Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 7 Mar 2008 12:47:57 +0500
From:      "Sergey" <_lion_2000@mail.ru>
To:        <freebsd-net@freebsd.org>
Subject:   RE: Path MTU Problem
Message-ID:  <002001c88027$8f20a3e0$37c9010a@Net.ARDS.Corp>
In-Reply-To: <001e01c8800c$587059a0$37c9010a@Net.ARDS.Corp>
References:  <000001c87f43$c8075800$37c9010a@Net.ARDS.Corp><20080306161818.GD15130@verio.net><001101c8800a$596d4220$37c9010a@Net.ARDS.Corp> <001e01c8800c$587059a0$37c9010a@Net.ARDS.Corp>
next in thread | previous in thread | raw e-mail | index | archive | help 
alright, i found who changing packets - it's cisco PIX

# tcpdump -s 0 -nveXi stge1 icmp and host 10.23.0.241
tcpdump: WARNING: stge1: no IPv4 address assigned
tcpdump: listening on stge1, link-type EN10MB (Ethernet), capture size 65535
bytes

this is packet from router with lower mtu just before PIX

10:32:54.775244 00:1c:f6:2e:4b:6f > 00:1d:45:21:a6:51, ethertype IPv4
(0x0800), length 70: (tos 0x0, ttl 255, id 18463, offset 0, flags [none],
proto: ICMP (1), length: 56) 10.23.5.3 > 10.23.0.241: ICMP 10.35.1.3
unreachable - need to frag (mtu 1280), length 36
        (tos 0x8, ttl  61, id 2080, offset 0, flags [DF], proto: TCP (6),
length: 1420) 10.23.0.241.22 > 10.35.1.3.64856:  tcp 1384 [bad hdr length 16
- too short, < 20]
        0x0000:  4500 0038 481f 0000 ff01 5984 0a17 0503  E..8H.....Y.....
        0x0010:  0a17 00f1 0304 bdf6 0000 0500 4508 058c  ............E...
        0x0020:  0820 4000 3d06 1a17 0a17 00f1 0a23 0103  ..@.=........#..
        0x0030:  0016 fd58 2723 1573                      ...X'#.s
--------------------------^^^^^^^^^^^
note the bytes

and this is the same packet _after_ PIX
10:32:54.775492 00:1d:45:21:a6:52 > 00:1b:78:e3:c7:66, ethertype IPv4
(0x0800), length 70: (tos 0x0, ttl 255, id 18463, offset 0, flags [none],
proto: ICMP (1), length: 56) 10.23.5.3 > 10.23.0.241: ICMP 10.35.1.3
unreachable - need to frag (mtu 1280), length 36
        (tos 0x8, ttl  61, id 2080, offset 0, flags [DF], proto: TCP (6),
length: 1420) 10.23.0.241.22 > 10.35.1.3.64856:  tcp 1400 [bad hdr length 0
- too short, < 20]
        0x0000:  4500 0038 481f 0000 ff01 5984 0a17 0503  E..8H.....Y.....
        0x0010:  0a17 00f1 0304 a065 0000 0500 4508 058c  .......e....E...
        0x0020:  0820 4000 3d06 1a17 0a17 00f1 0a23 0103  ..@.=........#..
        0x0030:  0016 fd58 2e89 2b9e                      ...X..+.
---------------------------^^^^^^^^^
bytes changed

and it seems what FreeBSD takes into account not only IPs:Ports data of ICMP
FRAG packet, but also these four bytes of tcp header after is that RFC-style
behaviour? Who's violating RFC? PIX or BSD?
 
 

> -----Original Message-----
> From: owner-freebsd-net@freebsd.org 
> [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Sergey
> Sent: Friday, March 07, 2008 9:33 AM
> To: freebsd-net@freebsd.org
> Subject: RE: Path MTU Problem
> 
> > > > here comes icmp frag packets. strange what sometimes
> > > tcpdump complains
> > > > about tcp header in icmp packet and sometimes not
> 
> After looking more closely, if found something strange:
> 
> here is part of tcp header of first large packet:
> 
> 10:32:04.610317 IP (tos 0x8, ttl  64, id 1208, offset 0, 
> flags [DF], proto:
> TCP (6), length: 1420) 10.23.0.241.22 > 10.35.1.3.60122: . 
> 2064:3432(1368) ack 1666 win 32832 <nop,nop,timestamp 
> 38279810 48942931>
>         0x0000:  4508 058c 04b8 4000 4006 1a7f 0a17 00f1  
> E.....@.@.......
>         0x0010:  0a23 0103 0016 eada 5c06 97bb 6284 63e5  
> .#......\...b.c.
> take note of numbers after
> port numbers:------------------------^^^^^^^^^
> 
> And now look at bytes in ICMP packet:
> 
> 10:32:04.612895 IP (tos 0x0, ttl 254, id 15170, offset 0, 
> flags [none],
> proto: ICMP (1), length: 56) 10.23.5.3 > 10.23.0.241: ICMP 
> 10.35.1.3 unreachable - need to frag (mtu 1280), length 36
>         IP (tos 0x8, ttl  61, id 1208, offset 0, flags [DF], 
> proto: TCP (6),
> length: 1420) 10.23.0.241.22 > 10.35.1.3.60122:  tcp 1396 
> [bad hdr length 4
> - too short, < 20]
>         0x0000:  4500 0038 3b42 0000 fe01 6761 0a17 0503  
> E..8;B....ga....
>         0x0010:  0a17 00f1 0304 479f 0000 0500 4508 058c  
> ......G.....E...
>         0x0020:  04b8 4000 3d06 1d7f 0a17 00f1 0a23 0103  
> ..@.=........#..
>         0x0030:  0016 eada c207 0364                      .......d
> here:----------------------^^^^^^^^^
> 
> Can they be different? Are they taken into account when doing 
> PathMTU ?
> 
> 
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002001c88027$8f20a3e0$37c9010a>