On Thu, Jan 26, 2006 at 02:54:19PM -0500, der Mouse wrote:
> >> The real problem is on the other end: hosts which try to do PMTU-D,
> >> but are behind boxes (usually misconfigured firewalls) which drop
> >> the ICMPs necessary for PMTU-D to function.
> > Not only, some PPPoE setup just won't send the ICMP unreachable
> > message, because the equipement at which the MTU is lowered doesn't
> > appear at the IP level.
> 
> You mean things like ATM?  But that won't listen to the DF bit, either,
> will it?  So there's no issue (except the loss rate increase provoked
> by fragmentation).
> 
> Or you mean there are setups which silently drop too-large packets
> without any notification to anyone?  I have trouble calling those

The issue here is that the equipement can neither fragment nor return a ICMP
error message, because it's not an IP equipement. The packet is just dropped.

> anything better than grossly broken, and wouldn't worry about arranging
> for NetBSD to support them any more than I would about doing likewise
> for setups which, for example, drop packets containing 0xff octets:
> it's the responsibility of the IP-over-whatever layer to actually
> implement IP's semantics.

Yes, it's broken. But for me it's better this way than using a
ADSL router (instead of a ADSL to ethernet bridge) because I don't know
of an ADSL router which is not broken (not to talk about native IPv6 support).

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--