Hi List, When using ipnat, part of ipfilter 4.1.13, I don't see any icmp packets being returned saying: Host Unreachable, frag needed and DF set. type 3, code 4 It does work if I am not using ipnat. Any ideas? Thanks, Steve -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson)
Stephen Clark wrote:>Hi List, > >When using ipnat, part of ipfilter 4.1.13, I don't see any >icmp packets being returned saying: >Host Unreachable, frag needed and DF set. >type 3, code 4 > >It does work if I am not using ipnat. > >Any ideas? > >Thanks, >Steve > > >Sorry for the noise - this seems to be OK. But the problem I am seeing relates to: Did something change in 6.2? If my mtu size on rl0 is 1280 it won't accept a larger incoming packet. kernel: rl0: discard oversize frame (ether type 800 flags 3 len 1514 > max 1294) I don't think it worked this way in the past. Won't this affect pmtud? man page for ifconfig says mtu limits size of "transmission" not reception. "mtu n Set the maximum transmission unit of the interface to n, default is interface specific." -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson)
On Wed, Jul 25, 2007 at 12:54:30PM +0100, Pete French wrote:> > lagg on RELENG_6 is currently broken due to subtle differences that > > wernt taken into account when it was MFCd. Can you please test this > > patch. > > Erp! Do you have any mor einfo on tyhis - what kinds of things does > this break ? Since lagg arrived I have deployed it on all our production > machines. It seems to work fine for me, I have to say, but I would like to > know what problems I might be about to encounter. > > Will apply and test your patch (though having seen no problems anyway I > am not sure how useful that will be).The MAC address was not set correctly on the lagg interface so all outgoing frames have the src of 00:00:00:00:00:00. This still worked in a lot of situations as the machine replied with the correct arp address and the configured laggports had the correct MAC. Most people didnt see a problem which is why this slipped through. tcpdump on another host with the -e flag and see what the src mac is. Andrew