Date: Mon, 31 Mar 2003 14:26:58 +0400 From: "Dennis S. Davidoff" <null@1system.ru> To: freebsd-net <freebsd-net@freebsd.org> Subject: Need to frag (DF) :) Message-ID: <20030331102658.GA66056@mail.1system.ru>
next in thread | raw e-mail | index | archive | help
Hi all.
After successful authorization and setting tunnel by mpd I've got a
problem with packet fragmentation.
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
net 172.16.1.2 netmask 0xffffff00 broadcast 172.16.1.255
ether 00:02:44:2e:35:da
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 172.16.0.1 netmask 0xffffff00 broadcast 172.16.0.255
ether 00:10:dc:06:e8:91
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1392
inet 10.0.0.1 --> 10.0.0.2 netmask 0xffffffff
As you can see, mtu is 1392. So any attempt to open big content from
site or download a big file will fail. tcpdump shows:
14:13:09.876867 172.16.1.2 > 217.106.231.104: icmp: 192.168.0.168
unreachable - need to frag (mtu 1392) (DF)
...and so on.
Also I'll trying to test my gateway like that:
C:\Documents and Settings\null>ping -f -l 1500 172.16.0.1
Pinging 172.16.0.1 with 1500 bytes of data:
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Ping statistics for 172.16.0.1:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C
Someone from obsd tells me that in obsd pf it could be solved by the rule:
scrub in all no-df fragment reassemble
...which defragments all packets and removes DF flag (i guess)
P.S. On my gateway I have an ipfw rule that allows any icmp type.
Thanks for any advices.
--
Sincerely,
Dennis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030331102658.GA66056>