From owner-freebsd-net@FreeBSD.ORG  Sun May 22 20:17:50 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@FreeBSD.org
Delivered-To: freebsd-net@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 76FD416A41C
	for <freebsd-net@FreeBSD.org>; Sun, 22 May 2005 20:17:50 +0000 (GMT)
	(envelope-from tataz@tataz.chchile.org)
Received: from postfix4-2.free.fr (postfix4-2.free.fr [213.228.0.176])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DAC9443D1F
	for <freebsd-net@FreeBSD.org>; Sun, 22 May 2005 20:17:49 +0000 (GMT)
	(envelope-from tataz@tataz.chchile.org)
Received: from tatooine.tataz.chchile.org
	(vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98])
	by postfix4-2.free.fr (Postfix) with ESMTP id BB19F31D8F1
	for <freebsd-net@FreeBSD.org>; Sun, 22 May 2005 22:17:47 +0200 (CEST)
Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000)
	id 18F494080; Sun, 22 May 2005 22:17:49 +0200 (CEST)
Date: Sun, 22 May 2005 22:17:49 +0200
From: Jeremie Le Hen <jeremie@le-hen.org>
To: freebsd-net@FreeBSD.org
Message-ID: <20050522201748.GJ850@obiwan.tataz.chchile.org>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="7ZAtKRhVyVSsbBD2"
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
Cc: 
Subject: ICMP need to frag
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 22 May 2005 20:17:50 -0000


--7ZAtKRhVyVSsbBD2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

I try to connect to my RELENG_5 box through an IPsec tunnel whose MTU
is 1260.

CURRENT  -------- [[ RELENG_5 ------- RELENG_4 ]] -------- RELENG_5
(client) Ethernet              IPSec              Ethernet (server)
          (1500)               (1260)              (1500)


The attached tcpdump trace comes from the Ethernet side of the RELENG_4
router.  I simply don't understand why the RELENG_5 ssh server doesn't
take care of the ICMP need to frag packet.
FYI, this trace is a screen reattachement through ssh which hangs during
the screen refresh.  After about ten seconds, I broke the ssh session
with ~. .

Advices are welcome :-).
Thanks.

Regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >

--7ZAtKRhVyVSsbBD2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=tcpdump

21:36:32.956062 192.168.4.205.49583 > 192.168.1.222.22222: S [tcp sum ok] 894016321:894016321(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 2089955 0,sackOK,eol> (DF) (ttl 62, id 20835, len 64)
21:36:32.956359 192.168.1.222.22222 > 192.168.4.205.49583: S [tcp sum ok] 4232817296:4232817296(0) ack 894016322 win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 13199273 2089955,nop,nop,sackOK> (DF) (ttl 64, id 40505, len 64)
21:36:33.022800 192.168.4.205.49583 > 192.168.1.222.22222: . [tcp sum ok] ack 1 win 33304 <nop,nop,timestamp 2090022 13199273> (DF) (ttl 62, id 7512, len 52)
21:36:33.026219 192.168.1.222.22222 > 192.168.4.205.49583: P 1:42(41) ack 1 win 33304 <nop,nop,timestamp 13199280 2090022> (DF) (ttl 64, id 12375, len 93)
21:36:33.074338 192.168.4.205.49583 > 192.168.1.222.22222: P 1:40(39) ack 42 win 33304 <nop,nop,timestamp 2090073 13199280> (DF) (ttl 62, id 63234, len 91)
21:36:33.078374 192.168.1.222.22222 > 192.168.4.205.49583: P 42:642(600) ack 40 win 33304 <nop,nop,timestamp 13199286 2090073> (DF) (ttl 64, id 31837, len 652)
21:36:33.146521 192.168.4.205.49583 > 192.168.1.222.22222: P 40:672(632) ack 642 win 33004 <nop,nop,timestamp 2090138 13199286> (DF) (ttl 62, id 50720, len 684)
21:36:33.246659 192.168.1.222.22222 > 192.168.4.205.49583: . [tcp sum ok] ack 672 win 33304 <nop,nop,timestamp 13199303 2090138> (DF) (ttl 64, id 10111, len 52)
21:36:33.312116 192.168.4.205.49583 > 192.168.1.222.22222: P [tcp sum ok] 672:696(24) ack 642 win 33304 <nop,nop,timestamp 2090311 13199303> (DF) (ttl 62, id 49967, len 76)
21:36:33.317549 192.168.1.222.22222 > 192.168.4.205.49583: P 642:794(152) ack 696 win 33304 <nop,nop,timestamp 13199310 2090311> (DF) (ttl 64, id 37707, len 204)
21:36:33.403655 192.168.4.205.49583 > 192.168.1.222.22222: P 696:840(144) ack 794 win 33304 <nop,nop,timestamp 2090401 13199310> (DF) (ttl 62, id 8742, len 196)
21:36:33.414546 192.168.1.222.22222 > 192.168.4.205.49583: P 794:1450(656) ack 840 win 33304 <nop,nop,timestamp 13199319 2090401> (DF) (ttl 64, id 64355, len 708)
21:36:33.487303 192.168.4.205.49583 > 192.168.1.222.22222: P [tcp sum ok] 840:856(16) ack 1450 win 33304 <nop,nop,timestamp 2090486 13199319> (DF) (ttl 62, id 39201, len 68)
21:36:33.586646 192.168.1.222.22222 > 192.168.4.205.49583: . [tcp sum ok] ack 856 win 33304 <nop,nop,timestamp 13199337 2090486> (DF) (ttl 64, id 62491, len 52)
21:36:33.652541 192.168.4.205.49583 > 192.168.1.222.22222: P 856:904(48) ack 1450 win 33304 <nop,nop,timestamp 2090651 13199337> (DF) (ttl 62, id 34677, len 100)
21:36:33.652915 192.168.1.222.22222 > 192.168.4.205.49583: P 1450:1498(48) ack 904 win 33304 <nop,nop,timestamp 13199343 2090651> (DF) (ttl 64, id 53777, len 100)
21:36:33.714913 192.168.4.205.49583 > 192.168.1.222.22222: P 904:968(64) ack 1498 win 33304 <nop,nop,timestamp 2090713 13199343> (DF) (ttl 62, id 17208, len 116)
21:36:33.723843 192.168.1.222.22222 > 192.168.4.205.49583: P 1498:1562(64) ack 968 win 33304 <nop,nop,timestamp 13199350 2090713> (DF) (ttl 64, id 30315, len 116)
