From owner-freebsd-net@FreeBSD.ORG Fri Mar 7 07:48:03 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 26C8A1065673 for ; Fri, 7 Mar 2008 07:48:03 +0000 (UTC) (envelope-from _lion_2000@mail.ru) Received: from ards.ru (mail.ards.ru [212.76.164.163]) by mx1.freebsd.org (Postfix) with SMTP id 65A518FC1D for ; Fri, 7 Mar 2008 07:48:01 +0000 (UTC) (envelope-from _lion_2000@mail.ru) Received: (qmail 49089 invoked by uid 0); 7 Mar 2008 12:47:57 +0500 Received: from (10.1.201.55); 7 Mar 2008 07:47:57 -0000 X-lion-scan: 0 X-lion-envelope: F_lion_2000@mail.ru Tfreebsd-net@freebsd.org X-RELAYCLIENT: 1 Received: from wtm-ards-itoa01.net.ards.corp (HELO wtmardsITOA01) (10.1.201.55) by mail.net.ards.corp with SMTP; 7 Mar 2008 12:47:57 +0500 From: "Sergey" <_lion_2000@mail.ru> To: References: <000001c87f43$c8075800$37c9010a@Net.ARDS.Corp><20080306161818.GD15130@verio.net><001101c8800a$596d4220$37c9010a@Net.ARDS.Corp> <001e01c8800c$587059a0$37c9010a@Net.ARDS.Corp> Date: Fri, 7 Mar 2008 12:47:57 +0500 Message-ID: <002001c88027$8f20a3e0$37c9010a@Net.ARDS.Corp> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 In-Reply-To: <001e01c8800c$587059a0$37c9010a@Net.ARDS.Corp> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 Thread-Index: Ach/qQPMwdmhNDt7SEKSSxXiz74OOgAYPJnAAABfT+AABwVcIA== Subject: RE: Path MTU Problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Mar 2008 07:48:03 -0000 alright, i found who changing packets - it's cisco PIX # tcpdump -s 0 -nveXi stge1 icmp and host 10.23.0.241 tcpdump: WARNING: stge1: no IPv4 address assigned tcpdump: listening on stge1, link-type EN10MB (Ethernet), capture size 65535 bytes this is packet from router with lower mtu just before PIX 10:32:54.775244 00:1c:f6:2e:4b:6f > 00:1d:45:21:a6:51, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 255, id 18463, offset 0, flags [none], proto: ICMP (1), length: 56) 10.23.5.3 > 10.23.0.241: ICMP 10.35.1.3 unreachable - need to frag (mtu 1280), length 36 (tos 0x8, ttl 61, id 2080, offset 0, flags [DF], proto: TCP (6), length: 1420) 10.23.0.241.22 > 10.35.1.3.64856: tcp 1384 [bad hdr length 16 - too short, < 20] 0x0000: 4500 0038 481f 0000 ff01 5984 0a17 0503 E..8H.....Y..... 0x0010: 0a17 00f1 0304 bdf6 0000 0500 4508 058c ............E... 0x0020: 0820 4000 3d06 1a17 0a17 00f1 0a23 0103 ..@.=........#.. 0x0030: 0016 fd58 2723 1573 ...X'#.s --------------------------^^^^^^^^^^^ note the bytes and this is the same packet _after_ PIX 10:32:54.775492 00:1d:45:21:a6:52 > 00:1b:78:e3:c7:66, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 255, id 18463, offset 0, flags [none], proto: ICMP (1), length: 56) 10.23.5.3 > 10.23.0.241: ICMP 10.35.1.3 unreachable - need to frag (mtu 1280), length 36 (tos 0x8, ttl 61, id 2080, offset 0, flags [DF], proto: TCP (6), length: 1420) 10.23.0.241.22 > 10.35.1.3.64856: tcp 1400 [bad hdr length 0 - too short, < 20] 0x0000: 4500 0038 481f 0000 ff01 5984 0a17 0503 E..8H.....Y..... 0x0010: 0a17 00f1 0304 a065 0000 0500 4508 058c .......e....E... 0x0020: 0820 4000 3d06 1a17 0a17 00f1 0a23 0103 ..@.=........#.. 0x0030: 0016 fd58 2e89 2b9e ...X..+. ---------------------------^^^^^^^^^ bytes changed and it seems what FreeBSD takes into account not only IPs:Ports data of ICMP FRAG packet, but also these four bytes of tcp header after is that RFC-style behaviour? Who's violating RFC? PIX or BSD? > -----Original Message----- > From: owner-freebsd-net@freebsd.org > [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Sergey > Sent: Friday, March 07, 2008 9:33 AM > To: freebsd-net@freebsd.org > Subject: RE: Path MTU Problem > > > > > here comes icmp frag packets. strange what sometimes > > > tcpdump complains > > > > about tcp header in icmp packet and sometimes not > > After looking more closely, if found something strange: > > here is part of tcp header of first large packet: > > 10:32:04.610317 IP (tos 0x8, ttl 64, id 1208, offset 0, > flags [DF], proto: > TCP (6), length: 1420) 10.23.0.241.22 > 10.35.1.3.60122: . > 2064:3432(1368) ack 1666 win 32832 38279810 48942931> > 0x0000: 4508 058c 04b8 4000 4006 1a7f 0a17 00f1 > E.....@.@....... > 0x0010: 0a23 0103 0016 eada 5c06 97bb 6284 63e5 > .#......\...b.c. > take note of numbers after > port numbers:------------------------^^^^^^^^^ > > And now look at bytes in ICMP packet: > > 10:32:04.612895 IP (tos 0x0, ttl 254, id 15170, offset 0, > flags [none], > proto: ICMP (1), length: 56) 10.23.5.3 > 10.23.0.241: ICMP > 10.35.1.3 unreachable - need to frag (mtu 1280), length 36 > IP (tos 0x8, ttl 61, id 1208, offset 0, flags [DF], > proto: TCP (6), > length: 1420) 10.23.0.241.22 > 10.35.1.3.60122: tcp 1396 > [bad hdr length 4 > - too short, < 20] > 0x0000: 4500 0038 3b42 0000 fe01 6761 0a17 0503 > E..8;B....ga.... > 0x0010: 0a17 00f1 0304 479f 0000 0500 4508 058c > ......G.....E... > 0x0020: 04b8 4000 3d06 1d7f 0a17 00f1 0a23 0103 > ..@.=........#.. > 0x0030: 0016 eada c207 0364 .......d > here:----------------------^^^^^^^^^ > > Can they be different? Are they taken into account when doing > PathMTU ? > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >