Date: Tue, 06 Dec 2005 11:09:48 +0200 From: Atanas Yankov <xds@LanGame.Net> To: Alvaro Saurin <saurin@dcs.gla.ac.uk>, freebsd-net@freebsd.org Subject: Re: Dummynet Broke fragmets in 5.x and 6.x Message-ID: <4395555C.90407@LanGame.Net> In-Reply-To: <88B4FA57-0A01-410C-9DCF-67E1F23DD827@dcs.gla.ac.uk> References: <79336124-B4D5-43A3-88D2-9FE0D4A4D120@dcs.gla.ac.uk> <4394518C.1030104@fromley.net> <88B4FA57-0A01-410C-9DCF-67E1F23DD827@dcs.gla.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
This problem exist in 5.x and 6.x implementations i wrote the email to luiggi for this problem but no answer yet , there is a problem with fragmented traffic that going throut pipes, dummynet whithout a problem change the ids of the framents and with this prevent reassembling of the fragments , this is true not only for icmp udp icmp its true for all ip traffic. br, CCNP Atanas Yankov Network Administrator AngelSoft Ltd. Alvaro Saurin wrote: > > On 5 Dec 2005, at 14:41, Spadge wrote: > >> Alvaro Saurin wrote: >> >>> The problem comes here: if I 'ping' between these two machines, >>> everything is fine, but if I 'ping' with a packet size of, ie, >>> 2000, no packets arrive at the receiver. Does it have to do with >>> fragmented packets? Do I have to include any other rule for >>> dealing with fragments? >> >> >> 65100 0 0 deny log logamount 5000 ip from any to any frag >> >> Does this not effectively kill all frags? Are your unreceived >> packets showing up in the log? And if not, are you sure that it's >> BSD4 that's losing them, and not ubuntu3? >> >> Here's how my firewall handles frags: >> >> # Allow IP fragments to pass through >> /sbin/ipfw add pass all from any to any frag >> >> You may also want to set up something similar to handle ICMP. >> >> I've not used dummynet pipes in ages, I wonder if setting a larger >> queue would help with my disconnect problems, or whether I really do >> just need to give up and reinstall the entire OS. > > > Thank you, you're right, but adding something like 'pass all from any > to any frag' does not put the IICMP packets through the dummynet > pipe. I am not specially interested in 'ping's, but it happens the > same for UDP traffic... > > The problem is that, if I put ICMP/UDP/etc traffic through a pipe, it > doesn't work when packets are fragmented. And letting fragments out > of the pipe does not improve things... > > Any idea? Thanks. > > Alvaro >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4395555C.90407>