2000 19:21:59 +1200 Received: by internet.kbgroup.co.nz with Internet Mail Service (5.5.2650.21) id ; Thu, 8 Jun 2000 19:13:26 +1200 Message-ID: <67B808B0DD93D211ABEE0000B498356B02BC71@internet.kbgroup.co.nz> From: Dave Preece To: "Kenneth D. Merry" Cc: freebsd-hackers@freebsd.org Subject: RE: Path MTU discovery. MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Date: Thu, 8 Jun 2000 19:21:57 +1200 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > Just learning about this: I can see the advantages but does > anything use it? > > Sure, TCP uses it. > > TCP (at least in FreeBSD) sets the "don't frag" bit on all > its outgoing > packets. Good lord, so it does. Mental note, packet sniff before posting in future. So... thinking about what this means for firewalls and natd. If we block all incoming ICMP's across the firewall, it is quite possible that a server behind the firewall could completely fail to send packets to a client on a smaller MTU (modem user with MTU set to 576, for instance). Likewise natd would need to look at an incoming ICMP and if it's a "can't fragment" message, address translate it and send it onwards back to the IP that caused the error to happen. Hmmmmm. I'll hit the books. Return to the temple of Mr Stevens. Dave :) BTW, NT appears to set the DF flag too. If you cared. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message