From owner-freebsd-net@FreeBSD.ORG Sun Nov 9 22:24:49 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 32A1616A4CE for ; Sun, 9 Nov 2003 22:24:49 -0800 (PST) Received: from wrzx35.rz.uni-wuerzburg.de (wrzx35.rz.uni-wuerzburg.de [132.187.3.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C2B543F85 for ; Sun, 9 Nov 2003 22:24:47 -0800 (PST) (envelope-from elessar@galgenberg.net) Received: from wrzx30.rz.uni-wuerzburg.de (wrzx30.rz.uni-wuerzburg.de [132.187.1.30]) by wrzx35.rz.uni-wuerzburg.de (Postfix) with ESMTP id 2A0E674017 for ; Mon, 10 Nov 2003 07:24:46 +0100 (CET) Received: from virusscan (localhost [127.0.0.1]) by wrzx30.rz.uni-wuerzburg.de (Postfix) with ESMTP id 10F081955B for ; Mon, 10 Nov 2003 07:24:46 +0100 (CET) Received: from wrzx28.rz.uni-wuerzburg.de (wrzx28.rz.uni-wuerzburg.de [132.187.3.28]) by wrzx30.rz.uni-wuerzburg.de (Postfix) with ESMTP id EA1C319181 for ; Mon, 10 Nov 2003 07:24:45 +0100 (CET) Received: from frodo.galgenberg.net (wwsx14.win-screen.uni-wuerzburg.de [132.187.253.14]) by mailmaster.uni-wuerzburg.de (Postfix) with SMTP id B2AAA696D0 for ; Mon, 10 Nov 2003 07:24:45 +0100 (CET) Received: (qmail 52400 invoked from network); 10 Nov 2003 06:24:45 -0000 Received: from gb-22-219.galgenberg.net (HELO aragorn.starkstrom.lan) (172.16.22.219) by frodo.galgenberg.net with SMTP; 10 Nov 2003 06:24:45 -0000 Date: Mon, 10 Nov 2003 07:24:26 +0100 From: Joerg Pernfuss To: freebsd-net@freebsd.org Message-Id: <20031110072426.0607baf4.elessar@galgenberg.net> In-Reply-To: <200311082325.hA8NPIeF062364@gw.catspoiler.org> References: <3FAD6103.1010407@knology.net> <200311082325.hA8NPIeF062364@gw.catspoiler.org> X-Mailer: Sylpheed version 0.9.6claws (GTK+ 1.2.10; i386-portbld-freebsd5.1) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Signature=_Mon__10_Nov_2003_07_24_26_+0100_Ufw_wsPnf4ohFro6" X-Virus-Scanned: by amavisd-new (Rechenzentrum Universitaet Wuerzburg) Subject: Re: problems caused by net.inet.tcp.blackhole=2 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Nov 2003 06:24:49 -0000 --Signature=_Mon__10_Nov_2003_07_24_26_+0100_Ufw_wsPnf4ohFro6 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit On Sat, 8 Nov 2003 15:25:18 -0800 (PST) Don Lewis wrote: > On 8 Nov, Michal wrote: > > Hello, > > maybe someone will be able to help me with the problem. Namely setting > > net.inet.tcp.blackhole=2 make samba to start very slow (90sec). Also > > smbclient is slow. After samba starts there is no delay to connect from > > the another machine with persistant local problems (smbclient). > > Additionally the sysctl setting has veird impact on mozilla: trying to > > write to web forms causes freezing of mozilla. Now setting > > net.inet.tcp.blackhole=0 reverts all the problemsr: samba starts fast > > and no problems with writing to the web forms. > > my system: > > FreeBSD 5.1-CURRENT #0: Thu Oct 30 17:49:13 EST 2003 > > ports updated 11-08-03 > > > > I appreciate any suggestions > > I looked at a similar problem that someone was having a while back. It > appears that the problem is that this sysctl setting is suppressing the > sending of TCP RST packets which are needed to tear down dead > connections, and if one end of the connection thinks the connection is > still established, it is not possible to create a new connection between > the hosts that reuses the same addresses and ports as the old > connection. > > Since the whole point of net.inet.tcp.blackhole=2 is to block the RST > packets that could allow the host to be scanned, I suspect you are > stuck. That's not a bug, that is the only feature :) First of all, check on which ports the connections that time out occur. One possibility would be `tcpdump', the other is to set the sysctl net.inet.tcp.log_in_vain to 1. Then start samba and look in the logs to which closed ports connection attempts were made. Maybe there is a decent solution to provide these packets the answer they desire so hard. Joerg --Signature=_Mon__10_Nov_2003_07_24_26_+0100_Ufw_wsPnf4ohFro6 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/ry8nIrY0CTTJX8ARAtMUAJ94J5C5QO+Ci1+38647/dzHMxZneQCeONwM oaOqrKheBm5rlS/XuDfoAp0= =T1si -----END PGP SIGNATURE----- --Signature=_Mon__10_Nov_2003_07_24_26_+0100_Ufw_wsPnf4ohFro6--