From owner-freebsd-net Wed Jul 24 23:50:55 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4007237B400 for ; Wed, 24 Jul 2002 23:50:52 -0700 (PDT) Received: from patrocles.silby.com (d61.as20.nwbl0.wi.voyager.net [169.207.138.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id A939E43E42 for ; Wed, 24 Jul 2002 23:50:50 -0700 (PDT) (envelope-from silby@silby.com) Received: from patrocles.silby.com (localhost [127.0.0.1]) by patrocles.silby.com (8.12.4/8.12.4) with ESMTP id g6P6tpcv020709; Thu, 25 Jul 2002 01:55:51 -0500 (CDT) (envelope-from silby@silby.com) Received: from localhost (silby@localhost) by patrocles.silby.com (8.12.5/8.12.5/Submit) with ESMTP id g6P6tne9020706; Thu, 25 Jul 2002 01:55:49 -0500 (CDT) X-Authentication-Warning: patrocles.silby.com: silby owned process doing -bs Date: Thu, 25 Jul 2002 01:55:49 -0500 (CDT) From: Mike Silbersack To: Alex Dyas Cc: net@freebsd.org Subject: Re: BSD / Firewall / 0 window size problem In-Reply-To: Message-ID: <20020725014935.R18906-100000@patrocles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 23 Jul 2002, Alex Dyas wrote: > Attached are two more tcpdumps, client.txt being the client side of a > problematic session, server.txt being the server side of the same session. > Both machines in this case are BSD. The thing to note in these dumps is > what you suggested, ie the 0 sized window can only be seen on the client > side, NOT on the server side. So as you say, the problem seems to be being > introduced by the GNAT box. WHOO! COOKIE FOR SILBY! > I've been suspecting the GNAT box all along. BSD->Any_other_machine > connections have no problem. Unfortunately I don't admin it, and don't (yet) > know enough about it to debug such a thing. The guy who does points out that > we have never seen the problem in anything other than BSD clients. > > A guess, but could it be that other clients (Windows/Linux etc) are in some > way more tolerant of such problems? Not knowing very much at all about NAT, > what would I look for in debugging such a problem on the GNAT box, as I can > probably get a look at it? > > Thanks again for the help. I'm learning a lot here. > > Alex.. Yes, linux would actually ignore that 0 window update. I recently talked over linux's algorithm for accepting window updates and was thinking of importing it for other reasons. This looks like just one more reason that I should actually post a patch which does so. There's clearly something wrong with the nat system, but I have this suspicion that it'll be faster to patch all the FreeBSD systems with the patch (which I'll be lazy about and take a while to post) than to wait for a fix for the nat software to be released. :) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message