Re: [squid-users] TPROXY Timeouts on Select Websites

From: Matthew Goff <matt_at_goff.cc>
Date: Tue, 23 Oct 2012 16:11:25 -0500

On Mon, Oct 22, 2012 at 10:40 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> If I am reading that correctly you are saying the ICMPv6 'too big' packets
> are not going to Squid, but to the client machine?
> Which would make it a TPROXY bug, since the outbound connection from Squid
> is where the MTU should be lowered at the kernel level.
> Or are they *addressed* to the client machine and caught by TPROXY properly
> but MTU not respected?

Here is a tcpdump taken from my edge router. 2001:snip:9a0a is my
client machine. 2001:snip::1 is the LAN interface of the edge router
that this dump is from. I enabled v6 on my client and tried to access
"google.com" to get these results.

16:04:17.362562 IP6 2001:snip:9a0a.53616 >
den03s05-in-x11.1e100.net.www: Flags [S], seq 913579164, win 14400,
options [mss 1440,sackOK,TS val 61626579 ecr 0,nop,wscale 7], length 0
16:04:18.358639 IP6 2001:snip:9a0a.53616 >
den03s05-in-x11.1e100.net.www: Flags [S], seq 913579164, win 14400,
options [mss 1440,sackOK,TS val 61626829 ecr 0,nop,wscale 7], length 0
16:04:18.397759 IP6 den03s05-in-x11.1e100.net.www >
2001:snip:9a0a.53616: Flags [S.], seq 685180099, ack 913579165, win
14280, options [mss 1410,sackOK,TS val 1528504575 ecr
61626829,nop,wscale 6], length 0
16:04:18.397848 IP6 2001:snip:9a0a.53616 >
den03s05-in-x11.1e100.net.www: Flags [.], ack 1, win 113, options
[nop,nop,TS val 61626838 ecr 1528504575], length 0
16:04:18.398024 IP6 2001:snip:9a0a.53616 >
den03s05-in-x11.1e100.net.www: Flags [.], seq 1:1399, ack 1, win 113,
options [nop,nop,TS val 61626838 ecr 1528504575], length 1398
16:04:18.398159 IP6 2001:snip:1 > 2001:snip:9a0a: ICMP6, packet too
big, mtu 1280, length 1240
16:04:18.398181 IP6 2001:snip:9a0a.53616 >
den03s05-in-x11.1e100.net.www: Flags [P.], seq 1399:1742, ack 1, win
113, options [nop,nop,TS val 61626838 ecr 1528504575], length 343
16:04:18.443360 IP6 den03s05-in-x11.1e100.net.www >
2001:snip:9a0a.53616: Flags [.], ack 1, win 224, options [nop,nop,TS
val 1528504621 ecr 61626838,nop,nop,sack 1 {1399:1742}], length 0
16:04:18.630661 IP6 2001:snip:9a0a.53616 >
den03s05-in-x11.1e100.net.www: Flags [.], seq 1:1399, ack 1, win 113,
options [nop,nop,TS val 61626897 ecr 1528504621], length 1398
16:04:18.630839 IP6 2001:snip:1 > 2001:snip:9a0a: ICMP6, packet too
big, mtu 1280, length 1240
16:04:19.102673 IP6 2001:snip:9a0a.53616 >
den03s05-in-x11.1e100.net.www: Flags [.], seq 1:1399, ack 1, win 113,
options [nop,nop,TS val 61627015 ecr 1528504621], length 1398
16:04:19.102849 IP6 2001:snip:1 > 2001:snip:9a0a: ICMP6, packet too
big, mtu 1280, length 1240
16:04:20.046674 IP6 2001:snip:9a0a.53616 >
den03s05-in-x11.1e100.net.www: Flags [.], seq 1:1399, ack 1, win 113,
options [nop,nop,TS val 61627251 ecr 1528504621], length 1398
16:04:20.046851 IP6 2001:snip:1 > 2001:snip:9a0a: ICMP6, packet too
big, mtu 1280, length 1240
16:04:21.938682 IP6 2001:snip:9a0a.53616 >
den03s05-in-x11.1e100.net.www: Flags [.], seq 1:1399, ack 1, win 113,
options [nop,nop,TS val 61627724 ecr 1528504621], length 1398
16:04:21.938867 IP6 2001:snip:1 > 2001:snip:9a0a: ICMP6, packet too
big, mtu 1280, length 1240
Received on Tue Oct 23 2012 - 21:11:33 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 24 2012 - 12:00:04 MDT