RE: kern/112722: [udp] IP v4 udp fragmented packet reject

Fri, 06 Feb 2009 15:01:35 -0800 

The following reply was made to PR kern/112722; it has been noted by GNATS.

From: Kent Fox <kent....@imail.org>
To: "rwat...@freebsd.org" <rwat...@freebsd.org>, "freebsd-net@FreeBSD.org"
        <freebsd-net@FreeBSD.org>
Cc:  
Subject: RE: kern/112722: [udp] IP v4 udp fragmented packet reject
Date: Mon, 2 Feb 2009 08:21:56 -0700

 Thanks for the thought but we went back to OpenBSD and fixed our performanc=
 e issue with some kernel parameters. I'm sorry that I cannot help out and d=
 uplicate the problem as I no longer have that environment. The main issue w=
 as the forced reassembly of fragmented packets. When the ingress packet siz=
 e was maxed out, the egress with the tunnel encapsulation was too large and=
  the packet was discarded. We tried a smaller MTU on the ingress but we sti=
 ll could never make it work. Doing an IPsec tunnel with RDP was a sure way =
 of killing the connection. So what you have is C------>FW------->S. From C(=
 lient) the S(erver) there is an IPSec tunnel (all the way) and from C to FW=
 (firewall FreeBSD server) is another IPSec tunnel (tunnel on the intranet (=
 now GRE)).
 
 Hope that helps.
 
 Kent
 
 -----Original Message-----
 From: rwat...@freebsd.org [mailto:rwat...@freebsd.org]=20
 Sent: Monday, February 02, 2009 4:49 AM
 To: Kent Fox; rwat...@freebsd.org; freebsd-net@FreeBSD.org
 Subject: Re: kern/112722: [udp] IP v4 udp fragmented packet reject
 
 Synopsis: [udp] IP v4 udp fragmented packet reject
 
 State-Changed-From-To: open->feedback
 State-Changed-By: rwatson
 State-Changed-When: Mon Feb 2 11:31:13 UTC 2009
 State-Changed-Why:=20
 Dear Kent:
 
 I apologize for the delay in response to this problem report.  Could I ask
 you to:
 
 (1) Confirm the problem still exists, especially if you've moved forward
   to a more recent rev of FreeBSD.
 
 (2) Let me know a bit more about your firewall/ipsec/etc setup.  In
   particular, if you can easily identify a minimalist setup to reproduce
   this problem.  Do the packets you're describing enter via a tunnel, or
   do they arrive unencapsulated?
 
 (3) Send me tcpdump output that shows the packet ingress and resulting
   ICMP.
 
 Thanks,
 
 Robert
 
 
 
 http://www.freebsd.org/cgi/query-pr.cgi?pr=3D112722
 
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Reply via email to