8.1 Box does not react on ICMP "unreachable - need to frag"
Axel Rau
Axel.Rau at Chaos1.DE
Tue Jan 18 10:00:58 UTC 2011
Hi,
DB2 is a DB server with fbsd 8.1-REL. The SQL query comes in through 2
Obsd 4.8 firewalls(GW2).
The DB server returns its query results successfully until an
oversized message is being sent (with "DF" set), which the GW2 refuses
with an ICMP "unreachable - need to frag (mtu 1492)":
DB2 -> GW1:
-----
20:16:09.197968 IP (tos 0x0, ttl 64, id 35523, offset 0, flags [DF],
proto TCP (6), length 1492)
172.16.1.41.5432 > 1.2.3.4.36741: Flags [.], ack 2263, win 8280,
options [nop,nop,TS val 2186418648 ecr 3227350928], length 1440
-----
GW1 -> DB2:
-----
20:16:09.374817 IP (tos 0x0, ttl 255, id 10226, offset 0, flags
[none], proto ICMP (1), length 56)
172.16.1.1 > 172.16.1.41: ICMP 1.2.3.4 unreachable - need to frag
(mtu 1492), length 36
IP (tos 0x0, ttl 64, id 36148, offset 0, flags [DF], proto TCP (6),
length 1492)
172.16.1.41.5432 > 1.2.3.4.36741: tcp 1464 [bad hdr length 8 - too
short, < 20]
----
Question:
1. Shouldn't DB2 fragment and resend the packet?
2. Why is the "DF" set? This prevents GW2 from doing the fragmentation.
3. What can I do to resolve the issue?
I have 3 different MTUs in use and don't want set the DB server to the
smallest.
Axel
---
axel.rau at chaos1.de PGP-Key:29E99DD6 +49 151 2300 9283 computing @
chaos claudius
More information about the freebsd-net
mailing list