From owner-freebsd-net  Thu Jul 11  3:55:38 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1523C37B400
	for <net@freebsd.org>; Thu, 11 Jul 2002 03:55:32 -0700 (PDT)
Received: from hotmail.com (f255.law14.hotmail.com [64.4.20.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 82C0D43E42
	for <net@freebsd.org>; Thu, 11 Jul 2002 03:55:31 -0700 (PDT)
	(envelope-from alexdyas@hotmail.com)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 11 Jul 2002 03:55:31 -0700
Received: from 194.6.2.163 by lw14fd.law14.hotmail.msn.com with HTTP;
	Thu, 11 Jul 2002 10:55:31 GMT
X-Originating-IP: [194.6.2.163]
From: "Alex Dyas" <alexdyas@hotmail.com>
To: net@freebsd.org
Subject: BSD / Firewall / 0 window size problem
Date: Thu, 11 Jul 2002 10:55:31 +0000
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_62e2_3a0_21fe"
Message-ID: <F255DapE6dEeQkhtzmC0000d00a@hotmail.com>
X-OriginalArrivalTime: 11 Jul 2002 10:55:31.0398 (UTC) FILETIME=[79A1CE60:01C228C9]
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

This is a multi-part message in MIME format.

------=_NextPart_000_62e2_3a0_21fe
Content-Type: text/plain; format=flowed

Hi,

I hope someone can help me with this, I've been struggling with it for quite 
some time now.

The set up:

bsdbox.foo.com -> internal GNAT firewall -> otherbox.foo.com

where bsdbox.foo.com has been anything from 4.0 to 4.5, and otherbox.foo.com 
is anything from FreeBSD, Solaris 2.7, Solaris 2.8

The problem is delays when telnetting from the BSD box to the Solaris box.  
I open and use the telnet session no problem.  However, if I leave the 
session alone for more than about 15 seconds it will lock up.  The lock up 
will last for about 8 seconds before it lets me type again.

This is not fun.

The only clue I've managed to find as to what is going on is in a tcpdump of 
the session (attached).  The trigger for the lock up seems to be a messages 
from the Otherbox machine setting the window size to 0 :

10:41:38.614141 otherbox.foo.com.telnet > bsdbox.foo.com.2230: . ack 154 win 
0
10:41:38.614200 bsdbox.foo.com.2230 > otherbox.foo.com.telnet: . ack 337 win 
33304 <nop,nop,timestamp 9026230 147804149> (DF) [tos 0x10]

I've tried all the following scenarios, none of which exhibit the same 
problem, which is why I think the problem is with FreeBSD :

bsdbox.foo.com -> otherbox.foo.com
solarisbox.foo.com -> internal GNAT firewall -> otherbox.foo.com
windowsbox.foo.com -> internal GNAT firewall -> otherbox.foo.com
linuxbox.foo.com -> internal GNAT firewall -> otherbox.foo.com

No blocks are seen on the firewall.

Any ideas/pointers/suggestions/fixes at all much appreciated.

Alex...

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

------=_NextPart_000_62e2_3a0_21fe
Content-Type: text/plain; name="tcpdump.txt"; format=flowed
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="tcpdump.txt"

10:41:22.149761 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: P 
146:148(2) ack 285 win 33304 <nop,nop,timestamp 9024584 147802840> (DF) [tos 
0x10]
10:41:22.150396 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
285:287(2) ack 148 win 24616 <nop,nop,timestamp 147804072 9024584> (DF)
10:41:22.249151 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 287 
win 33304 <nop,nop,timestamp 9024594 147804072> (DF) [tos 0x10]
10:41:22.249515 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
287:298(11) ack 148 win 24616 <nop,nop,timestamp 147804082 9024594> (DF)
10:41:22.349154 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 298 
win 33304 <nop,nop,timestamp 9024604 147804082> (DF) [tos 0x10]
10:41:22.380132 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: P 
148:150(2) ack 298 win 33304 <nop,nop,timestamp 9024607 147804082> (DF) [tos 
0x10]
10:41:22.380644 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
298:300(2) ack 150 win 24616 <nop,nop,timestamp 147804095 9024607> (DF)
10:41:22.484269 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 300 
win 33304 <nop,nop,timestamp 9024617 147804095> (DF) [tos 0x10]
10:41:22.484920 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
300:311(11) ack 150 win 24616 <nop,nop,timestamp 147804105 9024617> (DF)
10:41:22.579160 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 311 
win 33304 <nop,nop,timestamp 9024627 147804105> (DF) [tos 0x10]
10:41:22.599564 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: P 
150:152(2) ack 311 win 33304 <nop,nop,timestamp 9024629 147804105> (DF) [tos 
0x10]
10:41:22.600250 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
311:313(2) ack 152 win 24616 <nop,nop,timestamp 147804117 9024629> (DF)
10:41:22.699161 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 313 
win 33304 <nop,nop,timestamp 9024639 147804117> (DF) [tos 0x10]
10:41:22.699564 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
313:324(11) ack 152 win 24616 <nop,nop,timestamp 147804127 9024639> (DF)
10:41:22.799162 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 324 
win 33304 <nop,nop,timestamp 9024649 147804127> (DF) [tos 0x10]
10:41:22.818906 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: P 
152:154(2) ack 324 win 33304 <nop,nop,timestamp 9024650 147804127> (DF) [tos 
0x10]
10:41:22.819479 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
324:326(2) ack 154 win 24616 <nop,nop,timestamp 147804139 9024650> (DF)
10:41:22.919168 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 326 
win 33304 <nop,nop,timestamp 9024661 147804139> (DF) [tos 0x10]
10:41:22.919576 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
326:337(11) ack 154 win 24616 <nop,nop,timestamp 147804149 9024661> (DF)
10:41:23.019171 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 337 
win 33304 <nop,nop,timestamp 9024671 147804149> (DF) [tos 0x10]
10:41:38.614141 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: . ack 154 
win 0
10:41:38.614200 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 337 
win 33304 <nop,nop,timestamp 9026230 147804149> (DF) [tos 0x10]
10:41:47.199533 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . 
154:155(1) ack 337 win 33304 <nop,nop,timestamp 9027089 147804149> (DF) [tos 
0x10]
10:41:47.297912 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: . ack 155 
win 24616 <nop,nop,timestamp 147806587 9027089> (DF)
10:41:47.297970 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: P 
155:162(7) ack 337 win 33304 <nop,nop,timestamp 9027098 147806587> (DF) [tos 
0x10]
10:41:47.298154 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
337:339(2) ack 155 win 24616 <nop,nop,timestamp 147806587 9027089> (DF)
10:41:47.389540 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 339 
win 33304 <nop,nop,timestamp 9027108 147806587> (DF) [tos 0x10]
10:41:47.390038 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
339:395(56) ack 162 win 24616 <nop,nop,timestamp 147806596 9027098> (DF)
10:41:47.489541 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 395 
win 33304 <nop,nop,timestamp 9027118 147806596> (DF) [tos 0x10]


------=_NextPart_000_62e2_3a0_21fe--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message