From owner-freebsd-net  Wed Apr 10 23:19: 8 2002
Delivered-To: freebsd-net@freebsd.org
Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39])
	by hub.freebsd.org (Postfix) with ESMTP id CEFA037B41C
	for <freebsd-net@FreeBSD.ORG>; Wed, 10 Apr 2002 23:18:55 -0700 (PDT)
Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc53.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020411061855.RWKY21252.rwcrmhc53.attbi.com@blossom.cjclark.org>;
          Thu, 11 Apr 2002 06:18:55 +0000
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.6) id g3B6IpR37534;
	Wed, 10 Apr 2002 23:18:51 -0700 (PDT)
	(envelope-from cjc)
Date: Wed, 10 Apr 2002 23:18:51 -0700
From: "Crist J. Clark" <cjc@FreeBSD.ORG>
To: Paulius Bulotas <paulius@kaktusas.org>
Cc: freebsd-net@FreeBSD.ORG
Subject: Re: strange network conversation
Message-ID: <20020410231851.B37066@blossom.cjclark.org>
References: <20020410090644.GB8914@kaktusas.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020410090644.GB8914@kaktusas.org>; from paulius@kaktusas.org on Wed, Apr 10, 2002 at 11:06:44AM +0200
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Wed, Apr 10, 2002 at 11:06:44AM +0200, Paulius Bulotas wrote:
> Hello list,
> 
> I'm seeing strange? networking behaviour with my FreeBSD server, and it
> seems that this list is tne right to ask ;)
> Suppose, there is outgoing connection for whom dynamic rule is created
> (that's how I noticed it - ipfw logs denied packets). My 4.4-Release
> FreeBSD is hostA, something on the next end is hostB - smtp server.
> That's how the end of smtp session looks:
> 
> _Host    tcpflags   seq   nseq   ack    data_
> hostA ( [PSH,ACK],  seq1, nseq1, ack1, "QUIT" )
> hostA ( [FIN,ACK], nseq1,  --  , ack1 )
> hostB ( [[ACK],     ack1,  --  , nseq1)
> hostB ( [PSH,ACK],  ack1, nseq2, nseq1, "221 Bye")
> hostA ( [RST],     nseq1,  --  ,  --  )
> hostB ( [FIN,ACK], nseq2,  --  , nseq1)
> hostB ( [ACK],     nseq2+1, -- , nseq1+1)
> hostB ( [FIN,PSH,ACK], ack1, nseq2, nseq1+1)
> ...
> 
> I'm wondering, why FreeBSD sends RST so early and hostB tries to send
> something back (and that didn't match dynamic rule, which is destroyed
> upon RST (I suspect))?

Is that _really_ what happens because,

> hostA ( [PSH,ACK],  seq1, nseq1, ack1, "QUIT" )
> hostA ( [FIN,ACK], nseq1,  --  , ack1 )
> hostB ( [[ACK],     ack1,  --  , nseq1)
                                   ^^^^^
Should be, nseq1 + 1. But I think that would explain the RST.

> Is it possible to change this? (so that conversation between hostA and
> hostB ended normally)

If hostB's stack is really broken, not sure what to do to fix it.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message