Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 Mar 1999 15:20:03 -0800
From:      Matthew Reimer <mreimer@vpop.net>
To:        Charles Henrich <henrich@flnet.com>, freebsd-hackers@freebsd.org
Subject:   Re: NAT/SKIP/MTU
Message-ID:  <36F6D023.1925D6D5@vpop.net>
References:  <lists.freebsd.hackers.19990322144600.A17340@orbit.flnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Are you using the latest SKIP port? There was a bug a while back in
which SKIP used the M_EOR bit in an mbuf to mark whether or not packets
had been decrypted, and this was causing problems with large packets.

But at this point NAT and SKIP won't cooperate on the same interface,
because NAT (since it runs in userland) doesn't have access to mbufs
(where SKIP keeps track of which packets have been encrypted). The best
fix seems to be to convert SKIP to a userland program using DIVERT
sockets.

Hope this helps.

Matt

Charles Henrich wrote:
> 
> I've run into ap roblem where Im attempting to do both NAT and SKIP on the
> same machine... However whenever the MTU of the internal (net 10) interface is
> less than 1500, packets are either dropped or never reassembled properly
> causing communication with a variety of internet hosts to be broken.  SKIP
> alters the MTU to 1336 (I'm assuming to make space in the packet for the
> encryption overhead)... When it does this though, everything goes to hell.
> 
> Has anyone else out there seen this problem and come up with a solution?  Is
> this a FreeBSD networking issue, or is it a problem with NAT, or even worse,
> is this a problem with other hosts on the network not being able to cope with
> a different MTU?  (I initially noticed this problem with travelocity, and
> expedia's web sites..)
> 
> Thanks for any info!
> 
> -Crh
> 
>        Charles Henrich       Manex Visual Effects       henrich@flnet.com
> 
>                        http://orbit.flnet.com/~henrich
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36F6D023.1925D6D5>