From owner-freebsd-net@FreeBSD.ORG Tue Dec 14 09:23:18 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 686DC16A4CE for ; Tue, 14 Dec 2004 09:23:18 +0000 (GMT) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id CF4F743D4C for ; Tue, 14 Dec 2004 09:23:16 +0000 (GMT) (envelope-from roam@ringlet.net) Received: (qmail 7573 invoked from network); 14 Dec 2004 09:23:10 -0000 Received: from unknown (HELO straylight.ringlet.net) (213.16.36.84) by gandalf.online.bg with SMTP; 14 Dec 2004 09:23:10 -0000 Received: (qmail 63175 invoked by uid 1000); 14 Dec 2004 09:23:13 -0000 Date: Tue, 14 Dec 2004 11:23:13 +0200 From: Peter Pentchev To: Gleb Smirnoff Message-ID: <20041214092313.GD3183@straylight.m.ringlet.net> References: <20041214080549.GC3183@straylight.m.ringlet.net> <20041214085310.GC42820@cell.sick.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="LTeJQqWS0MN7I/qa" Content-Disposition: inline In-Reply-To: <20041214085310.GC42820@cell.sick.ru> User-Agent: Mutt/1.5.6i cc: Darren Reed cc: freebsd-net@freebsd.org Subject: Re: IPFilter, mpd/Netgraph problems on RELENG_4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2004 09:23:18 -0000 --LTeJQqWS0MN7I/qa Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Dec 14, 2004 at 11:53:10AM +0300, Gleb Smirnoff wrote: > On Tue, Dec 14, 2004 at 10:05:50AM +0200, Peter Pentchev wrote: > P> I am seeing a lot of ICMP Must Fragment packets with incorrect ICMP > P> checksums on a RELENG_4 box which holds up 40-60 PPTP (mpd/Netgraph) V= PN > P> connections at any given time. The peer understandably ignores the IC= MP > P> packet with a bad checksum and never fragments the offending TCP packe= t, > P> effectively killing the connection after a while. > P>=20 > P> A major point is that I'm only seeing them on the interfaces NAT'ed by > P> ipnat. Is anybody else having trouble with ICMP checkums with IPFilter > P> 3.4.35 on a reasonably recent RELENG_4 box? > P>=20 > P> FreeBSD unnamed 4.10-STABLE FreeBSD 4.10-STABLE #1: Thu Dec 2 10:31:16= EET 2004 root@unnamed:/usr/obj/usr/src-bsd/4.0S/src/sys/UNNAMED i386 > P>=20 > P> drwxr-xr-x 2 root wheel 512 Dec 2 11:43 /var/db/pkg/mpd-3.18_2 >=20 > Peter, >=20 > does the problem disappear if you turn ipfilter off, and run natd on th= is > interface? it is not clear from your mail. We haven't actually tried it with natd. This is one of the possibilities that we may certainly try, though. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@cnsys.bg roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence is false. --LTeJQqWS0MN7I/qa Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBvrEB7Ri2jRYZRVMRAj8oAKCX6oNOVK9nyMcH1QN88LgcCCd6tACdF8Av N77F1v6FMJ7hVWuQiaYDHO4= =SbiD -----END PGP SIGNATURE----- --LTeJQqWS0MN7I/qa--