From owner-freebsd-hackers  Tue Dec  8 00:11:42 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA27058
          for freebsd-hackers-outgoing; Tue, 8 Dec 1998 00:11:42 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [194.93.177.113])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA26939
          for <hackers@FreeBSD.ORG>; Tue, 8 Dec 1998 00:10:00 -0800 (PST)
          (envelope-from ru@ucb.crimea.ua)
Received: (from ru@localhost)
	by relay.ucb.crimea.ua (8.8.8/8.8.8) id KAA04908;
	Tue, 8 Dec 1998 10:03:26 +0200 (EET)
	(envelope-from ru)
Date: Tue, 8 Dec 1998 10:03:25 +0200
From: Ruslan Ermilov <ru@ucb.crimea.ua>
To: Marc Slemko <marcs@znep.com>
Cc: Thomas David Rivers <rivers@dignus.com>, hackers@FreeBSD.ORG
Subject: Re: TCP bug
Message-ID: <19981208100325.A2574@ucb.crimea.ua>
Mail-Followup-To: Marc Slemko <marcs@znep.com>,
	Thomas David Rivers <rivers@dignus.com>, hackers@FreeBSD.ORG
References: <19981207163606.A7575@ucb.crimea.ua> <Pine.BSF.4.05.9812071138250.463-100000@alive.znep.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.94.17i
In-Reply-To: <Pine.BSF.4.05.9812071138250.463-100000@alive.znep.com>; from Marc Slemko on Mon, Dec 07, 1998 at 11:47:15AM -0800
X-Operating-System: FreeBSD 2.2.7-STABLE i386
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Dec 07, 1998 at 11:47:15AM -0800, Marc Slemko wrote:
> On Mon, 7 Dec 1998, Ruslan Ermilov wrote:
> > 
> > I mean the FreeBSD box you are sitting on and from which you can't access
> > www.aol.com.
> 
> That isn't overly likely to be an issue in this case.  A tcpdump will show
> for sure the ack for that packet is getting back or not.
> 
Tcpdump will show that packets have no DF bit set.

> > >  As I understood this discussion (which seemed clear to me); the
> > > problem was that an internal node (behind the firewall) couldn't
> > > get to some web sites because of fragmentation issues.  The low
> > > MTU at the firewall/gateway broke path MTU discovery..
> > 
> > No, the problem is not with low MTU, but because AOL is blocking ICMP:
> > 
> > PING aol.com (152.163.210.29): 56 data bytes
> > 36 bytes from www2-r10-P5-0-0.tpopr-rri.aol.com (152.163.133.6): Communication prohibited by filter
> > Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
> >  4  5  00 5400 68cb   0 0000  ea  01 894d 194.93.177.113  152.163.210.29
> > 
> > ^C
> > --- aol.com ping statistics ---
> > 22 packets transmitted, 0 packets received, 100% packet loss
> 
> While the blame should be assigned to someone who is filtering, it is
> important to note that just because you can't ping someone doesn't mean
> they are filtering all ICMP.
> 

Using telnet is a bad idea to test whether PMTU-D works on not.
Telnet produces small packets, so you'll never receive "fragmentation needed
and DF is set" message. For the same reason, you can't test whether a site
is blocking ICMP type 3 code 4 messages.

-- 
Ruslan Ermilov		Sysadmin and DBA of the
ru@ucb.crimea.ua	United Commercial Bank
+380.652.247.647	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message