From owner-freebsd-hackers  Mon Mar 22 15:18:37 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from boromir.vpop.net (dns1.vpop.net [206.117.147.2])
	by hub.freebsd.org (Postfix) with ESMTP id DCF0E1547F
	for <freebsd-hackers@freebsd.org>; Mon, 22 Mar 1999 15:18:20 -0800 (PST)
	(envelope-from mreimer@vpop.net)
Received: from vpop.net (timberdoodle41.customers.uswest.net [207.224.253.41])
	by boromir.vpop.net (8.9.1/8.9.1) with ESMTP id PAA00641;
	Mon, 22 Mar 1999 15:17:54 -0800 (PST)
Message-ID: <36F6D023.1925D6D5@vpop.net>
Date: Mon, 22 Mar 1999 15:20:03 -0800
From: Matthew Reimer <mreimer@vpop.net>
Organization: VPOP Technologies, Inc.
X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 2.2.8-STABLE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Charles Henrich <henrich@flnet.com>, freebsd-hackers@freebsd.org
Subject: Re: NAT/SKIP/MTU
References: <lists.freebsd.hackers.19990322144600.A17340@orbit.flnet.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Are you using the latest SKIP port? There was a bug a while back in
which SKIP used the M_EOR bit in an mbuf to mark whether or not packets
had been decrypted, and this was causing problems with large packets.

But at this point NAT and SKIP won't cooperate on the same interface,
because NAT (since it runs in userland) doesn't have access to mbufs
(where SKIP keeps track of which packets have been encrypted). The best
fix seems to be to convert SKIP to a userland program using DIVERT
sockets.

Hope this helps.

Matt

Charles Henrich wrote:
> 
> I've run into ap roblem where Im attempting to do both NAT and SKIP on the
> same machine... However whenever the MTU of the internal (net 10) interface is
> less than 1500, packets are either dropped or never reassembled properly
> causing communication with a variety of internet hosts to be broken.  SKIP
> alters the MTU to 1336 (I'm assuming to make space in the packet for the
> encryption overhead)... When it does this though, everything goes to hell.
> 
> Has anyone else out there seen this problem and come up with a solution?  Is
> this a FreeBSD networking issue, or is it a problem with NAT, or even worse,
> is this a problem with other hosts on the network not being able to cope with
> a different MTU?  (I initially noticed this problem with travelocity, and
> expedia's web sites..)
> 
> Thanks for any info!
> 
> -Crh
> 
>        Charles Henrich       Manex Visual Effects       henrich@flnet.com
> 
>                        http://orbit.flnet.com/~henrich
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message