Currently when FreeBSD responds to a ICMP Echo Request, it takes the original mbuf, rewrites a couple of fields (like the src/dst IP and the ICMP type), and then sends that mbuf back. As things are currently implemented, the Don't Fragment bit is kept in the ICMP replay. This can cause problems for large ICMP Echo Requests if the MTU on the return route is less than the MTU on the incoming route and the DF bit is set(Linux's ping command sets it by default). Is it intended that the DF bit from the Request be copied into the Reply? If not, this patch fixes the issue for me:
--- ip_icmp.c 2011-10-06 14:54:14.000000000 -0400 +++ ip_icmp.c 2011-10-06 15:12:27.000000000 -0400 @@ -767,6 +767,7 @@ #endif ip->ip_src = t; ip->ip_ttl = V_ip_defttl; + ip->ip_off = 0; if (optlen > 0) { register u_char *cp; _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"