From owner-freebsd-net@FreeBSD.ORG  Mon Mar 31 02:23:22 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2E9B337B401
	for <freebsd-net@freebsd.org>; Mon, 31 Mar 2003 02:23:22 -0800 (PST)
Received: from mail.1system.ru (ns.1system.ru [62.205.190.14])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9426B43F93
	for <freebsd-net@freebsd.org>; Mon, 31 Mar 2003 02:23:21 -0800 (PST)
	(envelope-from null@mail.1system.ru)
Received: by mail.1system.ru (Postfix, from userid 1001)
	id C9C1149814; Mon, 31 Mar 2003 14:26:58 +0400 (MSD)
Date: Mon, 31 Mar 2003 14:26:58 +0400
From: "Dennis S. Davidoff" <null@1system.ru>
To: freebsd-net <freebsd-net@freebsd.org>
Message-ID: <20030331102658.GA66056@mail.1system.ru>
Mail-Followup-To: freebsd-net <freebsd-net@freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
User-Agent: Mutt/1.4i
Subject: Need to frag (DF) :)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: null@1system.ru
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Mar 2003 10:23:23 -0000

Hi all.

After successful authorization and setting tunnel by mpd I've got a
problem with packet fragmentation. 

rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
		net 172.16.1.2 netmask 0xffffff00 broadcast 172.16.1.255
		ether 00:02:44:2e:35:da
		media: Ethernet autoselect (100baseTX <full-duplex>)
		status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
		inet 172.16.0.1 netmask 0xffffff00 broadcast 172.16.0.255
		ether 00:10:dc:06:e8:91
		media: Ethernet autoselect (100baseTX <full-duplex>)
		status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
		inet 127.0.0.1 netmask 0xff000000
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1392
        inet 10.0.0.1 --> 10.0.0.2 netmask 0xffffffff

As you can see, mtu is 1392. So any attempt to open big content from
site or download a big file will fail. tcpdump shows:

14:13:09.876867 172.16.1.2 > 217.106.231.104: icmp: 192.168.0.168
unreachable - need to frag (mtu 1392) (DF)
...and so on.

Also I'll trying to test my gateway like that:
C:\Documents and Settings\null>ping -f -l 1500 172.16.0.1

Pinging 172.16.0.1 with 1500 bytes of data:

Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

Ping statistics for 172.16.0.1:
	Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C

Someone from obsd tells me that in obsd pf it could be solved by the rule:
scrub in all no-df fragment reassemble
...which defragments all packets and removes DF flag (i guess)

P.S. On my gateway I have an ipfw rule that allows any icmp type.

Thanks for any advices.

-- 
Sincerely,
Dennis