-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Dan" == Dan Fraser <dfraser@capybara.org> writes:
    Dan> I'm using netbsd 1.6 PPPoE.  I see these problems on the local
    Dan> machine.

    Dan> PPPoE seems to set the interface MTU appropriately:

    Dan> pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST>
    Dan> mtu 1464 inet 66.96.18.31 -> 69.90.48.1 netmask 0xff000000
    Dan> inet6 fe80::280:c8ff:fef8:f2d3%pppoe0 -> :: prefixlen 64
    Dan> scopeid 0xa

    Dan> I do use ipnat for my home network, and I have it configured
    Dan> with mss-clamping.  It worked fine until yesterday.

  Well, the obvious question is, what did you change :-)

>tcpdump shows things like this (miso is on the real link):
>
>16:31:19.533221 PPPoE  [ses 0x618] miso.capybara.org.ssh >
>H31.C18.B96.tor.eicat.ca.59837: . [bad hdr length] (frag 2000:24@0+) [tos
>0x8]

  so, please add '-v' to tcpdump to see the actual bad length.
  It sounds like you have a device upstream that is now freaking out on
fragmented packets. 

  I would start calling your ISP.
  Does "ping -s 8000" cause the same kind of problem?

  {Do you have UDP/TCP hardware checksum offload enabled at either end?}

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQWHie4qHRg3pndX9AQEI8gP/au5z2xrV1n+NqRJ8HRATZc8SNZydvw7E
HCjaVEh3wYKj1u5J7E7vE63JMSoWOxWigiHialyVtoSyZs3f2y1k4F9xLDiJ3S2o
s9S4Z4U6xuFDH71YC1c7UmHT3Ytbx60yuIkoZrYyCyrqQ/nRdl/9bCpAILADU4O6
5zCZLIV3P20=
=KnqJ
-----END PGP SIGNATURE-----