Re: Dummynet Broke fragmets in 5.x and 6.x

This problem exist in 5.x and 6.x implementations i wrote the email to luiggi for this problem
but no answer yet , there is a problem with fragmented traffic that going throut pipes,
dummynet whithout a problem change the ids of the framents and with this prevent
reassembling of the fragments , this is true not only for icmp udp icmp its true for all ip traffic.

br,
CCNP Atanas Yankov
Network Administrator
AngelSoft Ltd.

Alvaro Saurin wrote:


On 5 Dec 2005, at 14:41, Spadge wrote:

Alvaro Saurin wrote:

The problem comes here: if I 'ping' between these two machines, everything is fine, but if I 'ping' with a packet size of, ie, 2000, no packets arrive at the receiver. Does it have to do with fragmented packets? Do I have to include any other rule for dealing with fragments? 


65100      0        0 deny log logamount 5000 ip from any to any frag

Does this not effectively kill all frags? Are your unreceived packets showing up in the log? And if not, are you sure that it's BSD4 that's losing them, and not ubuntu3?

Here's how my firewall handles frags:

# Allow IP fragments to pass through
/sbin/ipfw add pass all from any to any frag

You may also want to set up something similar to handle ICMP.

I've not used dummynet pipes in ages, I wonder if setting a larger queue would help with my disconnect problems, or whether I really do just need to give up and reinstall the entire OS.


Thank you, you're right, but adding something like 'pass all from any to any frag' does not put the IICMP packets through the dummynet pipe. I am not specially interested in 'ping's, but it happens the same for UDP traffic...

The problem is that, if I put ICMP/UDP/etc traffic through a pipe, it doesn't work when packets are fragmented. And letting fragments out of the pipe does not improve things...

Any idea? Thanks.

Alvaro


_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Slow speeds experienced with Dummynet
    ... Recalling my old posting "dummynet dropping too many packets" dated October 4, 2009, the problem isn't over just yet. ... dummynet_iocould overflow that queue. ... It all boils down to big differences between some subsequent "systat -if" reads, both for input and output, when dummynet is in use. ... pipe) so a queue of 100-200 is unlikely to overflow. ...
    (freebsd-net)
  • Slow speeds experienced with Dummynet
    ... Recalling my old posting "dummynet dropping too many packets" dated October 4, 2009, the problem isn't over just yet. ... ipfw pipe 512 config bw 512kbit/s mask dst-ip 0xffffffff gred 0.002/900/1000/0.1 queue 1000 ... Taking this template the speeds range from 512 to tens of mbps. ...
    (freebsd-net)
  • Dummynet fragmenting packets
    ... bandwidth limited and large latency pipe for a mpeg video stream. ... pass the packets between the two NICs without routing through a dummynet ...
    (freebsd-questions)
  • Re: parallelizing ipfw table
    ... packets transmitted, 1 packets received, 0% packet loss ... Implementing this feature I have encountered a problem, ... dummynet and ipfw are so welded together. ...
    (freebsd-net)
  • Re: Dummynet and fragments
    ... everything is fine, but if I 'ping' with a packet size of, ie, 2000, no packets arrive at the receiver. ... Do I have to include any other rule for dealing with fragments? ... queue would help with my disconnect problems, ... The problem is that, if I put ICMP/UDP/etc traffic through a pipe, it ...
    (freebsd-net)