fragmented packet not reassembled after l2tp encapsulation in mpd
and second fragmentation
Mykola Dzham
i at levsha.me
Thu Dec 30 14:10:42 UTC 2010
Hi!
fragmented packets does not reassemble when encapsulated into l2tp and
l2tp packets fragmented too.
Send side:
$ uname -a
FreeBSD gamlet.kiev.xxxx.com.ua 8.2-PRERELEASE FreeBSD 8.2-PRERELEASE #21 r216586: Mon Dec 20 14:12:32 EET 2010 root at gamlet.kiev.xxxx.com.ua:/usr/bsd/obj/usr/bsd/src/sys/GAMLET amd64
$ pkg_info -E mpd\*
mpd-5.5
$ ifconfig ng0
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
inet 10.113.255.1 --> 10.113.255.3 netmask 0xffffffff
$ ifconfig vlan2103
vlan2103: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:30:48:64:76:07
inet xx.xxx.xxx.220 netmask 0xfffffff8 broadcast xx.xxx.xxx.223
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 2103 parent interface: em1
mpd.conf section:
l2tpsrv:
set ippool add l2tppool 10.113.255.2 10.113.255.200
create bundle template B2
set iface enable tcpmssfix
set iface up-script /usr/local/etc/mpd5/l2tp.up
set ipcp yes vjcomp
set ipcp ranges 10.113.255.1 ippool l2tppool
create link template L2 l2tp
set link action bundle B2
set link keep-alive 10 60
set link no pap chap
set link enable chap
set l2tp self xx.xxx.xxx.220
set link enable incoming
recv side:
$ uname -a
FreeBSD terra.kiev.xxxx.com.ua 8.2-PRERELEASE FreeBSD 8.2-PRERELEASE #9 r216430: Wed Dec 15 13:15:36 EET 2010 root at terra.kiev.xxxx.com.ua:/usr/bsd/obj/usr/bsd/src/sys/TERRA amd64
$ pkg_info -E mpd\*
mpd-5.5
$ ifconfig ng0
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
inet 10.113.255.3 --> 10.113.255.1 netmask 0xffffffff
$ ifconfig vlan405
vlan405: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:1b:21:13:16:30
inet yy.yyy.yyy.203 netmask 0xfffffff0 broadcast yy.yyy.yyy.207
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 405 parent interface: em0
mpd.conf section:
gamlet:
create bundle static BG
set bundle no noretry
set iface enable tcpmssfix
set iface route 10.112.0.0/24
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
create link static LG l2tp
set link action bundle BG
set link max-redial 0
set auth authname terra
set auth password XXXXXXXXX
set l2tp peer xx.xxx.xxx.220
open
st00$ sudo ping -c 1 -s 1500 10.113.1.1
PING 10.113.1.1 (10.113.1.1): 1500 data bytes
--- 10.113.1.1 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
st00 is a server, directly connected to send side (gamlet) server,
10.113.1.1 is ip from another interface on recv side (terra) server.
tcpdump on send side:
gamlet$ sudo tcpdump -vnpi ng0
tcpdump: listening on ng0, link-type NULL (BSD loopback), capture size 96 bytes
15:34:13.389575 IP (tos 0x0, ttl 63, id 15850, offset 0, flags [+], proto ICMP (1), length 1500)
10.112.0.22 > 10.113.1.1: ICMP echo request, id 1867, seq 0, length 1480
15:34:13.389601 IP (tos 0x0, ttl 63, id 15850, offset 1480, flags [none], proto ICMP (1), length 48)
10.112.0.22 > 10.113.1.1: icmp
^C
gamlet$ sudo tcpdump -vnpi vlan2103 'host yy.yyy.yyy.203'
tcpdump: listening on vlan2103, link-type EN10MB (Ethernet), capture size 96 bytes
15:34:13.389613 IP (tos 0x0, ttl 64, id 13971, offset 0, flags [+], proto UDP (17), length 1500)
xx.xxx.xxx.220.1701 > yy.yyy.yyy.203.19844: l2tp:[S](20293/43838)Ns=17,Nr=14 {IP truncated-ip - 39 bytes missing! (tos 0x0, ttl 63, id 15850, offset 0, flags [+], proto ICMP (1), length 1500)
10.112.0.22 > 10.113.1.1: ICMP echo request, id 1867, seq 0, length 1480}
15:34:13.389617 IP (tos 0x0, ttl 64, id 13971, offset 1480, flags [none], proto UDP (17), length 59)
xx.xxx.xxx.220 > yy.yyy.yyy.203: udp
15:34:13.389623 IP (tos 0x0, ttl 64, id 13972, offset 0, flags [none], proto UDP (17), length 87)
xx.xxx.xxx.220.1701 > yy.yyy.yyy.203.19844: l2tp:[S](20293/43838)Ns=18,Nr=14 {IP (tos 0x0, ttl 63, id 15850, offset 1480, flags [none], proto ICMP (1), length 48)
10.112.0.22 > 10.113.1.1: icmp}
^C
tcpdump on recv side:
terra$ sudo tcpdump -vnpi ng0
tcpdump: listening on ng0, link-type NULL (BSD loopback), capture size 96 bytes
15:33:16.084156 IP (tos 0x0, ttl 63, id 15850, offset 1480, flags [none], proto ICMP (1), length 48)
10.112.0.22 > 10.113.1.1: icmp
^C
terra$ sudo tcpdump -vnpi vlan405 'host yy.yyy.yyy.203'
tcpdump: listening on vlan405, link-type EN10MB (Ethernet), capture size 96 bytes
15:33:16.084035 IP (tos 0x0, ttl 60, id 13971, offset 1480, flags [none], proto UDP (17), length 59)
xx.xxx.xxx.220 > yy.yyy.yyy.203: udp
15:33:16.084065 IP (tos 0x0, ttl 60, id 13972, offset 0, flags [none], proto UDP (17), length 87)
xx.xxx.xxx.220.1701 > yy.yyy.yyy.203.19844: l2tp:[S](20293/43838)Ns=18,Nr=14 {IP (tos 0x0, ttl 63, id 15850, offset 1480, flags [none], proto ICMP (1), length 48)
10.112.0.22 > 10.113.1.1: icmp}
15:33:16.084151 IP (tos 0x0, ttl 60, id 13971, offset 0, flags [+], proto UDP (17), length 1500)
xx.xxx.xxx.220.1701 > yy.yyy.yyy.203.19844: l2tp:[S](20293/43838)Ns=17,Nr=14 {IP truncated-ip - 39 bytes missing! (tos 0x0, ttl 63, id 15850, offset 0, flags [+], proto ICMP (1), length 1500)
10.112.0.22 > 10.113.1.1: ICMP echo request, id 1867, seq 0, length 1480}
^C
As can i see, l2tp packets properly fragmented and transfered to recv
side, but only last icmp fragment, encapsulated into separate l2tp
packet, received on ng0 .
When i send not fragmented packets (ping -s 1472) or set mtu on ng
interface to lover value (set link mtu 1460 on mpd.conf) all works
properly. But this is not solution: i'm require fragmented packets, and
path mtu between vpn hosts can change.
--
LEFT-(UANIC|RIPE)
JID: levsha at jabber.net.ua
PGP fingerprint: 1BCD 7C80 2E04 7282 C944 B0E0 7E67 619E 4E72 9280
More information about the freebsd-net
mailing list