ICMP and discard oversize frame - BSD

This is a discussion on ICMP and discard oversize frame - BSD ; Hello, I am running a FreeBSD router with two ethernet cards. I have reduced the MTU to 800 in order to generate ICMP packet "Fragmentation needed but DF was set". I can find in log : rl1: discard oversize frame ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: ICMP and discard oversize frame

  1. ICMP and discard oversize frame

    Hello,

    I am running a FreeBSD router with two ethernet cards. I have reduced
    the MTU to 800 in order to generate ICMP packet "Fragmentation needed
    but DF was set". I can find in log :

    rl1: discard oversize frame (ether type 800 flag 3 len 875 > max 814)

    But there is no ICMP sent. By default, is this feature disabled ? How
    can I see these ICMP packets generated ?

    Regards.

    Eric

  2. Re: ICMP and discard oversize frame

    Eric Boudrand writes:

    >I am running a FreeBSD router with two ethernet cards. I have reduced
    >the MTU to 800 in order to generate ICMP packet "Fragmentation needed
    >but DF was set".


    These messages are generated when a router forwards a packet from
    an interface with a large MTU to an interface with a small MTU.

    > I can find in log :


    >rl1: discard oversize frame (ether type 800 flag 3 len 875 > max 814)


    What you see here is a packet received on an interface with a small
    MTU that is bigger than the MTU, only one interface is involved.

    David.

  3. Re: ICMP and discard oversize frame

    Eric Boudrand wrote:

    > Hello,
    >
    > I am running a FreeBSD router with two ethernet cards. I have reduced
    > the MTU to 800 in order to generate ICMP packet "Fragmentation needed
    > but DF was set". I can find in log :
    >
    > rl1: discard oversize frame (ether type 800 flag 3 len 875 > max 814)
    >
    > But there is no ICMP sent. By default, is this feature disabled ? How
    > can I see these ICMP packets generated ?
    >
    > Regards.
    >
    > Eric


    sysctl -a |grep mtu will tell you if it's "on", which it should be by
    default. Run tcpdump on the exterior interface, log it to a file, then
    examine the file in wireshark is what I do.

    I truly do not understand what you are trying to accomplish with the above.
    I have a 'scrub in on $ExtIF all fragment reassemble' rule in my pf.conf so
    the firewall only filters complete packets. As far as Path-MTU discovery I
    cover that with:

    pass in quick on $ExtIF inet proto icmp all icmp-type 3 code 4

    Generally speaking a type 3 code 4 will get set by some router upstream from
    you in response to traffic headed towards you. It will send back towards
    the originator the ICMP and in such a case you will not see anything as the
    traffic is between that router and someone else.

    The only time you should see anything related to Path-MTU discovery is if
    you emit outbound traffic that has an MTU larger than some router in the
    circuit. Should this happen you will get back a type 3 code 4. At least
    this is my understanding, which is limited at best.

    Some people associate ICMP stuff with "hacking activity" so they block it
    unnecessarily. This causes side effects and is generally a bad idea (IMHO
    YMMV) As far as what you are trying to achieve I don't have a clue.

    Generally you should only be concerned with MTU if there is a mismatch
    between you and your ISP. I got lucky with Verizon's crappy DSL in that
    they set the MTU to 1540 in compensation for PPPoE overhead so that after
    processing by the modem/router it is 1500 which matches the rest of my
    interior LAN. Many other providers are different and the most common thing
    is the need to drop to 1492.

    -Jason




  4. Re: ICMP and discard oversize frame

    Jason,

    > I truly do not understand what you are trying to accomplish with the above.
    > I have a 'scrub in on $ExtIF all fragment reassemble' rule in my pf.conf so
    > the firewall only filters complete packets. As far as Path-MTU discovery I
    > cover that with:
    >
    > pass in quick on $ExtIF inet proto icmp all icmp-type 3 code 4


    I am trying Path-MTU discovery as you correctly guessed. Thank you for
    your answer.

    Regards.

    Eric

+ Reply to Thread