From owner-freebsd-stable@FreeBSD.ORG Fri Jun 17 16:08:54 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7EDDE16A41C for ; Fri, 17 Jun 2005 16:08:54 +0000 (GMT) (envelope-from bruce.ashfield@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2CB6143D49 for ; Fri, 17 Jun 2005 16:08:54 +0000 (GMT) (envelope-from bruce.ashfield@gmail.com) Received: by wproxy.gmail.com with SMTP id 50so956475wri for ; Fri, 17 Jun 2005 09:08:53 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type; b=sCkgS/Dd5gpc0joHSpJh7056CyjS8Uhjp/slPMweM7BoSOW11jOwipKPeD77TxQAbWw1u+G04iCtLdP91+7qaCvn/FfmnscKRNyikUyif32CeeFOfbBxdB5eduCA1++DDTIpVoM+r8tCknter9X4ETEjRAaf0mqyrFJQGGFnaXE= Received: by 10.54.68.14 with SMTP id q14mr1331273wra; Fri, 17 Jun 2005 09:08:53 -0700 (PDT) Received: by 10.54.52.2 with HTTP; Fri, 17 Jun 2005 09:08:53 -0700 (PDT) Message-ID: <3bd6b93c0506170908aa7abd4@mail.gmail.com> Date: Fri, 17 Jun 2005 12:08:53 -0400 From: Bruce Ashfield To: freebsd-stable@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: fxp0: discard oversize frame leads to icmp 36: ip reassembly time exceeded X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Bruce Ashfield List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jun 2005 16:08:54 -0000 Hi all, I've been searching through archives and many freebsd resources and can't= =20 seem to find a solution to the problem that I'm currently seeing. I thought= =20 I'd check here before hacking the kernel to try and fix it myself, just in= =20 case the fix is already out there and just eluding me :) I'm running a 5.4-STABLE freebsd firewall. Everything is pretty standard,= =20 DSL -> firewall -> clients. I'm using pppoe and providing NAT and other=20 goodies to the machines behind the firewall. Nothing too fancy. All my services are passing nicely through the firewall, except one=20 application. VNC/Timbuktu when run over a VPN connection. I've been trying= =20 to fix the problem by restricting mtu size, I've got tcpmssfixup and have= =20 clamped the size on the client Window's box as well. Nothing works, but the= =20 symptom I was seeing and was trying to solve was: > icmp 36: ip reassembly time exceeded As dumped from tcpdump on my pppoe tunnel. I searched high and low and trie= d=20 all kinds of tcp/ip tuning options. Nothing helped. So during yet another= =20 debugging session I noticed: > fxp0: discard oversize frame (ether type 8864 flags 3 len 1470 > max 1462= ) In my logs. Funny how that message matched the ip re-assembly errors 1 to 1= .=20 So it looks like my nic is dropping the packets as they are detected as too= =20 large and that propagates up and then I see my icmp message. Makes sense. I've seen this problem mentioned in other freebsd forums, but I most often= =20 saw the answer "upgrade to the latest 5-release", which I *should* already= =20 be running. The message comes from /sys/net/if_ethersubr.c and obviously it= =20 is calculating the MAX size of the packet incorrectly or I've still got=20 something misconfigured. I also poked around in the fxp driver, but didn't= =20 see anything obvious. So before I go off doing some more extensive hacking, I thought I'd see if= =20 anyone could point me at the problem or maybe even show me the patch I=20 couldn't find :) I've included some potentially relevant dumps below, Thanks, Bruce -------------------------------------- fwe0: flags=3D108943 mtu 15= 00 options=3D8 inet6 fe80::40:63ff:fe04:2c40%fwe0 prefixlen 64 scopeid 0x1 ether 02:40:63:04:2c:40 ch 1 dma 0 vr0: flags=3D8843 mtu 1448 inet6 fe80::240:63ff:fedd:622f%vr0 prefixlen 64 scopeid 0x2 inet 10.10.x.x netmask 0xff000000 broadcast 10.255.255.255 ether 00:40:63:dd:62:2f media: Ethernet autoselect (10baseT/UTP) status: active fxp0: flags=3D8843 mtu 1448 options=3D8 inet6 fe80::202:b3ff:fe24:8182%fxp0 prefixlen 64 scopeid 0x3 ether 00:02:b3:24:81:82 media: Ethernet autoselect (10baseT/UTP) status: active plip0: flags=3D108810 mtu 1500 lo0: flags=3D8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet 127.0.0.1 netmask 0xff000000 tun0: flags=3D8051 mtu 1448 inet 66.x.x.x --> 66.x.x.x netmask 0xffffff00 Opened by PID 222 --=20 "Thou shalt not follow the NULL pointer, for chaos and madness await thee a= t=20 its end"