On Sat, 8 Jan 2005, Jay Teutenberg wrote:
We are up against an interesting problem.
We have several FBSD servers, the ones that are 5.x do not seem to be
able to respond to pings larger than 25152, but 4.x kernels can.
We are getting I/O errors from sendmail and want to make sure our
networking is ok. We have tried swapping cables, ports in the cisco cat
2912, swapped 3com905's, no luck.
Thanks all, my apologies if this is a bikeshed, I did my best to
research it. Found some postings in this group last year where someone
mentions this phenomena, but no fix or answer was offered.
http://lists.freebsd.org/pipermail/freebsd-questions/2004-April/044070.html
This is probably due to resource limits on the maximum number of fragments
that may be supported for an IP packet. You can take a look at the
fragment limits using sysctl:
net.inet.ip.maxfragpackets: 800
net.inet.ip.maxfragsperpacket: 16
If you increase maxfragsperpacket, you should be able to see FreeBSD
clients and servers handle ICMP pings larger in size. These resources
limits were put in place to address a widely observed denial of service
attack involving the delivery of many small fragments to hosts in a form
that prevents reassembly but consumes large amounts of memory and CPU.
Let me know if tweaking the above doesn't help, though!
Thanks,
Robert N M Watson
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]