From owner-freebsd-stable Fri Oct 26 9:46:44 2001 Delivered-To: freebsd-stable@freebsd.org Received: from mail.interactivate.com (market.interactivate.com [63.141.73.2]) by hub.freebsd.org (Postfix) with ESMTP id 8332437B403 for ; Fri, 26 Oct 2001 09:46:32 -0700 (PDT) Received: from feh (feh [192.168.1.54]) by mail.interactivate.com (8.11.6/8.11.6) with SMTP id f9QGXuQ06848; Fri, 26 Oct 2001 09:33:57 -0700 (PDT) (envelope-from lsica@interactivate.com) Date: Fri, 26 Oct 2001 09:25:13 -0700 From: Lawrence Sica To: john_wilson100@excite.com Cc: dillon@apollo.backplane.com, drais@wow.atlasta.net, freebsd-stable@FreeBSD.ORG Subject: Re: 4.4-STABLE machine unusable (was Re: Openssh) Message-Id: <20011026092513.0053e5e9.lsica@interactivate.com> In-Reply-To: <1406043.1004062911549.JavaMail.imail@pugsly.excite.com> References: <1406043.1004062911549.JavaMail.imail@pugsly.excite.com> Organization: Interactivate, Inc X-Mailer: Sylpheed version 0.6.2 (GTK+ 1.2.10; sparc-sun-solaris2.8) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 25 Oct 2001 19:21:43 -0700 (PDT) john_wilson100@excite.com wrote: > > Thanks guys, that certainly clears things up for me! > > I just have two questions: > > 1) if my Solaris box is similarly firewalled, why doesn't it exhibit > the > same behaviour? I realise that their MTU discovery algorithm is > probably > very different, but perhaps worth exploring or even adopting (now that > Solaris source is freely available)? > Solaris MTU is not RFC compliant depending on the version of Solaris you are using. Waht version of Solaris is it? Anything 2.5.1 and below is definitiely NOT RFC compliant. It wasnt until 8 that they got more in line. Soalris has a debug switch for MTU discovery don;t know if freebsd does... > 2) I want to have some proof and find out exactly which router or > firewall > is causing this before I go medieval on them. Will I see MTU > discovery in > a tcp dump? > Good question. man 1 tcpdump. Tcpdump will show mtu inforation as well: From man 1 tcpdump If the -v flag is given twice, additional information is printed, such as the the RX call ID, serial number, and the RX packet flags. The MTU negotiation information is also printed from RX ack packets. > Thanks again, > > John > > > > > On Thu, 25 Oct 2001 18:40:37 -0700 (PDT), Matthew Dillon wrote: > > TCP does what is known as MTU discovery to figure out the lowest > MTU > in the connection path. TCP then sets the no-frag bit on its > packets. > > This can break down if you are running through a misconfigured > firewall > or an intermediate router or machine does not respond with the > correct > ICMP error when an oversized no-frag packet is received. If the > firewall blocks ICMP error #3 (destination unreachable) subcode 4, > your TCP connection will not properly detect the MTU. > > Reducing the client machine's interface MTU is a work-around (it > sets > a maximum MTU which is hopefully less then the maximum MTU of > routers > in between you and the destination), but the best solution is to > figure > out where the misconfigured router/machine is and fix it. > > -Matt > > > > On Thu, 25 Oct 2001 david raistrick wrote: > > > I've seen this before, or something that sounds identical. telnet did > the > same thing, and anything over a size i dont remember via http did it > as > well. > > The workaround I found was to drop the MTU on the ethernet card (a > generic > ne2k card at the time, no idea what it was plugged into.) down to 512 > and > it was fine. Move it above 512 and the problems came back. > > This was with 3.0 and 3.3 release...that machine was only recently > pulled > out of service. sshd version 1.2.27 [i386-unknown-freebsd3.0], stock > telnet, and i'm not sure what apache. > > (happened to /all/ available clients that i could find..) > > > If i only issued "short" output commands, 1/2 to 1 page (80x24) long, > the > problem didnt seem to crop up. after that, it would hang. > > I DID discover that it was still accepting my input....I could do a > "w" from another session, and see the "more" that was running on the > other > tty. hit "q" on the hung session, and i'd drop back to the shell. > > I could even logout. > > anyway. > > ...david > > --- > david raistrick (deep in the south georgia woods) > drais@atlasta.net > > > > > > _______________________________________________________ > Send a cool gift with your E-Card > http://www.bluemountain.com/giftcenter/ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message -- Lawrence Sica ------------------------------ lsica@interactivate.com Systems Administrator Inter@ctivate, Inc. 225 Broadway, Suite 2250 San Diego, CA 92101 (619) 814-1999 (main) (619) 814-1998 (fax) http://www.interactivate.com -------------------------------- This message is intended only for the use of the Addressee and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not the intended recipient, dissemination of this communication is prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message