Date: Tue, 18 Jan 2011 11:00:52 +0100 From: Axel Rau <Axel.Rau@Chaos1.DE> To: freebsd-net@freebsd.org Subject: 8.1 Box does not react on ICMP "unreachable - need to frag" Message-ID: <F9645DE3-E8DD-4631-B248-06CB53F016EE@Chaos1.DE>
next in thread | raw e-mail | index | archive | help
Hi, DB2 is a DB server with fbsd 8.1-REL. The SQL query comes in through 2 =20 Obsd 4.8 firewalls(GW2). The DB server returns its query results successfully until an =20 oversized message is being sent (with "DF" set), which the GW2 refuses =20 with an ICMP "unreachable - need to frag (mtu 1492)": DB2 -> GW1: =2D---- 20:16:09.197968 IP (tos 0x0, ttl 64, id 35523, offset 0, flags [DF], =20 proto TCP (6), length 1492) 172.16.1.41.5432 > 1.2.3.4.36741: Flags [.], ack 2263, win 8280, =20 options [nop,nop,TS val 2186418648 ecr 3227350928], length 1440 =2D---- GW1 -> DB2: =2D---- 20:16:09.374817 IP (tos 0x0, ttl 255, id 10226, offset 0, flags =20 [none], proto ICMP (1), length 56) 172.16.1.1 > 172.16.1.41: ICMP 1.2.3.4 unreachable - need to frag =20 (mtu 1492), length 36 IP (tos 0x0, ttl 64, id 36148, offset 0, flags [DF], proto TCP (6), =20 length 1492) 172.16.1.41.5432 > 1.2.3.4.36741: tcp 1464 [bad hdr length 8 - too =20 short, < 20] =2D--- Question: 1. Shouldn't DB2 fragment and resend the packet? 2. Why is the "DF" set? This prevents GW2 from doing the fragmentation. 3. What can I do to resolve the issue? I have 3 different MTUs in use and don't want set the DB server to the =20 smallest. Axel =2D-- axel.rau@chaos1.de PGP-Key:29E99DD6 +49 151 2300 9283 computing @ =20 chaos claudius
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F9645DE3-E8DD-4631-B248-06CB53F016EE>