Date: Thu, 6 Mar 2008 10:18:18 -0600 From: David DeSimone <fox@verio.net> To: freebsd-net@freebsd.org Subject: Re: Path MTU Problem Message-ID: <20080306161818.GD15130@verio.net> In-Reply-To: <000001c87f43$c8075800$37c9010a@Net.ARDS.Corp> References: <000001c87f43$c8075800$37c9010a@Net.ARDS.Corp>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _lion_2000@mail.ru <_lion_2000@mail.ru> wrote: > > Hi, i have a FreeBSD 6.3, fresh install. It is in the corporate > network and i can't use any tcp network service on that machine from > any other, which is behind cisco routers with tunnels. This is a classic PMTU Discovery problem. > Well, not all services, but some, when large packets are sent from > that box. After some investigation i found, what router sends ICMP > Frag packets to that box, but it doesn't reduce packets size and keep > sending large packets: Is it possible that you have PF or IPFW filter rules in place that drop ICMP? Just because tcpdump shows you the frame arrived at your system, does not mean that it was "seen" by the kernel. > here comes icmp frag packets. strange what sometimes tcpdump complains about > tcp header in icmp packet and sometimes not The reason for this complaint is that frag_needed packets return a portion of the original IP frame back to the sender, but the number of bytes is not sufficient to see the entire TCP header. However, there is enough to see the src/dest IP's and src/dest port numbers, as tcpdump shows you. But tcpdump cannot decode past the end of the returned frame, so it shows an error. - -- David DeSimone == Network Admin == fox@verio.net "This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, dis- tribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you." --Lawyer Bot 6000 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFH0BlKFSrKRjX5eCoRAoV2AJ4muSN0vV3HfpxfqKB1S/F+pX7TrACfRiQB AzsTCoFsun772YGxCxLj8GM= =BcKe -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080306161818.GD15130>