From owner-freebsd-net@FreeBSD.ORG  Tue Jan 18 10:00:58 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0652D106564A
	for <freebsd-net@freebsd.org>; Tue, 18 Jan 2011 10:00:58 +0000 (UTC)
	(envelope-from Axel.Rau@Chaos1.DE)
Received: from mailout4.lrau.net (mailout4.lrau.net [IPv6:2a02:d40:2:2::73])
	by mx1.freebsd.org (Postfix) with ESMTP id C23C48FC1D
	for <freebsd-net@freebsd.org>; Tue, 18 Jan 2011 10:00:57 +0000 (UTC)
Received: from [91.216.35.74] (helo=imap.lrau.net)
	by mailout4.lrau.net with esmtp (Exim 4.73)
	(envelope-from <Axel.Rau@Chaos1.DE>) id 1Pf8Mw-0006er-77
	for freebsd-net@freebsd.org; Tue, 18 Jan 2011 10:00:54 +0000
Received: from axel.rau@chaos1.de by imap.lrau.net (Archiveopteryx
	3.1.3) with esmtpsa id 1295344853-80417-80416/7/346; Tue, 18 Jan 2011
	10:00:53 +0000
Message-Id: <F9645DE3-E8DD-4631-B248-06CB53F016EE@Chaos1.DE>
From: Axel Rau <Axel.Rau@Chaos1.DE>
To: freebsd-net@freebsd.org
Content-Type: text/plain; format=flowed; delsp=yes
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Apple Message framework v936)
Date: Tue, 18 Jan 2011 11:00:52 +0100
X-Mailer: Apple Mail (2.936)
Subject: 8.1 Box does not react on ICMP "unreachable - need to frag"
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jan 2011 10:00:58 -0000

Hi,

DB2 is a DB server with fbsd 8.1-REL. The SQL query comes in through 2 =20
Obsd 4.8 firewalls(GW2).
The DB server returns its query results successfully until an =20
oversized message is being sent (with "DF" set), which the GW2 refuses =20
with an ICMP "unreachable - need to frag (mtu 1492)":
DB2 -> GW1:
=2D----
20:16:09.197968 IP (tos 0x0, ttl 64, id 35523, offset 0, flags [DF], =20
proto TCP (6), length 1492)
   172.16.1.41.5432 > 1.2.3.4.36741: Flags [.], ack 2263, win 8280, =20
options [nop,nop,TS val 2186418648 ecr 3227350928], length 1440
=2D----

GW1 -> DB2:
=2D----
20:16:09.374817 IP (tos 0x0, ttl 255, id 10226, offset 0, flags =20
[none], proto ICMP (1), length 56)
   172.16.1.1 > 172.16.1.41: ICMP 1.2.3.4 unreachable - need to frag =20
(mtu 1492), length 36
	IP (tos 0x0, ttl 64, id 36148, offset 0, flags [DF], proto TCP (6), =20
length 1492)
   172.16.1.41.5432 > 1.2.3.4.36741:  tcp 1464 [bad hdr length 8 - too =20
short, < 20]
=2D---
Question:
1. Shouldn't DB2 fragment and resend the packet?
2. Why is the "DF" set? This prevents GW2 from doing the fragmentation.
3. What can I do to resolve the issue?

I have 3 different MTUs in use and don't want set the DB server to the =20
smallest.

Axel
=2D--
axel.rau@chaos1.de  PGP-Key:29E99DD6  +49 151 2300 9283  computing @ =20
chaos claudius