From owner-freebsd-net@FreeBSD.ORG Wed Feb 14 18:27:11 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2193916A402 for ; Wed, 14 Feb 2007 18:27:11 +0000 (UTC) (envelope-from Stephen.Clark@seclark.us) Received: from smtpauth03.prod.mesa1.secureserver.net (smtpauth03.prod.mesa1.secureserver.net [64.202.165.183]) by mx1.freebsd.org (Postfix) with SMTP id 88E2613C461 for ; Wed, 14 Feb 2007 18:27:08 +0000 (UTC) (envelope-from Stephen.Clark@seclark.us) Received: (qmail 18986 invoked from network); 14 Feb 2007 18:27:06 -0000 Received: from unknown (24.144.77.243) by smtpauth03-04.prod.mesa1.secureserver.net (64.202.165.183) with ESMTP; 14 Feb 2007 18:27:05 -0000 Message-ID: <45D35479.8010100@seclark.us> Date: Wed, 14 Feb 2007 13:27:05 -0500 From: Stephen Clark User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.16-22smp i686; en-US; m18) Gecko/20010110 Netscape6/6.5 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tom Judge References: <45D1E669.30402@seclark.us> <45D2E894.4090404@tomjudge.com> In-Reply-To: <45D2E894.4090404@tomjudge.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: pmtud problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Stephen.Clark@seclark.us List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2007 18:27:11 -0000 Tom Judge wrote: >Stephen Clark wrote: > > >>Hello List, >> >>We have a setup that looks like the following. >> >>pc <-ethernet-> freebsd 4.9 <-pppoe-> internet <-ethernet-> freebsd 6.1 >>on the freebsd box we have a gre tunnel with a mtu of 1420 feeding into a >>gif vpn tunnel with a mtu of 1280 ( I know this dumb but it the default >>value when you create a gif ) >>feeding into a tun0 with a mtu of 1492. >> >>What we see is the packet never makes it to the freebsd 6.1 system. >> >>if the pc sends a packet of 1460 bytes with the DF bit set shouldn't the >>freebsd 4.9 system >>send back an icmp dest unreachable - fragmentation needed and DF bit set? >>$ sysctl -a | grep mtu >>net.inet.tcp.path_mtu_discovery: 1 >> >>Now if I change the mtu of the gre to 1412 everything works. >> >>Any insight would be appreciated. >> >>Thanks, >>Steve >> >> > >Are you using IPSEC on your gif interface? If so there is a bug in 6.1 >where the IPSEC code that is responsible for populating the ICMP packet >fields (Fragmentation needed and the MTU hint) fails to set the MTU hint >in the icmp packet. The problem is fixed in 6.2 and it is a very simple >patch for 6.1. > >Please see the link for the discussion on this problem back in november. > >http://groups.google.ms/group/muc.lists.freebsd.hackers/browse_thread/thread/bff95bd13d700fde/51a27f0d0c42ee92 > >Regards > >Tom J > > > Hi Tom, Thanks I saw that when I was sending from the 6.1 side and was sort of supprised there was no mtu hint size. I'll get the patch and apply it. The real place I am seeing the problem is on the other side. Regards, Steve -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson)