From owner-freebsd-questions Fri Sep 29 0:49: 7 2000 Delivered-To: freebsd-questions@freebsd.org Received: from smtp10.atl.mindspring.net (smtp10.atl.mindspring.net [207.69.200.246]) by hub.freebsd.org (Postfix) with ESMTP id 675CA37B42C for ; Fri, 29 Sep 2000 00:48:15 -0700 (PDT) Received: from timothyr.net (user-vcaumdp.dsl.mindspring.com [216.175.89.185]) by smtp10.atl.mindspring.net (8.9.3/8.8.5) with ESMTP id DAA26666 for ; Fri, 29 Sep 2000 03:48:13 -0400 (EDT) Received: from sloth (sloth [192.168.1.5]) by timothyr.net (8.11.0/8.11.0) with SMTP id e8T3fBI00315 for ; Thu, 28 Sep 2000 20:41:13 -0700 (PDT) (envelope-from timothyr@timothyr.com) From: "Timothy L. Robertson" To: Subject: cvsup Problem Date: Thu, 28 Sep 2000 08:39:00 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello All, I've been happily keeping up to date using cvsup when suddenly it stopped working. I tightend up my firewall, installed snort, and configured my machine as a DHCP and pop3 server, but I don't think any of these actions are the reason. Basically, I connect to the server, and then nothing happens. Here's a typical session: su-2.03# make update cvsup -g -z -L2 -P m /home/standard-supfile 2>&1 | tee /usr/tmp/standard-cvs.`date "+%m%d.%H.%M.%S"`; cvsup -g -z -L2 -P m /home/ports-supfile 2>&1 | tee /usr/tmp/ports-cvs.`date "+%m%d.%H.%M.%S"`; Parsing supfile "/home/standard-supfile" Connecting to cvsup4.FreeBSD.org Connected to cvsup4.FreeBSD.org Server software version: REL_16_1 Negotiating file attribute support Exchanging collection information Establishing multiplexed-mode data connection Running then it just hangs until it times out. I looked at tcpdump output to try and figure out what's going on, and it seems like packets are not getting past an interface with an MTU of 1450. The thing is I don't have any interface configured with this MTU. I configure my interfaces for an MTU of 1462, and it seems like this number is always 12 bytes less than what I've configured the interface for. The tcpdump shows the connection is established, then I get a bunch of host unreachable ICMP packets on myself. Here's a sample. (My IP is 64.82.116.252) su-2.03# tcpdump -v -X -i tun0 [...packets establishing connection...] 20:04:52.763520 64.82.116.252.iad1 > 129.250.31.140.cvsup: P 280:288(8) ack 614 win 17370 (DF) (ttl 64, id 1373) 0x0000 4500 003c 055d 4000 4006 de8a 4052 74fc E..<.]@.@...@Rt. 0x0010 81fa 1f8c 0406 176f 3bff b5fc ec54 53e2 .......o;....TS. 0x0020 8018 43da f870 0000 0101 080a 0000 2da0 ..C..p........-. 0x0030 01d2 1f72 0301 0400 0000 4000 ...r......@. 20:04:52.765404 64.82.116.252 > 64.82.116.252: icmp: 64.82.116.252 unreachable - need to frag (mtu 1450) (ttl 255, id 1376) 0x0000 4500 0038 0560 0000 ff01 4bc8 4052 74fc E..8.`....K.@Rt. 0x0010 4052 74fc 0304 aefa 0000 05aa 4500 05dc @Rt.........E... 0x0020 055e 4000 4006 0000 4052 74fc 4052 74fc .^@.@...@Rt.@Rt. 0x0030 0406 176f 3bff b604 ...o;... 20:04:52.765506 64.82.116.252 > 64.82.116.252: icmp: 64.82.116.252 unreachable - need to frag (mtu 1450) (ttl 255, id 1376) 0x0000 4500 0038 0560 0000 ff01 4bc8 4052 74fc E..8.`....K.@Rt. 0x0010 4052 74fc 0304 aefa 0000 05aa 4500 05dc @Rt.........E... 0x0020 055e 4000 4006 0000 4052 74fc 4052 74fc .^@.@...@Rt.@Rt. 0x0030 0406 176f 3bff b604 ...o;... 20:04:53.110039 129.250.31.140.cvsup > 64.82.116.252.iad1: . ack 288 win 16920 (DF) (ttl 48, id 22993) 0x0000 4500 0034 59d1 4000 3006 9a1e 81fa 1f8c E..4Y.