From owner-freebsd-stable@FreeBSD.ORG  Wed Nov 16 19:03:23 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 225AA16A41F
	for <freebsd-stable@freebsd.org>; Wed, 16 Nov 2005 19:03:23 +0000 (GMT)
	(envelope-from sebster@sebster.com)
Received: from smtp.profdata.nl (server.profdata.nl [213.196.2.244])
	by mx1.FreeBSD.org (Postfix) with SMTP id 5C3CD43D46
	for <freebsd-stable@freebsd.org>; Wed, 16 Nov 2005 19:03:21 +0000 (GMT)
	(envelope-from sebster@sebster.com)
Received: (qmail 47461 invoked from network); 16 Nov 2005 19:03:20 -0000
Received: from unknown (HELO ?10.0.0.6?) (80.126.244.3)
	by server.profdata.nl with SMTP; 16 Nov 2005 19:03:20 -0000
Message-ID: <437B8277.1040306@sebster.com>
Date: Wed, 16 Nov 2005 20:03:19 +0100
From: Sebastiaan van Erk <sebster@sebster.com>
User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051017)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-stable@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Bug in netgraph?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2005 19:03:23 -0000

Hi,

There seems to be a bug/problem with GRE (netgraph) in FreeBSD in 
dealing with fragmented packets. When I have the following nat rules:

List of active MAP/Redirect filters:
map ng0 10.0.0.0/8 -> 80.126.244.3/32 portmap tcp/udp 40000:50000 
mssclamp 60
map ng0 10.0.0.0/8 -> 80.126.244.3/32 mssclamp 60

everything works, but when I don't include the mssclamp option then 
connects to for example www.google.com (searching for test) from my 
internal network hang and timeout constantly.

I'm using FreeBSD 6.0 stable in combination with mpd and ipfilter 4.1.18:

IP Filter: v4.1.8 initialized.  Default = block all, Logging = enabled

sebster@piglet(ttyp8:16:64):~> mpd --version
Version 3.18 (root@piglet.sebster.com 22:28  5-Nov-2005)

sebster@piglet(ttyp8:12:0):~> uname -a
FreeBSD piglet.sebster.com 6.0-STABLE FreeBSD 6.0-STABLE #12: Wed Nov 16 
13:34:20 CET 2005 
root@piglet.sebster.com:/usr/obj/usr/src/sys/PIGLET  i386

Greetings,
Sebastiaan van Erk