From owner-freebsd-net@FreeBSD.ORG Wed Jul 18 06:57:35 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E31F016A402 for ; Wed, 18 Jul 2007 06:57:35 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id 5382613C49D for ; Wed, 18 Jul 2007 06:57:35 +0000 (UTC) (envelope-from andre@freebsd.org) Received: (qmail 63744 invoked from network); 18 Jul 2007 06:54:16 -0000 Received: from c00l3r.networx.ch (HELO [127.0.0.1]) ([62.48.2.2]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 18 Jul 2007 06:54:16 -0000 Message-ID: <469DB9EB.3090703@freebsd.org> Date: Wed, 18 Jul 2007 08:57:47 +0200 From: Andre Oppermann User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) MIME-Version: 1.0 To: Eygene Ryabinkin References: <469D4C9D.7090302@ironport.com> <469D4FB6.9040609@elischer.org> <3DBBD4E3-ABEA-451A-8E6A-02E9CBAD6A37@mac.com> <20070718055228.GA4053@void.codelabs.ru> In-Reply-To: <20070718055228.GA4053@void.codelabs.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: Julian Elischer , FreeBSD Net , Julian Elischer Subject: Re: Wierd networking. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jul 2007 06:57:36 -0000 Eygene Ryabinkin wrote: > Chuck, Julian, good day. > > Tue, Jul 17, 2007 at 04:47:30PM -0700, Chuck Swiger wrote: >> % tcpdump -nS -r IE7.pcap >> reading from file IE7.pcap, link-type EN10MB (Ethernet) >> 18:24:41.313890 IP 172.28.15.82.3128 > 10.251.22.29.1121: . ack 1573162290 win >> 32120 >> 18:24:41.313995 IP 10.251.22.29.1121 > 172.28.15.82.3128: P >> 1573162290:1573162378(88) ack 3799409121 win 65535 >> 18:24:41.314015 IP 172.28.15.82.3128 > 10.251.22.29.1121: . ack 1573162378 win >> 33492 >> 18:24:41.314072 IP 172.28.15.82.3128 > 10.251.22.29.1121: . >> 3799409121:3799410581(1460) ack 1573162378 win 33580 >> 18:24:41.314080 IP 172.28.15.82.3128 > 10.251.22.29.1121: P >> 3799410581:3799410861(280) ack 1573162378 win 33580 >> 18:24:41.314118 IP 172.28.15.82.3128 > 10.251.22.29.1121: F >> 3799410861:3799410861(0) ack 1573162378 win 33580 >> >> ...at this point, the client should have received the above packets and ACK for >> 3799410862 to include the FIN. >> >> 18:24:41.314744 IP 10.251.22.29.1121 > 172.28.15.82.3128: P >> 1573162378:1573162380(2) ack 3799409121 win 65535 >> >> ...instead it sends an ACK for earlier traffic. The Squid box should be in >> FIN-WAIT-1 and simply ignore this as a dup ACK, rather than sending an RST: > > Seems like it is the effect of the SS_NOFDREF check in the > netinet/tcp_input.c, at least it is present in the rev. 1.281.2.5. > > See the post > http://lists.freebsd.org/pipermail/freebsd-current/2007-July/074837.html > > I believe it discuisses the same problem, but for -CURRENT. In > short, Squid child closes the descriptor, so connection is present > in the TCP/IP stack only. And SS_NOFDREF check provokes RST and > invokes tcp_close(). I think your analysis is correct. Have to find out who to deal properly with a closed socket before the TCP is closed as well. -- Andre