21:36:33.783353 192.168.4.205.49583 > 192.168.1.222.22222: P 968:1496(528) ack 1562 win 33304 <nop,nop,timestamp 2090776 13199350> (DF) (ttl 62, id 39754, len 580)
21:36:33.785714 192.168.1.222.22222 > 192.168.4.205.49583: P 1562:2042(480) ack 1496 win 33304 <nop,nop,timestamp 13199356 2090776> (DF) (ttl 64, id 82, len 532)
21:36:33.847665 192.168.4.205.49583 > 192.168.1.222.22222: P 1496:2072(576) ack 2042 win 33304 <nop,nop,timestamp 2090839 13199356> (DF) (ttl 62, id 16734, len 628)
21:36:33.866840 192.168.1.222.22222 > 192.168.4.205.49583: P 2042:2074(32) ack 2072 win 33304 <nop,nop,timestamp 13199365 2090839> (DF) (ttl 64, id 22114, len 84)
21:36:33.953365 192.168.4.205.49583 > 192.168.1.222.22222: P 2072:2136(64) ack 2074 win 33304 <nop,nop,timestamp 2090952 13199365> (DF) (ttl 62, id 63747, len 116)
21:36:33.954155 192.168.1.222.22222 > 192.168.4.205.49583: P 2074:2122(48) ack 2136 win 33304 <nop,nop,timestamp 13199373 2090952> (DF) (ttl 64, id 59449, len 100)
21:36:34.029129 192.168.4.205.49583 > 192.168.1.222.22222: P 2136:2536(400) ack 2122 win 33304 <nop,nop,timestamp 2091023 13199373> (DF) [tos 0x10]  (ttl 62, id 14861, len 452)
21:36:34.033871 192.168.1.222.22222 > 192.168.4.205.49583: P 2122:2170(48) ack 2536 win 33304 <nop,nop,timestamp 13199381 2091023> (DF) [tos 0x10]  (ttl 64, id 33133, len 100)
21:36:34.076084 192.168.1.222.22222 > 192.168.4.205.49583: P 2170:2218(48) ack 2536 win 33304 <nop,nop,timestamp 13199385 2091023> (DF) [tos 0x10]  (ttl 64, id 9735, len 100)
21:36:34.082093 192.168.1.222.22222 > 192.168.4.205.49583: P 2218:2778(560) ack 2536 win 33304 <nop,nop,timestamp 13199386 2091023> (DF) [tos 0x10]  (ttl 64, id 3421, len 612)
21:36:34.082277 192.168.1.222.22222 > 192.168.4.205.49583: P 2778:3338(560) ack 2536 win 33304 <nop,nop,timestamp 13199386 2091023> (DF) [tos 0x10]  (ttl 64, id 1283, len 612)
21:36:34.082498 192.168.1.222.22222 > 192.168.4.205.49583: P 3338:3898(560) ack 2536 win 33304 <nop,nop,timestamp 13199386 2091023> (DF) [tos 0x10]  (ttl 64, id 44070, len 612)
21:36:34.082558 192.168.1.222.22222 > 192.168.4.205.49583: P 3898:4458(560) ack 2536 win 33304 <nop,nop,timestamp 13199386 2091023> (DF) [tos 0x10]  (ttl 64, id 31093, len 612)
21:36:34.082644 192.168.1.222.22222 > 192.168.4.205.49583: P 4458:4762(304) ack 2536 win 33304 <nop,nop,timestamp 13199386 2091023> (DF) [tos 0x10]  (ttl 64, id 21000, len 356)
21:36:34.082849 192.168.1.222.22222 > 192.168.4.205.49583: P 4762:5322(560) ack 2536 win 33304 <nop,nop,timestamp 13199386 2091023> (DF) [tos 0x10]  (ttl 64, id 26489, len 612)
21:36:34.083013 192.168.1.222.22222 > 192.168.4.205.49583: P 5322:5882(560) ack 2536 win 33304 <nop,nop,timestamp 13199386 2091023> (DF) [tos 0x10]  (ttl 64, id 42545, len 612)
21:36:34.083206 192.168.1.222.22222 > 192.168.4.205.49583: P 5882:6186(304) ack 2536 win 33304 <nop,nop,timestamp 13199386 2091023> (DF) [tos 0x10]  (ttl 64, id 35121, len 356)
21:36:34.084132 192.168.1.222.22222 > 192.168.4.205.49583: P 6186:6746(560) ack 2536 win 33304 <nop,nop,timestamp 13199386 2091023> (DF) [tos 0x10]  (ttl 64, id 10853, len 612)
21:36:34.084301 192.168.1.222.22222 > 192.168.4.205.49583: P 6746:7306(560) ack 2536 win 33304 <nop,nop,timestamp 13199386 2091023> (DF) [tos 0x10]  (ttl 64, id 15741, len 612)