@.0....... 0x0010 4052 74fc 176f 0406 ec54 53e2 3bff b604 @Rt..o...TS.;... 0x0020 8010 4218 413a 0000 0101 080a 01d2 1f74 ..B.A:.........t 0x0030 0000 2da0 ..-. 20:04:53.843880 64.82.116.252 > 64.82.116.252: icmp: 64.82.116.252 unreachable - need to frag (mtu 1450) (ttl 255, id 1381) 0x0000 4500 0038 0565 0000 ff01 4bc3 4052 74fc E..8.e....K.@Rt. 0x0010 4052 74fc 0304 a94c 0000 05aa 4500 05dc @Rt....L....E... 0x0020 0564 4000 4006 0000 4052 74fc 4052 74fc .d@.@...@Rt.@Rt. 0x0030 0406 176f 3bff bbac ...o;... 20:04:53.843982 64.82.116.252 > 64.82.116.252: icmp: 64.82.116.252 unreachable - need to frag (mtu 1450) (ttl 255, id 1381) 0x0000 4500 0038 0565 0000 ff01 4bc3 4052 74fc E..8.e....K.@Rt. 0x0010 4052 74fc 0304 a94c 0000 05aa 4500 05dc @Rt....L....E... 0x0020 0564 4000 4006 0000 4052 74fc 4052 74fc .d@.@...@Rt.@Rt. 0x0030 0406 176f 3bff bbac ...o;... What's going on here? Why is the MTU 12 bytes less than what I've configured it for and what ifconfig shows? And why did it stop working all of a sudden? Is it a conspiracy that the NSA doesn't want me to get 4.1.1 with RSA in it? Any help appreciated. I've tried everything I could think of including rebuilding cvsup. A little more info is at the end in case anyone finds it helpful. Thanks, - -Tim su-2.03# ifconfig -a fxp0: flags=8843 mtu 1462 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::202:b3ff:fe03:aae1%fxp0 prefixlen 64 scopeid 0x1 ether 00:02:b3:03:aa:e1 media: autoselect (100baseTX) status: active supported media: autoselect 100baseTX 100baseTX 10baseT/UTP 10baseT/UTP xl0: flags=8843 mtu 1462 inet 10.0.0.2 netmask 0xffffff00 broadcast 10.0.0.255 inet6 fe80::201:2ff:fe48:ad91%xl0 prefixlen 64 scopeid 0x2 ether 00:01:02:48:ad:91 media: 10baseT/UTP (10baseT/UTP ) supported media: 10baseT/UTP 10baseT/UTP 10baseT/UTP lp0: flags=8810 mtu 1500 ppp0: flags=8010 mtu 1500 sl0: flags=c010 mtu 552 faith0: flags=8000 mtu 1500 gif0: flags=8010 mtu 1280 gif1: flags=8010 mtu 1280 gif2: flags=8010 mtu 1280 gif3: flags=8010 mtu 1280 lo0: flags=8049 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xb inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 tun0: flags=8151 mtu 1462 inet6 fe80::202:b3ff:fe03:aae1%tun0 --> :: prefixlen 64 scopeid 0xc inet 216.175.93.55 --> 216.175.93.1 netmask 0xffffffff Opened by PID 107 su-2.03# netstat -rn Routing tables Internet: Destination Gateway Flags Netif Expire default 216.175.93.1 UGSc 17 686 tun0 10/24 link#2 UC 0 0 xl0 => 10.0.0.255 ff:ff:ff:ff:ff:ff UHLWb 2 8 xl0 127.0.0.1 127.0.0.1 UH 2 140 lo0 192.168.1 link#1 UC 0 0 fxp0 => 192.168.1.4 0:0:86:15:ab:f6 UHLW 2 134 fxp0 962 192.168.1.5 0:0:86:5b:9d:d6 UHLW 4 541 fxp0 1163 192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 2 23 fxp0 216.175.93.1 216.175.93.55 UH 17 0 tun0 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%fxp0/64 link#1 UC fxp0 fe80::%xl0/64 link#2 UC xl0 fe80::%lo0/64 fe80::1%lo0 Uc lo0 fe80::%tun0/64 link#12 UC tun0 fe80::202:b3ff:fe03:aae1%tun0 ::1 UH lo0 ff01::/32 ::1 U lo0 ff02::%fxp0/32 link#1 UC fxp0 ff02::%xl0/32 link#2 UC xl0 ff02::%lo0/32 fe80::1%lo0 UC lo0 ff02::%tun0/32 link#12 UC tun0 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBOdNlzRJDu7xQsK72EQKU1gCgycRO1ly1OKNB2Rn6VEyOhR5rq10AoK0h lHoVXEQJFrikiMdfUm4Biw6z =bXJc -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message