Date: Tue, 14 Dec 2004 10:05:50 +0200 From: Peter Pentchev <roam@FreeBSD.org> To: freebsd-net@FreeBSD.org Cc: Darren Reed <darrenr@FreeBSD.org> Subject: IPFilter, mpd/Netgraph problems on RELENG_4 Message-ID: <20041214080549.GC3183@straylight.m.ringlet.net>
next in thread | raw e-mail | index | archive | help
--rQ2U398070+RC21q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I am seeing a lot of ICMP Must Fragment packets with incorrect ICMP checksums on a RELENG_4 box which holds up 40-60 PPTP (mpd/Netgraph) VPN connections at any given time. The peer understandably ignores the ICMP packet with a bad checksum and never fragments the offending TCP packet, effectively killing the connection after a while. A major point is that I'm only seeing them on the interfaces NAT'ed by ipnat. Is anybody else having trouble with ICMP checkums with IPFilter 3.4.35 on a reasonably recent RELENG_4 box? FreeBSD unnamed 4.10-STABLE FreeBSD 4.10-STABLE #1: Thu Dec 2 10:31:16 EET = 2004 root@unnamed:/usr/obj/usr/src-bsd/4.0S/src/sys/UNNAMED i386 drwxr-xr-x 2 root wheel 512 Dec 2 11:43 /var/db/pkg/mpd-3.18_2 G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@cnsys.bg roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence was in the past tense. --rQ2U398070+RC21q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBvp7d7Ri2jRYZRVMRAtAZAJ43LBp23NZxxdR4xYU4dNMtfrbtogCbBHQj KuxegUvh8sEPZgJj24zrnbw= =FgDi -----END PGP SIGNATURE----- --rQ2U398070+RC21q--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041214080549.GC3183>