21:36:34.084442 192.168.1.222.22222 > 192.168.4.205.49583: P 7306:7866(560) ack 2536 win 33304 <nop,nop,timestamp 13199386 2091023> (DF) [tos 0x10]  (ttl 64, id 11118, len 612)
21:36:34.084530 192.168.1.222.22222 > 192.168.4.205.49583: P 7866:8170(304) ack 2536 win 33304 <nop,nop,timestamp 13199386 2091023> (DF) [tos 0x10]  (ttl 64, id 8710, len 356)
21:36:34.085301 192.168.1.222.22222 > 192.168.4.205.49583: P 8170:8730(560) ack 2536 win 33304 <nop,nop,timestamp 13199386 2091023> (DF) [tos 0x10]  (ttl 64, id 44403, len 612)
21:36:34.085356 192.168.1.222.22222 > 192.168.4.205.49583: P 8730:9290(560) ack 2536 win 33304 <nop,nop,timestamp 13199386 2091023> (DF) [tos 0x10]  (ttl 64, id 9562, len 612)
21:36:34.146233 192.168.4.205.49583 > 192.168.1.222.22222: . [tcp sum ok] ack 2218 win 33280 <nop,nop,timestamp 2091146 13199381> (DF) [tos 0x10]  (ttl 62, id 7984, len 52)
21:36:34.160008 192.168.4.205.49583 > 192.168.1.222.22222: . [tcp sum ok] ack 3338 win 33024 <nop,nop,timestamp 2091159 13199386> (DF) [tos 0x10]  (ttl 62, id 57938, len 52)
21:36:34.160390 192.168.1.222.22222 > 192.168.4.205.49583: . 9290:10738(1448) ack 2536 win 33304 <nop,nop,timestamp 13199394 2091159> (DF) [tos 0x10]  (ttl 64, id 47433, len 1500)
21:36:34.160572 192.168.1.1 > 192.168.1.222: icmp: 192.168.4.205 unreachable - need to frag (mtu 1280) (DF) (ttl 64, id 7750, len 56)
21:36:34.172578 192.168.4.205.49583 > 192.168.1.222.22222: . [tcp sum ok] ack 4458 win 33024 <nop,nop,timestamp 2091172 13199386> (DF) [tos 0x10]  (ttl 62, id 49724, len 52)
21:36:34.172841 192.168.1.222.22222 > 192.168.4.205.49583: P 10738:11386(648) ack 2536 win 33304 <nop,nop,timestamp 13199395 2091172> (DF) [tos 0x10]  (ttl 64, id 38939, len 700)
21:36:34.182182 192.168.4.205.49583 > 192.168.1.222.22222: . [tcp sum ok] ack 5322 win 33024 <nop,nop,timestamp 2091182 13199386> (DF) [tos 0x10]  (ttl 62, id 42, len 52)
21:36:34.192065 192.168.4.205.49583 > 192.168.1.222.22222: . [tcp sum ok] ack 6186 win 33152 <nop,nop,timestamp 2091191 13199386> (DF) [tos 0x10]  (ttl 62, id 50264, len 52)
21:36:34.204837 192.168.4.205.49583 > 192.168.1.222.22222: . [tcp sum ok] ack 7306 win 33024 <nop,nop,timestamp 2091204 13199386> (DF) [tos 0x10]  (ttl 62, id 10261, len 52)
21:36:34.214795 192.168.4.205.49583 > 192.168.1.222.22222: . [tcp sum ok] ack 8170 win 33152 <nop,nop,timestamp 2091214 13199386> (DF) [tos 0x10]  (ttl 62, id 23868, len 52)
21:36:34.227436 192.168.4.205.49583 > 192.168.1.222.22222: . [tcp sum ok] ack 9290 win 33024 <nop,nop,timestamp 2091226 13199386> (DF) [tos 0x10]  (ttl 62, id 33359, len 52)
21:36:34.260796 192.168.4.205.49583 > 192.168.1.222.22222: . [tcp sum ok] ack 9290 win 33304 <nop,nop,timestamp 2091258 13199386,nop,nop,sack sack 1 {10738:11386} > (DF) [tos 0x10]  (ttl 62, id 45065, len 64)
21:36:34.646893 192.168.1.222.22222 > 192.168.4.205.49583: . 9290:10738(1448) ack 2536 win 33304 <nop,nop,timestamp 13199443 2091258> (DF) [tos 0x10]  (ttl 64, id 4163, len 1500)
21:36:34.647097 192.168.1.1 > 192.168.1.222: icmp: 192.168.4.205 unreachable - need to frag (mtu 1280) (DF) (ttl 64, id 41082, len 56)
