From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id DBA771381F3 for ; Sun, 1 Sep 2013 11:17:40 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 693ADE0D14; Sun, 1 Sep 2013 11:17:31 +0000 (UTC) Received: from mail-wg0-f46.google.com (mail-wg0-f46.google.com [74.125.82.46]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4E299E0AEF for ; Sun, 1 Sep 2013 11:17:30 +0000 (UTC) Received: by mail-wg0-f46.google.com with SMTP id k13so3427728wgh.25 for ; Sun, 01 Sep 2013 04:17:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=oKcMI4HVI+75Lk2Enp+D8IJxeTUiVAMeVYD0tdodSys=; b=BcNnIYcC57zjVMa4Y5sTW5e4ixF2Dm/wNJiLdYgvWI+CjlUCmo0a3uulZXC4nGa1x6 5V8xHgv3k0js6N0ZI3j+2Px41/e+WVlEXN4VGRY4FzA5uhMeExy7l2gxHMKEW1wxfTpn LEkMHEhwjYHQdTYHXc+Yiaj5IxKtyEkqYEvcaOmJ+n2iIEM7kS1SyRw9gV9k009Ywz3O mVI+oZeti/peOA0InKsIRkvYObZMabISdAtw6sRN5qC/NvuxWKWWf2b6MlxZtnck+Hav ksTtGT/c317F7yoDqshXLHrdvEVq1D9tYnYIBPOi+Tkx1QTak2QTSWjeW3MMeRsNz3gG 5e8A== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.180.89.175 with SMTP id bp15mr9291157wib.56.1378034248898; Sun, 01 Sep 2013 04:17:28 -0700 (PDT) Received: by 10.194.93.199 with HTTP; Sun, 1 Sep 2013 04:17:28 -0700 (PDT) In-Reply-To: <201309010937.48181.michaelkintzios@gmail.com> References: <201308271527.09340.michaelkintzios@gmail.com> <201309010937.48181.michaelkintzios@gmail.com> Date: Sun, 1 Sep 2013 04:17:28 -0700 Message-ID: Subject: Re: [gentoo-user] PMTUD From: Grant To: Gentoo mailing list Content-Type: text/plain; charset=ISO-8859-1 X-Archives-Salt: 03b5fe73-593d-45df-9bc8-1dbce8162596 X-Archives-Hash: a908cff636982852aff547b8f4daeefd > Communications between IPv4 end points use PMTUD by setting a Don't Fragment > (DF) bit in the headers of the outgoing packet. If a router/server along the > path has a smaller MTU, it will drop that packet and respond with an ICMP > 'Destination Unreachable -- Fragmentation Needed' packet including its smaller > MTU value. Upon receiving this smaller packet value the initiating host will > dynamically reduce the size of the outgoing packets, until the packet arrives > at its intended destination. PMTUD should always be switched on in any well > behaving network implementation, but here's the rub: some network nodes, > firewalls, servers are configured to never respond with *any* ICMP packets > (because they think that this is a way to avoid DDoS problems and the like). > Therefore, the initiating host keeps sending large packets never knowing that > they are dropped on the way. This network problem is known as a PMTUD black > hole and is explained better here: Could ICMP packets not getting through be to blame for my proxy server problem? My laptop can't seem to ping anyone (blocked at the firewall in this hotel I suppose) and certainly the proxy server can't ping my laptop. - Grant