On Mon, 2003-09-22 at 15:52, Nigel Metheringham wrote:
> On Mon, 2003-09-22 at 13:00, Martin Josefsson wrote:
> > Could you please apply the attached patch and reproduce it again?
> > It's just a small patch that enables a little debugging for this.
>
> Very odd - I am seeing ICMPs generated:-
> # /usr/sbin/tcpdump -n -i eth0 icmp
> tcpdump: listening on eth0
> 15:26:12.146557 192.168.50.119 > 172.16.28.33: icmp: 10.0.2.2
> unreachable - need to frag (mtu 1450) [tos 0xc0]
>
> but no extra chatter in dmesg despite ensuring dmesg -n is turned up.
> Checking the module object file shows the extra log messages in there,
> so its not me doing something completely silly.
>
> Putting a
> iptables -t mangle -A FORWARD -p tcp --syn -j TCPMSS \
> --clamp-mss-to-pmtu
>
> in appears to fix things for me.
Took a closer look.
If I put that mangle rule in then:-
* I see no ICMP packets on the wire between the originating box
and the linux g/w (tested in 2 places to make sure I don't have
any packet sniffing/netfilter interactions). Previously I saw
ICMP need frag packets as quoted above
* those icmp_reply log messages appear to fire on each and every
packet
icmp_reply: outer SRC -> 192.168.50.119
icmp_reply: inner DST -> 192.168.50.119 1500
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@xxxxxxxxxxxxxxxxxx ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