21:36:35.286923 192.168.1.222.22222 > 192.168.4.205.49583: . 9290:10738(1448) ack 2536 win 33304 <nop,nop,timestamp 13199507 2091258> (DF) [tos 0x10]  (ttl 64, id 16245, len 1500)
21:36:35.287123 192.168.1.1 > 192.168.1.222: icmp: 192.168.4.205 unreachable - need to frag (mtu 1280) (DF) (ttl 64, id 62739, len 56)
21:36:36.367102 192.168.1.222.22222 > 192.168.4.205.49583: . 9290:10738(1448) ack 2536 win 33304 <nop,nop,timestamp 13199615 2091258> (DF) [tos 0x10]  (ttl 64, id 63541, len 1500)
21:36:36.367417 192.168.1.1 > 192.168.1.222: icmp: 192.168.4.205 unreachable - need to frag (mtu 1280) (DF) (ttl 64, id 64556, len 56)
21:36:38.326892 192.168.1.222.22222 > 192.168.4.205.49583: . 9290:10738(1448) ack 2536 win 33304 <nop,nop,timestamp 13199811 2091258> (DF) [tos 0x10]  (ttl 64, id 51048, len 1500)
21:36:38.327099 192.168.1.1 > 192.168.1.222: icmp: 192.168.4.205 unreachable - need to frag (mtu 1280) (DF) (ttl 64, id 57181, len 56)
21:36:51.158423 192.168.4.205.49583 > 192.168.1.222.22222: F [tcp sum ok] 2536:2536(0) ack 9290 win 33304 <nop,nop,timestamp 2098158 13199386,nop,nop,sack sack 1 {10738:11386} > (DF) [tos 0x10]  (ttl 62, id 53795, len 64)
21:36:51.550391 192.168.4.205.49583 > 192.168.1.222.22222: F [tcp sum ok] 2536:2536(0) ack 9290 win 33304 <nop,nop,timestamp 2098550 13199386,nop,nop,sack sack 1 {10738:11386} > (DF) [tos 0x10]  (ttl 62, id 19270, len 64)
21:36:52.046839 192.168.1.222.22222 > 192.168.4.205.49583: . 9290:10738(1448) ack 2536 win 33304 <nop,nop,timestamp 13200183 2098550> (DF) [tos 0x10]  (ttl 64, id 62304, len 1500)
21:36:52.047052 192.168.1.1 > 192.168.1.222: icmp: 192.168.4.205 unreachable - need to frag (mtu 1280) (DF) (ttl 64, id 42608, len 56)
21:36:52.134031 192.168.4.205.49583 > 192.168.1.222.22222: F [tcp sum ok] 2536:2536(0) ack 9290 win 33304 <nop,nop,timestamp 2099134 13199386,nop,nop,sack sack 1 {10738:11386} > (DF) [tos 0x10]  (ttl 62, id 64268, len 64)
21:36:53.101780 192.168.4.205.49583 > 192.168.1.222.22222: F [tcp sum ok] 2536:2536(0) ack 9290 win 33304 <nop,nop,timestamp 2100102 13199386,nop,nop,sack sack 1 {10738:11386} > (DF) [tos 0x10]  (ttl 62, id 36677, len 64)
21:36:54.838137 192.168.4.205.49583 > 192.168.1.222.22222: F [tcp sum ok] 2536:2536(0) ack 9290 win 33304 <nop,nop,timestamp 2101838 13199386,nop,nop,sack sack 1 {10738:11386} > (DF) [tos 0x10]  (ttl 62, id 1287, len 64)
21:36:54.838559 192.168.1.222.22222 > 192.168.4.205.49583: . 9290:10738(1448) ack 2536 win 33304 <nop,nop,timestamp 13200462 2101838> (DF) [tos 0x10]  (ttl 64, id 7692, len 1500)
21:36:54.838740 192.168.1.1 > 192.168.1.222: icmp: 192.168.4.205 unreachable - need to frag (mtu 1280) (DF) (ttl 64, id 61241, len 56)
21:36:58.110409 192.168.4.205.49583 > 192.168.1.222.22222: F [tcp sum ok] 2536:2536(0) ack 9290 win 33304 <nop,nop,timestamp 2105110 13199386,nop,nop,sack sack 1 {10738:11386} > (DF) [tos 0x10]  (ttl 62, id 31752, len 64)
21:36:58.110745 192.168.1.222.22222 > 192.168.4.205.49583: P 11386:11530(144) ack 2536 win 33304 <nop,nop,timestamp 13200789 2105110> (DF) [tos 0x10]  (ttl 64, id 26385, len 196)
21:36:58.173931 192.168.4.205.49583 > 192.168.1.222.22222: R [tcp sum ok] 894018857:894018857(0) win 0 (DF) (ttl 62, id 36985, len 40)

--7ZAtKRhVyVSsbBD2--