From owner-freebsd-net@FreeBSD.ORG Fri Aug 12 21:43:11 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 99BA7106564A for ; Fri, 12 Aug 2011 21:43:11 +0000 (UTC) (envelope-from chip@2bithacker.net) Received: from mail.2bithacker.net (unknown [IPv6:2001:470:1f07:202::123]) by mx1.freebsd.org (Postfix) with ESMTP id 7020A8FC1A for ; Fri, 12 Aug 2011 21:43:11 +0000 (UTC) Received: from 2bithacker.net (nat-01-mht.dyndns.com [216.146.45.240]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: chip) by mail.2bithacker.net (Postfix) with ESMTPSA id CFACAF01870 for ; Fri, 12 Aug 2011 17:43:10 -0400 (EDT) Date: Fri, 12 Aug 2011 17:43:09 -0400 From: Chip Marshall To: freebsd-net@freebsd.org Message-ID: <20110812214309.GI72508@2bithacker.net> Mail-Followup-To: chip@2bithacker.net, freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jQIvE3yXcK9X9HBh" Content-Disposition: inline X-OS: Mac OS X 10.6.8 i386 up 7 days User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Odd TCP RFC1323 Behavior X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: chip@2bithacker.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Aug 2011 21:43:11 -0000 --jQIvE3yXcK9X9HBh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I've been digging into an issue with SSH throughput and discovered that one of the servers involved isn't using RFC1323 window scaling and timestamps. The server is running 7.3-RELEASE-p3, and has net.inet.tcp.rfc1323 set to 1. When connecting out from the server, it sets both Window Scale and TimeStamp options in the SYN packet and everything is fine. When a connection comes into the server with WS and TS set in the SYN, the response varies. For port 53 (named) the SYN/ACK has WS/TS options. For port 22 (sshd) the SYN/ACK does not have WS/TS options, unless the connection is via lo0. ssh is OpenSSH_5.2p1, compiled from ports with default options. I'm really at a loss to explain this. Why does named use RFC1323 on bce0 when sshd doesn't? Why does sshd use RFC1323 on lo0 but not on bce0? I can provide PCAPs of the SYN, SYN/ACK exchanges if that will help. --=20 Chip Marshall http://weblog.2bithacker.net/ KB1QYW PGP key ID 43C4819E v4sw5PUhw4/5ln5pr5FOPck4ma4u6FLOw5Xm5l5Ui2e4t4/5ARWb7HKOen6a2Xs5IMr2g6CM --jQIvE3yXcK9X9HBh Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iEYEARECAAYFAk5Fnm0ACgkQnTUxIUPEgZ73qgCdF1xpXXVOzs6UjSe09mKsba/y 5yQAoLmj2cyE5/DrMIDz85pg7tqjWx2I =yC3U -----END PGP SIGNATURE----- --jQIvE3yXcK9X9HBh--