Re: ICMP need to frag

From: Jeremie Le Hen (jeremie_at_le-hen.org)
Date: 05/23/05

  • Next message: Josef Karthauser: "iwi driver: Probes but no association (FreeBSD5.4)." 
    Date: Mon, 23 May 2005 01:28:47 +0200
To: freebsd-net@FreeBSD.org

    > I try to connect to my RELENG_5 box through an IPsec tunnel whose MTU
    > is 1260.
    >
    > CURRENT -------- [[ RELENG_5 ------- RELENG_4 ]] -------- RELENG_5
    > (client) Ethernet IPSec Ethernet (server)
    > (1500) (1260) (1500)
    >
    >
    > The attached tcpdump trace comes from the Ethernet side of the RELENG_4
    > router. I simply don't understand why the RELENG_5 ssh server doesn't
    > take care of the ICMP need to frag packet.
    > FYI, this trace is a screen reattachement through ssh which hangs during
    > the screen refresh. After about ten seconds, I broke the ssh session
    > with ~. .

    I forgot to tell that I don't have any firewall rule on the ssh server,
    and net.inet.tcp.path_mtu_discovery is set to 1.

    A few more questions :
        - Why does ssh set the Dont-Fragment bit ? This is maybe usual
          in today TCP/IP communications, as Path MTU Discovery slowly
          replaced fragmentation.

        - Why does Path MTU Discovery doesn't work here ? I'm pretty
          sure that the ICMP Need-To-Frag packets are not filtered since
          I am able to see them outgoing from the Ethernet network card
          on the RELENG_4 router.

    Best regards, 

    -- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
  • Next message: Josef Karthauser: "iwi driver: Probes but no association (FreeBSD5.4)."