From owner-freebsd-net@FreeBSD.ORG Fri May 13 21:39:05 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 13E021065673 for ; Fri, 13 May 2011 21:39:05 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from asmtpout029.mac.com (asmtpout029.mac.com [17.148.16.104]) by mx1.freebsd.org (Postfix) with ESMTP id F08B48FC16 for ; Fri, 13 May 2011 21:39:04 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII Received: from cswiger1.apple.com ([17.209.4.71]) by asmtp029.mac.com (Oracle Communications Messaging Exchange Server 7u4-20.01 64bit (built Nov 21 2010)) with ESMTPSA id <0LL500EYDLGAKY30@asmtp029.mac.com>; Fri, 13 May 2011 14:38:35 -0700 (PDT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.2.15,1.0.148,0.0.0000 definitions=2011-05-13_06:2011-05-13, 2011-05-13, 1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=6.0.2-1012030000 definitions=main-1105130171 From: Chuck Swiger In-reply-to: Date: Fri, 13 May 2011 14:38:34 -0700 Message-id: <5BD73B66-9A84-4640-A43F-4970BDC584BA@mac.com> References: To: Ivan Voras X-Mailer: Apple Mail (2.1084) Cc: freebsd-net@freebsd.org Subject: Re: Spurious ACKs, ICMP unreachable? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2011 21:39:05 -0000 On May 13, 2011, at 1:07 PM, Ivan Voras wrote: > I'm seeing an an unusual problem at a remote machine; this machine is > the FreeBSD server, and the client is a probably Windows machine (but I > don't know the details yet). Something happens which causes FreeBSD to > send ACKs to the client, and the client to send ICMP unreachable > messages to the server. It is most likely a configuration error at the > remote site but I have no idea how to verify this. Let's look at just one connection: 18:56:02.711942 IP server.http > client.4732: Flags [.], ack 2110905191, win 0, length 0 18:56:02.713155 IP server.http > client.4732: Flags [.], ack 1, win 65535, length 0 The packet is FreeBSD webserver sending ACKs with zero window size; that's a sign of congestion that the client should not be sending more data and instead doing periodic window probes until the local box opens the window again. The next packet on the same connection then ACK's something outside of the window with a 64K window size. That's wrong; the other side probably sends an RST and the ICMP error. If you have TSO enabled, try turning it off. Otherwise, providing the hex data or the ICMP packet via -x or -X might help identify which connection the Windows box was objecting to. And it would also be helpful to see a data packet or two just to see normal data flow before whatever is going wrong. Regards, -- -Chuck