From owner-freebsd-stable@FreeBSD.ORG Tue Apr 1 10:09:01 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DC66D1065671 for ; Tue, 1 Apr 2008 10:09:01 +0000 (UTC) (envelope-from erik@tefre.com) Received: from mta1-filtered.netlife.no (mail.netlife.no [213.187.191.68]) by mx1.freebsd.org (Postfix) with ESMTP id E135F8FC25 for ; Tue, 1 Apr 2008 10:09:00 +0000 (UTC) (envelope-from erik@tefre.com) Received: from localhost (unknown [10.0.68.2]) by mta1-filtered.netlife.no (Postfix) with ESMTP id E2B36287A3; Tue, 1 Apr 2008 12:08:58 +0200 (CEST) X-Virus-Scanned: amavisd-new at netlife.no Received: from mta1.netlife.no ([10.0.68.2]) by localhost (amavis.netlife.no [10.0.68.2]) (amavisd-new, port 10024) with ESMTP id dfhmt7vIxWhT; Tue, 1 Apr 2008 10:08:53 +0000 (UTC) Received: from baviandesktop.netlife.no (kontor.netlife.no [217.13.28.50]) by mta1.netlife.no (Postfix) with ESMTP id 40E1428784; Tue, 1 Apr 2008 12:08:53 +0200 (CEST) Message-ID: <47F209B4.1050405@tefre.com> Date: Tue, 01 Apr 2008 12:08:52 +0200 From: Erik Stian Tefre User-Agent: Thunderbird 2.0.0.9 (X11/20080127) MIME-Version: 1.0 To: Doug Hardie References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Stable Subject: Re: Access Problems with 7.0 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Apr 2008 10:09:02 -0000 Doug Hardie wrote: >> I recently upgraded 3 of my 5 servers to 7.0. Two of them are on new >> hardware and one is on hardware that used to run 6.2. Since then, 2 >> of my thousands of users are unable to access the servers running >> 7.0. They can access the server running 6.2 just fine. What happens >> is the server receives the SYN packet from the client properly and >> then responds with the SYN packet. Nothing more is heard from the >> client. The server sends a few duplicates of the SYN and then drops >> the connection. >> >> At this point I am not able to verify that the client receives the >> SYN. Neither of them has a clue about tcpdump. The packets look fine >> on this end (included later). Both are using Windows, including XP >> and Vista. I suspect they are receiving it and not accepting it for >> some reason. However, I don't really see anything that would cause >> that behavior in the packets. I can't reproduce the problem here. >> Every computer I can try works just fine. >> >> Here is one of the packet traces: >> >> 11:59:00.630414 00:00:0c:38:6f:e1 (oui Cisco) > 00:a0:cc:3e:87:9e (oui >> Unknown), ethertype IPv4 (0x0800), length 66: >> cpe-76-169-78-119.socal.res.rr.com.59025 > zool.lafn.org.8000: S >> 2779920420:2779920420(0) win 8192 >> >> 11:59:00.630634 00:a0:cc:3e:87:9e (oui Unknown) > 00:00:0c:38:6f:e1 >> (oui Cisco), ethertype IPv4 (0x0800), length 66: zool.lafn.org.8000 > >> cpe-76-169-78-119.socal.res.rr.com.59025: S >> 2480373222:2480373222(0) ack 2779920421 win 65535 > 3,sackOK,eol> >> >> 11:59:03.613011 00:00:0c:38:6f:e1 (oui Cisco) > 00:a0:cc:3e:87:9e (oui >> Unknown), ethertype IPv4 (0x0800), length 66: >> cpe-76-169-78-119.socal.res.rr.com.59025 > zool.lafn.org.8000: S >> 2779920420:2779920420(0) win 8192 >> >> 11:59:03.613194 00:a0:cc:3e:87:9e (oui Unknown) > 00:00:0c:38:6f:e1 >> (oui Cisco), ethertype IPv4 (0x0800), length 66: zool.lafn.org.8000 > >> cpe-76-169-78-119.socal.res.rr.com.59025: S 2480373222:2480373222(0) >> ack 2779920421 win 65535 >> > > Checking with the 6.2 server I see there are some differences in the TCP > options. 7.0 includes wscale 3 where 6.2 does not. Is there a way to > disable that feature using sysctl to see if thats the issue? sysctl net.inet.tcp.rfc1323=0 This may disable more than you want, but maybe it's worth a try. http://www.ietf.org/rfc/rfc1323.txt -- Erik