From owner-freebsd-net@FreeBSD.ORG Wed Feb 14 11:07:16 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EF92216A420 for ; Wed, 14 Feb 2007 11:07:16 +0000 (UTC) (envelope-from tom@tomjudge.com) Received: from s200aog12.obsmtp.com (s200aog12.obsmtp.com [207.126.144.126]) by mx1.freebsd.org (Postfix) with SMTP id 3D48E13C4B6 for ; Wed, 14 Feb 2007 11:07:16 +0000 (UTC) (envelope-from tom@tomjudge.com) Received: from source ([217.206.187.80]) by eu1sys200aob012.postini.com ([207.126.147.11]) with SMTP; Wed, 14 Feb 2007 11:07:15 UTC Received: from [10.0.0.79] (bwb.mintel.co.uk [10.0.0.79]) by rodney.mintel.co.uk (Postfix) with ESMTP id C5432181429; Wed, 14 Feb 2007 10:48:59 +0000 (GMT) Message-ID: <45D2E894.4090404@tomjudge.com> Date: Wed, 14 Feb 2007 10:46:44 +0000 From: Tom Judge User-Agent: Thunderbird 1.5.0.9 (X11/20070104) MIME-Version: 1.0 To: Stephen.Clark@seclark.us References: <45D1E669.30402@seclark.us> In-Reply-To: <45D1E669.30402@seclark.us> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: pmtud problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2007 11:07:17 -0000 Stephen Clark wrote: > Hello List, > > We have a setup that looks like the following. > > pc <-ethernet-> freebsd 4.9 <-pppoe-> internet <-ethernet-> freebsd 6.1 > on the freebsd box we have a gre tunnel with a mtu of 1420 feeding into a > gif vpn tunnel with a mtu of 1280 ( I know this dumb but it the default > value when you create a gif ) > feeding into a tun0 with a mtu of 1492. > > What we see is the packet never makes it to the freebsd 6.1 system. > > if the pc sends a packet of 1460 bytes with the DF bit set shouldn't the > freebsd 4.9 system > send back an icmp dest unreachable - fragmentation needed and DF bit set? > $ sysctl -a | grep mtu > net.inet.tcp.path_mtu_discovery: 1 > > Now if I change the mtu of the gre to 1412 everything works. > > Any insight would be appreciated. > > Thanks, > Steve Are you using IPSEC on your gif interface? If so there is a bug in 6.1 where the IPSEC code that is responsible for populating the ICMP packet fields (Fragmentation needed and the MTU hint) fails to set the MTU hint in the icmp packet. The problem is fixed in 6.2 and it is a very simple patch for 6.1. Please see the link for the discussion on this problem back in november. http://groups.google.ms/group/muc.lists.freebsd.hackers/browse_thread/thread/bff95bd13d700fde/51a27f0d0c42ee92 Regards Tom J