From owner-freebsd-stable@FreeBSD.ORG Mon Feb 15 10:11:51 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9A5311065672 for ; Mon, 15 Feb 2010 10:11:51 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from qmta03.emeryville.ca.mail.comcast.net (qmta03.emeryville.ca.mail.comcast.net [76.96.30.32]) by mx1.freebsd.org (Postfix) with ESMTP id F18E88FC12 for ; Mon, 15 Feb 2010 10:11:49 +0000 (UTC) Received: from omta20.emeryville.ca.mail.comcast.net ([76.96.30.87]) by qmta03.emeryville.ca.mail.comcast.net with comcast id iAAM1d0031smiN4A3ABqMu; Mon, 15 Feb 2010 10:11:50 +0000 Received: from koitsu.dyndns.org ([98.248.46.159]) by omta20.emeryville.ca.mail.comcast.net with comcast id iABp1d0033S48mS8gABpxP; Mon, 15 Feb 2010 10:11:50 +0000 Received: by icarus.home.lan (Postfix, from userid 1000) id 905E61E301A; Mon, 15 Feb 2010 02:11:48 -0800 (PST) Date: Mon, 15 Feb 2010 02:11:48 -0800 From: Jeremy Chadwick To: freebsd-stable@freebsd.org Message-ID: <20100215101148.GA56308@icarus.home.lan> References: <92bcbda51002150130i3a1baa4eha06b8ce4f90de486@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <92bcbda51002150130i3a1baa4eha06b8ce4f90de486@mail.gmail.com> User-Agent: Mutt/1.5.20 (2009-06-14) Subject: Re: ACK and RST packets sent after successfully terminating TCP connection X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Feb 2010 10:11:51 -0000 On Mon, Feb 15, 2010 at 10:30:31AM +0100, n j wrote: > Hi all, > > I'm reposting this from the freebsd-questions hoping for some answers. > I feel there is something wrong here, but would really appreciate a > second opinion before opening a bug report. The problematic part is > marked with [what is this?]. > > - in case of successful connection: > > [begin handshake] > 14:52:57.866040 IP client.example.net.6524 > server.example.net.9002: > S 813851098:813851098(0) win 8192 2,nop,nop,sackOK> > 14:52:57.866057 IP server.example.net.9002 > client.example.net.6524: > S 3888621507:3888621507(0) ack 813851099 win 65535 1380,nop,wscale 3,sackOK,eol> > 14:52:57.867143 IP client.example.net.6524 > server.example.net.9002: > . ack 3888621508 win 16560 > [end handshake & begin data] > 14:52:57.868333 IP client.example.net.6524 > server.example.net.9002: > P 813851099:813852180(1081) ack 3888621508 win 16560 > 14:52:57.967858 IP server.example.net.9002 > client.example.net.6524: > . ack 813852180 win 8144 > 14:53:35.533165 IP server.example.net.9002 > client.example.net.6524: > P 3888621508:3888621542(34) ack 813852180 win 8144 > [end data & begin teardown] > 14:53:35.564542 IP server.example.net.9002 > client.example.net.6524: > FP 3888621542:3888621675(133) ack 813852180 win 8280 > 14:53:35.566228 IP client.example.net.6524 > server.example.net.9002: > . ack 3888621676 win 16518 > 14:53:35.566289 IP client.example.net.6524 > server.example.net.9002: > F 813852180:813852180(0) ack 3888621676 win 16518 > 14:53:35.566318 IP server.example.net.9002 > client.example.net.6524: > . ack 813852181 win 8279 > [end teardown] > [what is this?] > 14:53:36.172081 IP server.example.net.9002 > client.example.net.6524: > . ack 813852180 win 0 > 14:53:36.172101 IP server.example.net.9002 > client.example.net.6524: > . ack 813852181 win 8279 > > - in case of unsuccessful connection: > > [begin handshake] > 14:53:00.411337 IP client.example.net.6547 > server.example.net.9002: > S 1055031875:1055031875(0) win 8192 2,nop,nop,sackOK> > 14:53:00.411354 IP server.example.net.9002 > client.example.net.6547: > S 2849043653:2849043653(0) ack 1055031876 win 65535 1380,nop,wscale 3,sackOK,eol> > 14:53:00.412242 IP client.example.net.6547 > server.example.net.9002: > . ack 2849043654 win 16560 > [end handshake & reset connection] > 14:53:00.412251 IP server.example.net.9002 > client.example.net.6547: > R 2849043654:2849043654(0) win 0 > [what is this?] > 14:53:01.168076 IP server.example.net.9002 > client.example.net.6547: > . ack 1055031876 win 0 > 14:53:01.168100 IP server.example.net.9002 > client.example.net.6547: > R 2849043654:2849043654(0) win 0 > 14:53:01.168393 IP client.example.net.6547 > server.example.net.9002: > R 1055031876:1055031876(0) ack 2849043653 win 0 > > The server is running 7.2 GENERIC. Is it possible for you to upload these captures somewhere on the web? tcpdump -p -i {iface} -s 0 -n -w {somefile} should be sufficient. Thanks. -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |