From owner-freebsd-questions@FreeBSD.ORG  Fri Feb  8 11:01:49 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@FreeBSD.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id AFE78441
 for <freebsd-questions@FreeBSD.org>; Fri,  8 Feb 2013 11:01:49 +0000 (UTC)
 (envelope-from bc979@lafn.org)
Received: from zoom.lafn.org (zoom.lafn.org [108.92.93.123])
 by mx1.freebsd.org (Postfix) with ESMTP id 8E1BAC25
 for <freebsd-questions@FreeBSD.org>; Fri,  8 Feb 2013 11:01:49 +0000 (UTC)
Received: from [10.0.1.2] (static-71-177-216-148.lsanca.fios.verizon.net
 [71.177.216.148]) (authenticated bits=0)
 by zoom.lafn.org (8.14.3/8.14.2) with ESMTP id r18AoLUp087648
 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO)
 for <freebsd-questions@FreeBSD.org>; Fri, 8 Feb 2013 02:50:22 -0800 (PST)
 (envelope-from bc979@lafn.org)
From: Doug Hardie <bc979@lafn.org>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Subject: Unusual TCP/IP Packet Size
Message-Id: <28DC0F1E-EF32-4C77-9E09-27CC103265A4@lafn.org>
Date: Fri, 8 Feb 2013 02:50:21 -0800
To: freebsd-questions@FreeBSD.org
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
X-Mailer: Apple Mail (2.1499)
X-Virus-Scanned: clamav-milter 0.97 at zoom.lafn.org
X-Virus-Status: Clean
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Feb 2013 11:01:49 -0000

Monitoring a tcpdump between two systems, a FreeBSD 9.1 system has the =
following interface:

msk0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu =
1500
	=
options=3Dc011b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,VLAN_HWTSO,LINK=
STATE>
	ether 00:11:2f:2a:c7:03
	inet 10.0.1.199 netmask 0xffffff00 broadcast 10.0.1.255
	inet6 fe80::211:2fff:fe2a:c703%msk0 prefixlen 64 scopeid 0x1=20
	nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: Ethernet autoselect (100baseTX =
<full-duplex,flowcontrol,rxpause,txpause>)
	status: active


It sent the following packet:  (data content abbreviated)

02:14:42.081617 IP 10.0.1.199.443 > 10.0.1.2.61258: Flags [P.], seq =
930:4876, ack 846, win 1040, options [nop,nop,TS val 401838072 ecr =
920110183], length 3946
	0x0000:  4500 0f9e ea89 4000 4006 2a08 0a00 01c7  =
E.....@.@.*.....
	0x0010:  0a00 0102 01bb ef4a ece1 680b ae37 1bbc  =
.......J..h..7..
	0x0020:  8018 0410 3407 0000 0101 080a 17f3 8ff8  ....4...=85=85.


The indicated packet length is 3946 and the load of data shown is that =
size.  The MTU on both interfaces is 1500.  The receiving system =
received 3 packets.  There is a router and switch between them.  One of =
them fragmented that packet. This is part of a SSL/TLS exchange and one =
side or the other is hanging on this and just dropping the connection.  =
I suspect the packet size is the issue.  ssldump complains about the =
packet too and stops monitoring.  Could this possibly be related to the =
hardware checksums?