Hi, Nate, > I encountered a strange problem with PMTU discovery not working properly > on various machines when the packets were tunneled over a GIF / IPSEC > Transport type tunnel (both ends running FreeBSD 6.0). Configuration > files attached. > > Various older FreeBSD systems (it seemed systems that had jails running) > and also Windows Virtual Machines running in Microsoft's Virtual Server > 2005 system, did not perform PMTU discovery properly. > > The FreeBSD 6.0 routers were sending out ICMP host-unreachable > need-fragment packets without an MTU hint. Most machines handle this > fine, but the ones noted above did not decrease PMTU for the connection. > > The attached patch makes sure that the FreeBSD 6.0 router will include > an MTU hint in the ICMP packet. The problem was caused by the IPSec > lookup in ip_forward() returning an secpolicy pointer, but then that > pointer having no details (such as request, etc...) contained in it. The > attached patch (against 6.0) covers that eventuality. > > The 'bug' is obviously in the machines that don't handle the missing MTU > hint properly, but since we can't patch Windows, this patch helps > alleviate the problem from the other side.
Thank you for fixing this ! I have been puzzled for month with this. I hope to see it commited soon. Best regards. -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
