Date: Tue, 19 Apr 2005 07:29:18 +1000 From: Matthew Sullivan <matthew@uq.edu.au> To: freebsd-current@freebsd.org Subject: DF (Don't frag) issues Message-ID: <426426AE.2060406@uq.edu.au>
next in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms050808020208060303070103 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Any reason why FreeBSD 5.2.1+ and 5.3-p9 set DF on all packets? I'm getting some real problems with VPNs, setting the interface MTU to 1024 fixes them, but it really is less than ideal. example with dominator [203.15.51.36] MTU at 1500, vpn server is at 203.15.51.36 (all interfaces are MTU 1500 except gif0 which is 1280), other end of the VPN has interfaces at MTU 1500 which serices the 10.200.254.0 network (wireless).... root@dominator:~# tcpdump -n | grep 10.200.254.98 tcpdump: listening on bge0 23:36:22.638202 10.200.254.98.33118 > 203.15.51.36.24: SWE 742813284:742813284(0) win 5840 <mss 1460,sackOK,timestamp 1548890 0,nop,wscale 0> (DF) 23:36:22.638259 203.15.51.36.24 > 10.200.254.98.33118: S 2275901409:2275901409(0) ack 742813285 win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 45880291 1548890> (DF) 23:36:22.680880 10.200.254.98.33118 > 203.15.51.36.24: . ack 1 win 5840 <nop,nop,timestamp 1548895 45880291> (DF) 23:36:22.683004 203.15.51.36.24 > 10.200.254.98.33118: P 1:43(42) ack 1 win 33304 <nop,nop,timestamp 45880295 1548895> (DF) 23:36:22.728581 10.200.254.98.33118 > 203.15.51.36.24: . ack 43 win 5840 <nop,nop,timestamp 1548900 45880295> (DF) . . . 23:36:23.474807 203.15.51.36.24 > 10.200.254.98.33118: P 2075:2171(96) ack 2425 win 33304 <nop,nop,timestamp 45880374 1548974> (DF) 23:36:23.475751 10.200.254.98.33118 > 203.15.51.36.24: P 2425:2537(112) ack 2075 win 10496 <nop,nop,timestamp 1548974 45880368> (DF) [tos 0x10] 23:36:23.510998 203.15.51.36.24 > 10.200.254.98.33118: P 2171:2219(48) ack 2537 win 33304 <nop,nop,timestamp 45880378 1548974> (DF) [tos 0x10] 23:36:23.511752 203.15.51.36.24 > 10.200.254.98.33118: P 2219:2315(96) ack 2537 win 33304 <nop,nop,timestamp 45880378 1548974> (DF) [tos 0x10] 23:36:23.514316 203.15.51.36.24 > 10.200.254.98.33118: P 2315:3643(1328) ack 2537 win 33304 <nop,nop,timestamp 45880378 1548974> (DF) [tos 0x10] 23:36:23.515060 203.15.51.61 > 203.15.51.36: icmp: 10.200.254.98 unreachable - need to frag (DF) 23:36:23.516599 203.15.51.36.24 > 10.200.254.98.33118: P 3643:3723(80) ack 2537 win 33304 <nop,nop,timestamp 45880379 1548974> (DF) [tos 0x10] 23:36:23.517255 203.15.51.36.24 > 10.200.254.98.33118: P 3723:3771(48) ack 2537 win 33304 <nop,nop,timestamp 45880379 1548974> (DF) [tos 0x10] 23:36:23.517337 203.15.51.36.24 > 10.200.254.98.33118: P 3771:3995(224) ack 2537 win 33304 <nop,nop,timestamp 45880379 1548974> (DF) [tos 0x10] 23:36:23.527961 203.15.51.36.24 > 10.200.254.98.33118: P 3995:4059(64) ack 2537 win 33304 <nop,nop,timestamp 45880380 1548974> (DF) [tos 0x10] 23:36:23.552652 10.200.254.98.33118 > 203.15.51.36.24: . ack 2171 win 10496 <nop,nop,timestamp 1548983 45880374> (DF) [tos 0x10] 23:36:23.561291 10.200.254.98.33118 > 203.15.51.36.24: . ack 2219 win 10496 <nop,nop,timestamp 1548983 45880378> (DF) [tos 0x10] 23:36:23.565812 10.200.254.98.33118 > 203.15.51.36.24: . ack 2315 win 10496 <nop,nop,timestamp 1548983 45880378> (DF) [tos 0x10] 23:36:23.570650 10.200.254.98.33118 > 203.15.51.36.24: . ack 2315 win 10496 <nop,nop,timestamp 1548983 45880378> (DF) [tos 0x10] 23:36:23.577811 10.200.254.98.33118 > 203.15.51.36.24: . ack 2315 win 10496 <nop,nop,timestamp 1548984 45880378> (DF) [tos 0x10] 23:36:23.577829 10.200.254.98.33118 > 203.15.51.36.24: . ack 2315 win 10496 <nop,nop,timestamp 1548984 45880378> (DF) [tos 0x10] 23:36:23.577880 203.15.51.36.24 > 10.200.254.98.33118: . 2315:3763(1448) ack 2537 win 33304 <nop,nop,timestamp 45880385 1548984> (DF) [tos 0x10] 23:36:23.578406 203.15.51.61 > 203.15.51.36: icmp: 10.200.254.98 unreachable - need to frag (DF) 23:36:23.582784 10.200.254.98.33118 > 203.15.51.36.24: . ack 2315 win -- Matthew Sullivan Specialist Systems Programmer Information Technology Services The University of Queensland --------------ms050808020208060303070103 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIG7DCC A3IwggJaoAMCAQICASowDQYJKoZIhvcNAQEEBQAwgaMxCzAJBgNVBAYTAkFVMRMwEQYDVQQI EwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTElMCMGA1UEChMcVGhlIFVuaXZlcnNp dHkgb2YgUXVlZW5zbGFuZDEoMCYGA1UECxMfSW5mb3JtYXRpb24gVGVjaG5vbG9neSBTZXJ2 aWNlczEbMBkGA1UEAxMSQ2VydGlmaWNhdGUgU2VydmVyMB4XDTA0MDEyMTIzMzYyMVoXDTA2 MDEyMTIzMzYyMVowgbIxCzAJBgNVBAYTAkFVMSUwIwYDVQQKExxUaGUgVW5pdmVyc2l0eSBv ZiBRdWVlbnNsYW5kMScwJQYDVQQLEx5JbmZvcm1hdGlvbiBUZWNub2xvZ3kgU2VydmljZXMx FjAUBgoJkiaJk/IsZAEBEwZjY21hdHQxGTAXBgNVBAMTEE1hdHRoZXcgU3VsbGl2YW4xIDAe BgkqhkiG9w0BCQEWEW1hdHRoZXdAdXEuZWR1LmF1MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB AJsUfrw/QUqKIzDverWc2F4GFFRZmIeO+bAl+7BM6x/9frMzOtygx4QGb4oQwtOE8Sda1aIs v+yJF3Di9EuUyvMCAwEAAaNoMGYwDgYDVR0PAQH/BAQDAgXgMBEGCWCGSAGG+EIBAQQEAwIF oDAfBgNVHSMEGDAWgBQmqtoyueiWTYZBinvsnzeOWLtUuzAgBgNVHREEGTAXgRVtYXR0aGV3 QGl0cy51cS5lZHUuYXUwDQYJKoZIhvcNAQEEBQADggEBAF2gZrkqZsZlHd4K/+yBN6qrpD61 hctDf7/Eg4jk6DMknEs6nvHMFUMZ4SXvkqPLnHBygTARKAs7qBSLd7mUUBOOQEgk6ovQVY6S 1CDSt3P9O6wjG0K1igtk8v6u7lkQ8p2STXqrOePVINdaucUgBO/IpeUtt9ATl1qvPTWyM/fz