From owner-freebsd-net  Fri Jul 27  6:20:19 2001
Delivered-To: freebsd-net@freebsd.org
Received: from purus.tcoip (unknown [200.199.244.162])
	by hub.freebsd.org (Postfix) with ESMTP id 85FCD37B403
	for <net@freebsd.org>; Fri, 27 Jul 2001 06:20:15 -0700 (PDT)
	(envelope-from daniel.sobral@tcoip.com.br)
Received: from tcoip.com.br (3d0e9u5ky4w4hz45@dcs.tcoip.com.br [192.168.60.194])
	by purus.tcoip (8.11.1/8.11.1) with ESMTP id f6RDFlA06655
	for <net@freebsd.org>; Fri, 27 Jul 2001 10:15:47 -0300
Message-ID: <3B616981.9080508@tcoip.com.br>
Date: Fri, 27 Jul 2001 10:15:45 -0300
From: "Daniel C. Sobral" <daniel.sobral@tcoip.com.br>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.2) Gecko/20010705
X-Accept-Language: en, pt-br, ja
MIME-Version: 1.0
To: net@freebsd.org
Subject: TCP window and vlans
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

While configuring my new firewalls, I started getting annoying freezes 
on my ssh connections. Finally, having put to rest more pressing 
problems, I looked into it.

Dumps from both the firewall and a remote machine shows traffic going 
until the window of the remote machine falls below the average packet 
length of the firewall. The window size is quickly restored, but the 
firewall won't send any more packets.

On a slightly different combination of monitoring programs, I have seen 
the firewall send packets without the push flag, and then a packet with 
the push flag. The latter one is received by the remote host but not the 
others.

I have four very similar firewalls in this setup. Two show the problem, 
and two doesn't. The main difference: the traffic on the ones that show 
the problem goes through a vlan.

This is 4.3-RELEASE (I can't run stable because the kernel will crash 
within minutes, though I'm about to test a patch for that).

Any ideas? I'm unfamiliar with this part of the code, so even pointers 
to where this code is will be helpful.

-- 
Daniel C. Sobral                   (8-DCS)
Daniel.Sobral@tcoip.com.br
dcs@newsguy.com
dcs@freebsd.org
capo@notorious.bsdconspiracy.net

Ah say, son, you're about as sharp as a bowlin' ball.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message