From owner-freebsd-net@FreeBSD.ORG Mon Sep 27 10:36:52 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3B1C16A4CE; Mon, 27 Sep 2004 10:36:52 +0000 (GMT) Received: from gw.Awfulhak.org (awfulhak.demon.co.uk [80.177.173.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id DBE7843D2F; Mon, 27 Sep 2004 10:36:51 +0000 (GMT) (envelope-from brian@Awfulhak.org) Received: from dev.lan.Awfulhak.org (brian@dev.lan.Awfulhak.org [172.16.0.5]) by gw.Awfulhak.org (8.13.1/8.13.1) with SMTP id i8RAaQuJ015277; Mon, 27 Sep 2004 11:36:26 +0100 (BST) (envelope-from brian@Awfulhak.org) Date: Mon, 27 Sep 2004 11:36:24 +0100 From: Brian Somers To: freebsd-net@FreeBSD.org Message-ID: <20040927113624.4a342952@dev.lan.Awfulhak.org> X-Mailer: Sylpheed-Claws 0.9.12a (GTK+ 1.2.10; i386-portbld-freebsd6.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on gw.lan.Awfulhak.org cc: Andre Opperman Subject: ICMP_UNREACH_NEEDFRAG broken in -current X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Sep 2004 10:36:52 -0000 It seems that the code to handle ICMP_UNREACH_NEEDFRAG is broken in -current, although it doesn't seem broken in RELENG_5 - which is odd as the code in ip_icmp.c looks the same :( I have a fairly standard scenario: - 172.16.10.201/24 -| [route add 172.16.0.0/24 172.16.10.212] | | |--- 172.16.10.212/24 - | 194.242.157.46/28 ---| - | | - 80.177.173.150/32 ---| |--- 172.16.0.1/24 - | 172.16.0.5/24 -| [route add default 172.16.0.1] - The outside network segment is an IPSEC configuration with gif interfaces on the endpoints, and an MTU of 1280. Internal network MTUs are 1500. 172.16.0.5 is running -current, everything else is running RELENG_5. When I send tcp traffic from 172.16.0.5 -> 172.16.10.201 the link dies. 172.16.0.5 sees the ICMP-must-fragment messages coming back from 172.16.0.1, but continues to use the default route with an MTU of 1500. On 172.16.0.5, ``route add 172.16.10.0/24 172.16.0.1 -mtu 1280'' fixes the problem (traffic flows ok *both* ways), although 172.16.10.201 still looks broken (route get -n 172.16.0.5 says the mtu is 1500!!). The problem seems to be in netinet/ip_icmp.c where ntohs(icp->icmp_nextmtu) has a value of zero: mtu = ntohs(icp->icmp_nextmtu); if (!mtu) mtu = ip_next_mtu(mtu, 1); which returns another zero and nothing interesting happens (cvs blame says Andre (cc'd) last touched these lines, but I don't think the problem came from that change!). So what's it supposed to do? I would suspect it should be getting a route to icmpsrc, cloning it if it's not a host route, then setting the route mtu to ip_next_mtu(rt->rt_rmx.rmx_mtu, 1). Comments/suggestions/flames? -- Brian Don't _EVER_ lose your sense of humour !