MPD and fragmentation

Artyom Viklenko artem at aws-net.org.ua
Thu Jul 26 06:09:40 UTC 2007 

Mihai Tanasescu wrote:
> Hello,
> 
> 
> With help from another FreeBSD user on this list I was able to set up an 
> MPD pptp server to allow windows machines to connect to it.
> 
> Unfortunately now I've stumbled upon some strange behaviors.
> 
> First of all I'm getting icmp losses even if I use a test LAN to make a 
> tunnel to the local FBSD machine, but these don't seem to affect my 
> transfer rate when trying to get a large file via HTTP from the same 
> machine.
> 
> What bothers me most is that some sites (like msn.com, microsoft.com, 
> etc) don't seem to be loading.
> What I first thought about was the mss problem and so I discovered the 
> following:
> 
> 22:54:36.633254 IP (tos 0x0, ttl  64, id 14254, offset 0, flags [DF], 
> proto: ICMP (1), length: 56) FBSD-IP > 207.68.183.32: ICMP FBSD-IP 
> unreachable - need to frag (mtu 1336), length 36
> 
> In my config file I have:
> set iface mtu 1500
> set link mtu 1440
> set iface enable tcpmssfix
> 
> My full config is posted here:
> http://pastebin.com/m66a3c05f
> My system:
> FreeBSD 6.1-RELEASE-p17
> MPD 4.1
> 
> I played a bit with the above mentioned values with no luck unfortunately.
> I'm still wondering (don't know if I'm right) if a too large packet 
> comes from 207.68.183.32 why doesn't it get fragmented upon being sent 
> via ng0 -> pptp1 and instead of this happening my machine sends an ICMP 
> unreachable back.
> Also I have pf running on that machine with a NAT rule for traffic not 
> destined to the local network (but after several experiments with that 
> nothing changed in regard to the problem I have).
> 
> I'm banging my head against the wall as I don't know what else to try 
> anymore.
> 
> Can someone help me out ?


If you use PF, try to add rule

scrub in all fragment rassemble no-df

And VERY carefully check your ruleset. May be you block icmp in some place
and PMTU doesn't work.

As as last resort you can add
  max-mss <some-size> to scrub rule. <some-size> may be some value in
range of 1300-1460.

Sometimes it helps.

-- 
            Sincerely yours,
                             Artyom Viklenko.
-------------------------------------------------------
artem at aws-net.org.ua | http://www.aws-net.org.ua/~artem
FreeBSD: The Power to Serve   -  http://www.freebsd.org

More information about the freebsd-net mailing list