Is this a bug?

From: Alexander Motin (mav_at_alkar.net)
Date: 11/24/03

  • Next message: FreeBSD bugmaster: "Current problem reports assigned to you" 
    Date: Mon, 24 Nov 2003 20:42:04 +0200
To: freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org

    Hi!

    Alexander Motin wrote:
    > I have one strange problem with dummynet & IP fragmentation.
    >
    > I have FreeBSD 4.8-RELEASE router with few interfaces:
    > em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    > options=3<rxcsum,txcsum>
    > inet 195.248.191.172 netmask 0xffffffc0 broadcast 195.248.191.191
    > ether 00:30:48:20:8e:7e
    > media: Ethernet autoselect (1000baseTX <full-duplex>)
    > status: active
    > ng4: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1492
    > inet 195.248.191.172 --> 212.86.231.58 netmask 0xffffffff
    >
    > Interface ng4 have MTU 1492 because it is PPPoE link.
    > When I do not use dummynet on router and somebody send a big
    > (>1492bytes) packet to 212.86.231.58 with DontFragment flag set router
    > generates ICMP reply message (Fragmentation Needed). This is correct.
    >
    > But when I use dummynet on that interface:
    > 10170 pipe 10009 ip from any to any out xmit ng4
    > 10175 allow ip from any to any via ng4
    >
    > 10009: 128.000 Kbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail
    > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
    > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
    > Pkt/Byte Drp
    > 0 udp 195.248.191.65/53 212.86.231.58/1118 50965 28380582 0
    > 0 143
    >
    > router stops sending that ICMP messages. Pipe is not overflowed at that
    > tme, it is empty.

    I recheck this on other router on Ethernet (rl0) interface.

    When I set MTU 1400 on rl0 interface I could see generated ICMP messages:
    20:27:23.660470 dp3-w-com.alkar.net.ftp-data > pc.mavhome.dp.ua.1100: .
    1027:2487(1460) ack 1 win 58400 (DF)
    20:27:23.660580 router.mavhome.dp.ua > dp3-w-com.alkar.net: icmp:
    pc.mavhome.dp.ua unreachable - need to frag (mtu 1400) (DF)

    But when I configure outgoing pipe on this interface:
    ipfw pipe 2 config bw 64kbit/s
    ipfw add 1000 pipe 2 all from any to any out via rl0
    I got problem:
    20:29:32.778561 DP6-W-CUS.alkar.net.4522 > pc.mavhome.dp.ua.1103: .
    1025:2485(1460) ack 1 win 58400 (DF)
    20:29:35.080903 DP6-W-CUS.alkar.net.4522 > pc.mavhome.dp.ua.1103: .
    1025:2485(1460) ack 1 win 58400 (DF)
    20:29:39.274113 DP6-W-CUS.alkar.net.4522 > pc.mavhome.dp.ua.1103: .
    1025:2485(1460) ack 1 win 58400 (DF)
    20:29:47.306847 DP6-W-CUS.alkar.net.4522 > pc.mavhome.dp.ua.1103: .
    1025:2485(1460) ack 1 win 58400 (DF)

    Hey, Developers! Where are you? Can anybody comment this? 

    -- 
Alexander Motin
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
  • Next message: FreeBSD bugmaster: "Current problem reports assigned to you"

    Relevant Pages

    • Re: Aggregation of E1 interface ?
      ... >> remote router. ... >> So I'm wandering if it is possible to aggregate all those interface into ... single IMA with 8 channels looks like a 16 Mbps pipe). ...
      (comp.dcom.sys.cisco)
    • [Full-Disclosure] FW: Cisco Vulnerability forensic protocol analysis results.
      ... AMILABS CISCO IP PROTOCOL EXPLOIT TESTING RESULTS ... Cisco router interfaces using either all or one of the following IP ... of a remote Cisco interface uses all of them. ... output buffer failures, 0 output buffers swapped out Router4# ...
      (Full-Disclosure)
    • Re: Site-to-Site VPN client routing question - clients at branch office not able to acce
      ... I would recommend that you use some other machine as your router, ... select the demand-dial interface from the dropdown list. ... On the RRAS server in Shanghai, configure a demand-dial interface and give it a static route to 194.1.1.0/24 as above. ... This makes sure that the connection is made to the correct dd interface and sets up the correct route back to Shanghai through the VPN link. ...
      (microsoft.public.windows.server.networking)
    • Point to Point T1 with Cisco 1841 Routers
      ... checked it in the morning and on my side, the router had a lot of CRC ... interface FastEthernet0/0 ... ip http access-class 23 ... minute output rate 0 bits/sec, 0 packets/sec ...
      (comp.dcom.sys.cisco)
    • Re: Nmap questions concering my router
      ... >interface can only have assigned ip address and no more. ... but isnt this also the same concept a Port translation is? ... network services externally where the server is on am internal host. ... If someone connected to port 80 on your router, ...
      (comp.security.firewalls)