oUZsIKeYjNQVEQsuimrZjdbIAFxdl1fggSngUv64wBn8wCssGrPZIZA2lpBBEW1wejoWrDOH IIr+SspGd0i8MovDTMRSvgTERLki17FU/ANilcrSXiODKeIvpXhnQqVScnsoMSZmBmN2QIoG SnBjNK5mYxx5E3v20VOwtP1hVdEwggNyMIICWqADAgECAgEqMA0GCSqGSIb3DQEBBAUAMIGj MQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUx JTAjBgNVBAoTHFRoZSBVbml2ZXJzaXR5IG9mIFF1ZWVuc2xhbmQxKDAmBgNVBAsTH0luZm9y bWF0aW9uIFRlY2hub2xvZ3kgU2VydmljZXMxGzAZBgNVBAMTEkNlcnRpZmljYXRlIFNlcnZl cjAeFw0wNDAxMjEyMzM2MjFaFw0wNjAxMjEyMzM2MjFaMIGyMQswCQYDVQQGEwJBVTElMCMG A1UEChMcVGhlIFVuaXZlcnNpdHkgb2YgUXVlZW5zbGFuZDEnMCUGA1UECxMeSW5mb3JtYXRp b24gVGVjbm9sb2d5IFNlcnZpY2VzMRYwFAYKCZImiZPyLGQBARMGY2NtYXR0MRkwFwYDVQQD ExBNYXR0aGV3IFN1bGxpdmFuMSAwHgYJKoZIhvcNAQkBFhFtYXR0aGV3QHVxLmVkdS5hdTBc MA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCbFH68P0FKiiMw73q1nNheBhRUWZiHjvmwJfuwTOsf /X6zMzrcoMeEBm+KEMLThPEnWtWiLL/siRdw4vRLlMrzAgMBAAGjaDBmMA4GA1UdDwEB/wQE AwIF4DARBglghkgBhvhCAQEEBAMCBaAwHwYDVR0jBBgwFoAUJqraMrnolk2GQYp77J83jli7 VLswIAYDVR0RBBkwF4EVbWF0dGhld0BpdHMudXEuZWR1LmF1MA0GCSqGSIb3DQEBBAUAA4IB AQBdoGa5KmbGZR3eCv/sgTeqq6Q+tYXLQ3+/xIOI5OgzJJxLOp7xzBVDGeEl75Kjy5xwcoEw ESgLO6gUi3e5lFATjkBIJOqL0FWOktQg0rdz/TusIxtCtYoLZPL+ru5ZEPKdkk16qznj1SDX WrnFIATvyKXlLbfQE5darz01sjP386FGbCCnmIzUFRELLopq2Y3WyABcXZdX4IEp4FL+uMAZ /MArLBqz2SGQNpaQQRFtcHo6FqwzhyCK/krKRndIvDKLw0zEUr4ExES5ItexVPwDYpXK0l4j gyniL6V4Z0KlUnJ7KDEmZgZjdkCKBkpwYzSuZmMceRN79tFTsLT9YVXRMYIDQDCCAzwCAQEw gakwgaMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlz YmFuZTElMCMGA1UEChMcVGhlIFVuaXZlcnNpdHkgb2YgUXVlZW5zbGFuZDEoMCYGA1UECxMf SW5mb3JtYXRpb24gVGVjaG5vbG9neSBTZXJ2aWNlczEbMBkGA1UEAxMSQ2VydGlmaWNhdGUg U2VydmVyAgEqMAkGBSsOAwIaBQCgggItMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJ KoZIhvcNAQkFMQ8XDTA1MDQxODIxMjkxOFowIwYJKoZIhvcNAQkEMRYEFAVwY8BJP11yEBSt VgKrvVBKSUwkMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCA MA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIG6BgkrBgEEAYI3EAQx gawwgakwgaMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC cmlzYmFuZTElMCMGA1UEChMcVGhlIFVuaXZlcnNpdHkgb2YgUXVlZW5zbGFuZDEoMCYGA1UE CxMfSW5mb3JtYXRpb24gVGVjaG5vbG9neSBTZXJ2aWNlczEbMBkGA1UEAxMSQ2VydGlmaWNh dGUgU2VydmVyAgEqMIG8BgsqhkiG9w0BCRACCzGBrKCBqTCBozELMAkGA1UEBhMCQVUxEzAR BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMSUwIwYDVQQKExxUaGUgVW5p dmVyc2l0eSBvZiBRdWVlbnNsYW5kMSgwJgYDVQQLEx9JbmZvcm1hdGlvbiBUZWNobm9sb2d5 IFNlcnZpY2VzMRswGQYDVQQDExJDZXJ0aWZpY2F0ZSBTZXJ2ZXICASowDQYJKoZIhvcNAQEB BQAEQIYILpGxMxATXZmyqCzzm0NLNJq9y8xBIpGlnM0vo1F/m9B5FQs3cK+iadV33+r3/XX7 In4WZySF2HDIh0Rk0FYAAAAAAAA= --------------ms050808020208060303070103--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?426426AE.2060406>