Strange tos bits?

Tue, 20 May 2008 01:37:43 -0700 

Hello list,
I have a problem with an IPsec peer. My OpenBSD 4.1 responder (obsd in the tcpdump below) doesn't reply to pings in the tunnel. The initiator is an OpenBSD 4.1 appliance (not GENERIC kernel, but I don't think that's the problem). There are two NATed hosts behind the peer-gw, and one of them works fine. The len 160 packets are icmp echos btw. 


The problematic peer is sending packets that gets TOS 0x3. If I  
understand the ECN RFC correctly, this means the sending router has  
set the Congestion Experienced codepoint, ie it is congested. I see  
the point for TCP, but this is UDP, so I'm not sure what behaviour is  
expected.


Is OpenBSD dropping these packets because of this?

If the sending gateway is broken I just need to get back with a good  
explanation.



15:58:16.725725 peer-gw.19062 > obsd.4500: [no cksum] udpencap: esp  
peer-gw > obsd spi 0x916EDE15 seq 1 len 132 [tos 0x3 (EC)] (ttl 51, id  
1823, len 160)
15:58:19.737917 peer-gw.19062 > obsd.4500: [no cksum] udpencap: esp  
peer-gw > obsd spi 0x916EDE15 seq 2 len 132 [tos 0x3 (EC)] (ttl 51, id  
30812, len 160)
15:58:22.757857 peer-gw.19062 > obsd.4500: [no cksum] udpencap: esp  
peer-gw > obsd spi 0x916EDE15 seq 3 len 132 [tos 0x3 (EC)] (ttl 51, id  
29700, len 160)
15:58:25.778924 peer-gw.19062 > obsd.4500: [no cksum] udpencap: esp  
peer-gw > obsd spi 0x916EDE15 seq 4 len 132 [tos 0x3 (EC)] (ttl 51, id  
17471, len 160)
15:58:27.412816 peer-gw.22417 > obsd.4500: [no cksum] udpencap: esp  
peer-gw > obsd spi 0x01CE4B59 seq 41 len 132 (ttl 51, id 60525, len 160)
15:58:27.412897 obsd.4500 > peer-gw.22417: [no cksum] udpencap: esp  
obsd > peer-gw spi 0xDA9BB2EC seq 41 len 132 (ttl 64, id 20442, len 160)
15:58:28.799610 peer-gw.19062 > obsd.4500: [no cksum] udpencap: esp  
peer-gw > obsd spi 0x916EDE15 seq 5 len 132 [tos 0x3 (EC)] (ttl 51, id  
7672, len 160)
15:58:29.265331 peer-gw.22417 > obsd.4500: [udp sum ok] NAT-T  
Keepalive (ttl 51, id 35799, len 29)
15:58:32.772233 peer-gw.19062 > obsd.4500: [udp sum ok] NAT-T  
Keepalive [tos 0x3 (EC)] (ttl 51, id 11876, len 29)
15:58:36.919621 peer-gw.19062 > obsd.4500: [no cksum] udpencap: esp  
peer-gw > obsd spi 0x916EDE15 seq 6 len 132 [tos 0x3 (EC)] (ttl 51, id  
32119, len 160)



I'm trying to track down where these TOS bits are set, but have had no  
luck yet.


tia
        -martin















    











					Reply via email to