From owner-freebsd-hackers Fri Jan 4 10: 2: 8 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from glenfiddich.infospace.com (mail1.infospace.com [206.29.197.33]) by hub.freebsd.org (Postfix) with SMTP id 6066437B420 for ; Fri, 4 Jan 2002 10:01:56 -0800 (PST) Received: (qmail 21112 invoked from network); 4 Jan 2002 18:01:51 -0000 Received: from unknown (HELO skyy.inspinc.ad) (206.29.197.191) by 0 with SMTP; 4 Jan 2002 18:01:51 -0000 Received: (qmail 24462 invoked from network); 4 Jan 2002 18:01:51 -0000 Received: from unknown (HELO irishbreakfast.carrel.org) ([10.99.32.118]) (envelope-sender ) by skyy.inspinc.ad (qmail-ldap-1.03) with SMTP for ; 4 Jan 2002 18:01:51 -0000 Date: Fri, 4 Jan 2002 10:02:01 -0800 Subject: Re: path_mtu_discovery Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v480) From: William Carrel To: freebsd-hackers@freebsd.org Content-Transfer-Encoding: 7bit In-Reply-To: <20020104154543.90114.qmail@web12508.mail.yahoo.com> Message-Id: <26E71536-013D-11D6-8ED3-003065D5E9A4@infospace.com> X-Mailer: Apple Mail (2.480) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Friday, January 4, 2002, at 07:45 AM, Kristopher Kublinski wrote: > --- Peter Pentchev wrote: >> On Fri, Jan 04, 2002 at 11:08:06AM +0100, Martin Kaeske wrote: >>> Hello, >>> I'm using FreeBSD-4.4-STABLE and have an OpenBSD-2.9 router to >>> connect to the internet (via DSL). If i try to do a cvsup >>> (cvsup.de.freebsd.org, cvsup2.de.freebsd.org, cvsup.freebsd.org) >>> i'm getting a lot of "icmp: Destination unreachable, need to frag >>> " messages and cvsup fails (timeout). The curious thing >>> is if i disable net.inet.tcp.path_mtu_discovery or if i lower the >>> MTU to 1488, everything is fine (of course). >>> That's why i wanted to ask wether FreeBSD fails to lower the MTU >>> (it should lower it due to the icmp messages, shouldn't it?) or >>> is there any pppoe specific problem between me and the cvsup servers? >>> >>> Martin >>> PS: AFAICS cvsup is the only problem ftp/http/nntp works fine >> >> You have not, by any chance, firewalled ICMP replies, have you - >> either outgoing on the router, or incoming on the FreeBSD box? >> > I have the same setup as Martin but i cant say i have the same > problem. I am also blocking all > incoming icmp traffic - in fact i have explicitly denied almost all > incoming traffic so i do not > thing that is the problem. however if you are running ipf on the > openbsd machine (which i am > assuming you are) you might want to check your ruleset, it sounds like > you might have something in > there that is causing it. Blocking all ICMP is bad m'kay? See also: http://www.worldgate.net/~marcs/mtu/ ipfilter with 'keep state' on the connections will automatically allow back in relevant ICMP messages such as mustfrag. The icmp messages coming up on the users console might be logged blocked packets or some such? I don't seem to recall any of the RELENG_4 systems I run spewing stuff to console if the PMTU-D was turned on. Also I wonder if the user's OpenBSD box and FreeBSD box agree on what their MTU is. In any case, barring anyone being able to repeat this it probably belongs on -questions@. -- William Carrel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message