From owner-freebsd-current@FreeBSD.ORG Fri Apr 20 11:40:18 2007 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E0CFD16A408 for ; Fri, 20 Apr 2007 11:40:18 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id 51CF813C4BA for ; Fri, 20 Apr 2007 11:40:18 +0000 (UTC) (envelope-from andre@freebsd.org) Received: (qmail 52510 invoked from network); 20 Apr 2007 11:03:44 -0000 Received: from dotat.atdotat.at (HELO [62.48.0.47]) ([62.48.0.47]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 20 Apr 2007 11:03:44 -0000 Message-ID: <4628A6A0.40102@freebsd.org> Date: Fri, 20 Apr 2007 13:40:16 +0200 From: Andre Oppermann User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b) Gecko/20050217 MIME-Version: 1.0 To: Krassimir Slavchev References: <46272B99.9090100@bulinfo.net> <20070419223759.GA4051@turion.vk2pj.dyndns.org> <462868FF.2050008@bulinfo.net> In-Reply-To: <462868FF.2050008@bulinfo.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Peter Jeremy , freebsd-current@freebsd.org Subject: Re: network problems? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Apr 2007 11:40:19 -0000 Krassimir Slavchev wrote: > Peter Jeremy wrote: > >> On 2007-Apr-19 11:43:05 +0300, Krassimir Slavchev >> wrote: >> >> >>> The problem is when I try to access ftp servers, the connection >>> stalls randomly. Also I can't do cvsup and fetch. >>> This happens only with machines running -current and when the traffic >>> is passed through router based on FreeBSD 4.4. One of the test >>> machines is my notebook which have installed 7.0-CURRENT (from today) >>> and 5.4-STABLE and I see this problem only with -current. >>> >> >> >> The default TCP send and receive spaces were increased just after >> RELENG4 was branched. The new receive space requires window scaling >> to be used. I know that some versions of IPfilter have bugs in their >> window scaling code and incorrectly block packets as "out of window". >> >> You could try reducing net.inet.tcp.recvspace or disabling >> net.inet.tcp.rfc1323 and see if that helps. (Though RELENG5 should >> also be affected if this is the problem). >> > > Disabling net.inet.tcp.rfc1323 solves the problem. Decreasing > net.inet.tcp.recvspace (16384 on 4.x) increases stallages. > >> Are you in a position to run tcpdump on your router? If so, can you >> tcpdump both the internal and external interfaces and find packets >> that don't make it thru? >> > > Yes. I can do this when the traffic is minimal. > > It is very strange that both 6.2 and 5.4 have the same settings as 7.0: > > net.inet.tcp.recvspace: 65536 > net.inet.tcp.rfc1323: 1 > > but the problem is with 7.0 only. 7-current uses larger receive windows with a higher scaling factor. If your firewall doesn't correctly track that you get the problem you are describing. In pf based firewalls it is a common thing to misplace the keep-state rule. -- Andre