Date: Sun, 21 Nov 2004 20:28:07 +0100 From: Max Laier <max@love2party.net> To: freebsd-net@freebsd.org Cc: Pawel Worach <pawel.worach@telia.com> Subject: Re: SACK (and PF) wierdness Message-ID: <200411212028.15015.max@love2party.net> In-Reply-To: <419EBE2E.9080108@telia.com> References: <419EBE2E.9080108@telia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1338536.3Tir5yaH6v Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Pawel, On Saturday 20 November 2004 04:46, Pawel Worach wrote: > I bumped into a wierd problem with SACK. > > Basically my setup is. > 192.168.1.10 .-crossover 192.168.1.200 > ftp server fxp0<->wireless ap<-> ~~~ <->laptop wireless ath0 > > I run ftp from the laptop to the server. > This is what happens: > ftp> get zero > local: zero remote: zero > 200 EPRT command successful. > 150 Opening BINARY mode data connection for 'zero'. > 476 KB 299.53 KB/s > 426 Data connection: Operation not permitted. > 487424 bytes received in 00:01 (299.49 KB/s) > > I started to look at tcpdump while this was happening and quickly > noticed that the connection got dropped by PF when SACK kicked in. > > pf: BAD state: TCP 192.168.1.10:20 192.168.1.10:20 192.168.1.200:50640=20 > [lo=3D3604799807 high=3D3604800103 win=3D33304 modulator=3D0 wscale=3D1]= =20 > [lo=3D4089843176 high=3D4089909784 win=3D33304 modulator=3D0 wscale=3D1] > 4:4 FPA seq=3D3604799807 ack=3D4089843176 len=3D296 ackskew=3D0 pkts=3D24= 97:1693=20 > dir=3Dout ,fwd =20 > pf: State failure on: 1 | This is an "off by one" due to the FIN flag - I suppose. 3604799807 + 296 i= s=20 3604800103, but the +1 from the FIN flag brings that out of window and caus= es=20 PF to drop the packet. > Nov 20 04:27:40 <kern.crit> darkstar kernel: pf: BAD state: TCP=20 > 192.168.1.10:20 192.168.1.10:20 192.168.1.200:58378 [lo=3D1373010668 > high=3D1373010980 win=3D33304 mod ulator=3D0 wscale=3D1] [lo=3D3742879382 > high=3D3742945990 win=3D33304 modulator=3D0 wscale=3D1 ] 4:4 A seq=3D1373= 010668 > ack=3D3742879382 len=3D1448 ackskew=3D0 pkts=3D1266:851 dir=3Dout,f wd > Nov 20 04:27:40 <kern.crit> darkstar kernel: pf: State failure on: 1 = =20 > | Nov 20 04:27:40 <kern.crit> darkstar kernel: pf: BAD state: TCP > 192.168.1.10:20 192.168.1.10:20 192.168.1.200:58378 [lo=3D1373010668 > high=3D1373010980 win=3D33304 mod ulator=3D0 wscale=3D1] [lo=3D3742879382 > high=3D3742945990 win=3D33304 modulator=3D0 wscale=3D1 ] 4:4 A seq=3D1373= 010668 > ack=3D3742879382 len=3D1448 ackskew=3D0 pkts=3D1266:851 dir=3Dout,f wd These two make no sense at all (at least to me). seq + len is over the wind= ow=20 by 1136 and I don't have the slightest clue why that would be the case. I a= m=20 also a bit surprised that the two (three) state failures are so close=20 together (04:27:35 and 04:27:40). Really strange. > If I disable sack on the ftp server everything works fine. > > I can reproduce this problem 100%, I have never managed to transfer more > than 3Mb via ftp when SACK is on, with it off I see no problems, 11Mbit > wireless at ~650Kb/s > > Attached are three tcpdumps of the ftp data channel after a 'get > /dev/zero'. (I picked out the smallest ones, dropped after about 400kb of > zeros) They didn't make it to the Mailinglist - I am afraid. Can you upload it=20 somewhere or try to resend it via private mail? I'd be very interested. > related pf.conf rules, on ftp server: > pass out log quick on fxp0 inet proto tcp from fxp0 to any flags S/SA keep > state queue (bulk, fast) > and on client: > pass in log quick inet proto tcp from any port 20 to <firewall> port >=3D > 1024 flags S/SA keep state > > Any ideas? More info? Not yet. But the "off by one" that triggered the first failure should be=20 tracked. I am not a TCP-expert myself, so I hope somebody can jump in here.= =20 Thanks. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1338536.3Tir5yaH6v Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBoOxOXyyEoT62BG0RAsltAJ9ts0OyMi4FUKA2CEWJ3gCDKN6/DwCeOW1U TRjo5wJBYaJu5wmDPQyHbN4= =zs43 -----END PGP SIGNATURE----- --nextPart1338536.3Tir5yaH6v--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200411212028.15015.max>