Re: DF bit - Dont Fragment
On June 21, 2004 09:50 am, Andrew Miehs wrote:
> tried that... But that seemed just to disable PMTU Discovery, and not
> disbale the 'DF' bit... (After the traffic between myself and the server
> via a CIPE tunnel stopped working when the packets got tooo large)
> - Or is there a bug in packet fragmentation in the linux kernel?
Hmmm, I did try it hear and my outgoing packets lacked the DF bit as soon as I
made that change. Replies are up to the other side of the connection so they
may or may not set DF as far as I can tell.
If large packets are being blocked then there is definitely a bug, whether
it's in the Linux kernel (doubtful), cipe, your firewall (?) or in an
upstream router is impossible for me to tell.
My bet would be that someone is blocking icmp messages (you, your firewall,
your ISP?). There's a really good explanation of PMTU at
http://www.netheaven.com/pmtu.html that should explain all that for you.
As someone else suggested you can lower the MTU and probably get around the
problem but it would be better to try and figure out which router is blocking
your PMTU attempts ... play with the -M option to ping (at least in
iputils-ping from testing).
Of course I've never used CIPE so I may be totally off base.
Fraser Campbell <firstname.lastname@example.org> http://www.wehave.net/
Georgetown, Ontario, Canada Debian GNU/Linux