From owner-freebsd-net@FreeBSD.ORG Wed Apr 9 08:13:57 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8340D1065670 for ; Wed, 9 Apr 2008 08:13:57 +0000 (UTC) (envelope-from anders@FreeBSD.org) Received: from fupp.net (totem.fix.no [80.91.36.20]) by mx1.freebsd.org (Postfix) with ESMTP id 0A04D8FC1A for ; Wed, 9 Apr 2008 08:13:56 +0000 (UTC) (envelope-from anders@FreeBSD.org) Received: from localhost (totem.fix.no [80.91.36.20]) by fupp.net (Postfix) with ESMTP id 476D18DAA51; Wed, 9 Apr 2008 09:55:53 +0200 (CEST) Received: from fupp.net ([80.91.36.20]) by localhost (totem.fix.no [80.91.36.20]) (amavisd-new, port 10024) with LMTP id CkJqkam47RyG; Wed, 9 Apr 2008 09:55:52 +0200 (CEST) Received: by fupp.net (Postfix, from userid 1000) id 5E5408DAA47; Wed, 9 Apr 2008 09:55:52 +0200 (CEST) Date: Wed, 9 Apr 2008 09:55:52 +0200 From: Anders Nordby To: s3raphi Message-ID: <20080409075552.GA19027@fupp.net> References: <47D860AC.6030707@freebsd.org> <16497816.post@talk.nabble.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <16497816.post@talk.nabble.com> X-PGP-Key: http://anders.fix.no/pgp/ X-PGP-Key-FingerPrint: 1E0F C53C D8DF 6A8F EAAD 19C5 D12A BC9F 0083 5956 User-Agent: Mutt/1.5.17 (2007-11-01) Cc: freebsd-net@freebsd.org Subject: Re: TCP options order changed in FreeBSD 7, incompatible with some routers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Apr 2008 08:13:57 -0000 Hi, I had the same problem, and temporarily worked around it by disabling SACK: sysctl net.inet.tcp.sack.enable=0 Which solved my problems. It would be interesting to see if this helps you also? If so, it seems this issue is related to SACK and TCP order maybe? Hmm. On Fri, Apr 04, 2008 at 01:14:19PM -0700, s3raphi wrote: > I upgraded many web servers to FreeBSD 7.0-Release several weeks ago. These > servers serve hundreds of thousands of users. Since then, we have had many > users complain that they cannot connect to these servers any more. This was > a very tricky problem to diagnose, but using packet captures on both the > servers and the clients who have the problem I ended up with the same > results as the original poster. The user can ping the server with ICMP. The > user cannot complete a TCP connection. > Client sends SYN to server > Server responds SYN/ACK > Client packet capture does not show the SYN/ACK arrive. > Connection fails. > > The windows client was running wireshark. > > This problem is specific to windows, but also the network it is on or > devices it goes through. The same user experiencing the problem tried to > connect using a mac, and the problem does not manifest itself. Both the mac > and the windows pc were on the same network, behind the same SOHO router, > same ISP, and talking to the same FreeBSD7.0-RELEASE server. > > Baffled by what the problem could have been, I stood up one of the old > FreeBSD 6.1 servers which had not yet been replaced with FreeBSD7. The user > has no trouble at all accessing the FreeBSD 6.1 server. > > More interesting info: > -This makes it look like windows: > Fails: WindowsXPpro PC -> SOHO -> ISP -> Internet -> MyDataCenter -> > FreeBSD7 > Works: MacBook -> SOHO -> ISP -> Internet -> MyDataCenter -> FreeBSD7 > > -This makes it look like the network(router/firewall/etc..): > If the WindowsPC connects to our office VPN, the connection to the FreeBSD7 > server will work without issue. > > The problem is specific to some combination of Windows and networks or > network devices. I have seen users on many different ISPs, and with many > different flavors of routers/firewalls. > > -The problem only effects a small percentage of our users. Most of our > Windows users have no issue. > > This is a very serious problem for anyone using FreeBSD7 in production as an > internet facing server as a huge percentage of clients will be windows, and > a percentage of those users will no longer be able to use your web services. > > Can the patch be made available to freebsd-update? > > -Seraphi > > > Matt Reimer wrote: > > > > On Thu, Mar 20, 2008 at 7:09 PM, d.s. al coda > > wrote: > >> On 3/12/08, Andre Oppermann wrote: > >> > >> > > >> > >> > I'd be very interesting to know the exactly models and their firmware > >> > version > >> > of the affected routers. If available locally I'd like to obtain a > >> > similar > >> > model myself for future regression tests. > >> > >> > >> Here are the models we managed to hear about via email: > >> D-Link WBR-1310 > >> Linksys WCG200 (with firewall enabled) > >> Encore Broadband Router > >> Linksys WAG354G > >> Ambit U10C019 > >> Netgear CG814GCMR > > > > I've seen this on a Netgear CG814WG. > > > > Matt > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > > > -- > View this message in context: http://www.nabble.com/TCP-options-order-changed-in-FreeBSD-7%2C-incompatible-with-some-routers-tp15996110p16497816.html > Sent from the freebsd-net mailing list archive at Nabble.com. > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Anders.