Date: Fri, 8 Apr 2016 00:11:03 +0100 From: Dr Josef Karthauser <joe@truespeed.com> To: FreeBSD Stable <stable@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: IPFW with NAT : Problems with duplicate packets on FreeBSD 10.3-RC3 Message-ID: <72D86268-D082-4BB2-A951-69B62C3C4A9B@truespeed.com> In-Reply-To: <A03E136A-7599-4992-9F9E-13E7350F972B@truespeed.com> References: <A03E136A-7599-4992-9F9E-13E7350F972B@truespeed.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 7 Apr 2016, at 17:08, Dr Josef Karthauser <joe@truespeed.com> =
wrote:
>=20
> Looks like the first packet is being retransmitted, which means that =
the nat is probably misconfigured and the TCP connection is broken in =
some strange way.
>=20
> Does anyone have a clue as to where to look? The ipfw rules are simple =
enough - what have I missed?
Ok, the packet definitely isn=E2=80=99t being retransmitted. I=E2=80=99ve =
done a tcpdump/pcap capture and taken a look and I get a packet that =
I=E2=80=99ve included below.
It=E2=80=99s got a 'HTTP/1.1 200 OK=E2=80=99 inserted mid-flow right in =
the middle of an HTTP response. Looking at this I=E2=80=99d be inclined =
to think it=E2=80=99s a bug in the webserver/tomcat, however, what=E2=80=99=
s strange is that if I =E2=80=98curl' the jailed web server directly =
from the host machine on the private IP address (bypassing the NAT), the =
HTTP response received is perfectly fine. It=E2=80=99s only when I do =
an HTTP request to the public IP address and go through the NAT that I =
experience the problem.
How could this happen? Is it a buggy packet reassembly in the kernel =
perhaps?
Joe
p.s here=E2=80=99s the strange packet with an HTTP response injected in =
the middle of a HTML stream:
23:01:07.204016 IP (tos 0x0, ttl 64, id 4190, offset 0, flags [DF], =
proto TCP (6), length 1500)
31.210.26.216.8080 > infiniverse.karthauser.co.uk.62475: Flags [.], =
cksum 0xda1c (incorrect -> 0x7ff7), seq 8689:10137, ack 86, win 1040, =
options [nop,nop,TS val 124159447 ecr 1737359970], length 1448
.........g.).............
.f..g..b <h4>Other Documentation</h4>
<ul>
<li><a =
href=3D"http://tomcat.apache.org/connectors-doc/">Tomcat =
Connectors</a></li>
<li><a =
href=3D"http://tomcat.apache.org/connectors-doc/">mod_jk =
Documentation</a></li>
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=3DISO-8859-1
Transfer-Encoding: chunked
Date: Thu, 07 Apr 2016 23:01:05 GMT
2000
<!DOCTYPE html>
<html lang=3D"en">
<head>
<title>Apache Tomcat/7.0.68</title>
<link href=3D"favicon.ico" rel=3D"icon" type=3D"image/x-icon" />
<link href=3D"favicon.ico" rel=3D"shortcut icon" =
type=3D"image/x-icon" />
<link href=3D"tomcat.css" rel=3D"stylesheet" type=3D"text/css" =
/>
</head>
<body>
<div id=3D"wrapper">
<div id=3D"navigation" class=3D"curved container">
<span id=3D"nav-home"><a =
href=3D"http://tomcat.apache.org/">Home</a></span>;
<span id=3D"nav-hosts"><a =
href=3D"/docs/">Documentation</a></span>
<span id=3D"nav-config"><a =
href=3D"/docs/config/">Configuration</a></span>
<span id=3D"nav-examples"><a =
href=3D"/examples/">Examples</a></span>
<span id=3D"nav-wiki"><a =
href=3D"http://wiki.apache.org/tomcat/FrontPage">Wiki</a></span>;
<span id=3D"nav-lists"><a =
href=3D"http://tomcat.apache.org/lists.html">Mailing Lists</a></span>
<s
=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?72D86268-D082-4BB2-A951-69B62C3C4A9B>