Please UN-set 'Don't Fragment' bit

Reception, channel detection, network issues, CableCARD setup, etc.
Post Reply
dslee
Posts: 4
Joined: Sat Jun 15, 2019 1:12 pm

Please UN-set 'Don't Fragment' bit

Post by dslee » Wed Jul 03, 2019 6:45 am

Hi there,

I'm an IT pro and have a SonicWALL installed at my house with several VLAN'd wifi networks on different subnets.

After many hours of troubleshooting, trying to get the HDHR app working from my iPad client, we have determined (working with a SonicWALL specialist) that the likely issue of the SonicWALL dropping response packets from the HDHR (responding to a UDP broadcast on port 65001), is that these packets have the 'Don't Fragment' bit set, and the SonicWALL simply drops these packets, and nothing we can do will circumvent this from happening.

Unfortunately, because the firewall traversal is between LAN subnets, the 'Ignore DF Bit' option is not available, so the only 'solution' will be for SiliconDust to un-set the DF flag in the packet.

This particular response packet appears to simply be the HDHR responding back to the initial broadcast to say "Here's the URL's for you to connect" so I doubt this change will have any affect on the system functionality.

Reference https://tools.ietf.org/html/rfc791, which states:


Fragmentation of an internet datagram is necessary when it originates in a local net that allows a large packet size and must traverse a local net that limits packets to a smaller size to reach its destination.

An internet datagram can be marked "don't fragment." Any internet datagram so marked is not to be internet fragmented under any circumstances. If internet datagram marked don't fragment cannot be delivered to its destination without fragmenting it, it is to be discarded instead.

Thank you!

David

nickk
Silicondust
Posts: 15524
Joined: Tue Jan 13, 2004 9:39 am

Re: Please UN-set 'Don't Fragment' bit

Post by nickk » Wed Jul 03, 2019 10:31 am

Hi,

Checking, what model of HDHomeRun do you have (or what is the Device ID)?

Nick

dslee
Posts: 4
Joined: Sat Jun 15, 2019 1:12 pm

Re: Please UN-set 'Don't Fragment' bit

Post by dslee » Wed Jul 03, 2019 10:47 am

Model: HDHR5-2US
Device ID: 10647183
Firmware: 20190621

nickk
Silicondust
Posts: 15524
Joined: Tue Jan 13, 2004 9:39 am

Re: Please UN-set 'Don't Fragment' bit

Post by nickk » Wed Jul 03, 2019 12:02 pm

I ran a packet capture and confirmed the DF flag is set on HDHomeRun models that use a Linux kernel for UDP. This seems to be the default behavior.

The packets are small enough that they are not allowed to be fragmented anyway, so the flag shouldn't make a difference either way.

It seems odd that your router is dropping DF frames when it doesn't need to fragment - if confirmed this seems like a fault in the router.
Likewise it shouldn't be ignoring the DF flag - if it needs to fragment and the DF flag is set it should drop as requested by the sender.

I will run some more tests here and talk it through. Can you please double check with your router vendor - see if it is a known fault.

Nick

nickk
Silicondust
Posts: 15524
Joined: Tue Jan 13, 2004 9:39 am

Re: Please UN-set 'Don't Fragment' bit

Post by nickk » Wed Jul 03, 2019 12:41 pm

I tested a Linux Desktop and it set the DF flags - seems to be the normal behavior.

gtb
Expert
Posts: 3985
Joined: Thu Oct 06, 2011 1:00 pm
Location: Sunnyvale, CA USA

Re: Please UN-set 'Don't Fragment' bit

Post by gtb » Wed Jul 03, 2019 1:10 pm

nickk wrote:
Wed Jul 03, 2019 12:02 pm
It seems odd that your router is dropping DF frames when it doesn't need to fragment - if confirmed this seems like a fault in the router.
Likewise it shouldn't be ignoring the DF flag - if it needs to fragment and the DF flag is set it should drop as requested by the sender.
Actually, it should typically respond with a "too big" ICMP if it does need to fragment. But you are correct, if the router does not need to fragment, it is just brain dead to drop packets with DF set, [removed by moderator]. Btw, there is a "ignore DF bit" in the configs somewhere. And in any case, since forwarding across LANs is not the device target, fixups should be reasonably expected to be a customer responsibility.

dslee
Posts: 4
Joined: Sat Jun 15, 2019 1:12 pm

Re: Please UN-set 'Don't Fragment' bit

Post by dslee » Fri Jul 05, 2019 10:40 am

Taking another look and the packet getting dropped is only 151 bytes - far below the 1500MTU/byte setting on the LAN, so I agree, this should not be the cause of the drop.

There is no ability to ignore the DF bit on the LAN side - there is a 'clear DF' option in the backend diag.html page, but that didn't help either.

Will continue looking at this with SonicWALL support as time permits.

Thanks for the replies all.

nickk
Silicondust
Posts: 15524
Joined: Tue Jan 13, 2004 9:39 am

Re: Please UN-set 'Don't Fragment' bit

Post by nickk » Fri Jul 05, 2019 12:47 pm

To be clear, the firewall shouldn't be configured to ignore the DF flag... the firewall should obey the DF flag.

Are you sure the packet is being dropped and that DF bit is the reason?

Nick

dslee
Posts: 4
Joined: Sat Jun 15, 2019 1:12 pm

Re: Please UN-set 'Don't Fragment' bit

Post by dslee » Fri Jul 05, 2019 1:35 pm

I'm sure it's being dropped, but it's not clear if DF is the issue. It seems to me it shouldn't be the cause if the size of the packet is under 1500 bytes (which it is).

I will update the thread when I find out more.

Thank you.

nickk
Silicondust
Posts: 15524
Joined: Tue Jan 13, 2004 9:39 am

Re: Please UN-set 'Don't Fragment' bit

Post by nickk » Fri Jul 05, 2019 2:19 pm

Thinking, it is normal for a router to drop (ie not forward) 255.255.255.255 broadcast packets unless you set up some form of custom forwarding rule.

Post Reply