From owner-freebsd-net@FreeBSD.ORG Fri Mar 30 14:22:33 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E2EF1106564A for ; Fri, 30 Mar 2012 14:22:33 +0000 (UTC) (envelope-from darrenr@freebsd.org) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id AA49B8FC16 for ; Fri, 30 Mar 2012 14:22:33 +0000 (UTC) Received: from compute6.internal (compute6.nyi.mail.srv.osa [10.202.2.46]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 4F2D62054D for ; Fri, 30 Mar 2012 10:22:27 -0400 (EDT) Received: from frontend1.nyi.mail.srv.osa ([10.202.2.160]) by compute6.internal (MEProxy); Fri, 30 Mar 2012 10:22:27 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:reply-to :mime-version:to:subject:content-type:content-transfer-encoding; s=smtpout; bh=nrWz6wli158vuPkE98vSHeINNCU=; b=UFu15aZ5iHZwuIZTn Lepfc0MHK4f/THrUnVZu6iF2fyv9j+/Is3DAz0jExZJeHhyd0BDvHHMjcIwZa6tO tG9NC12fA4NqkSZRLHzl51fUTM4P/4XWe88Zvx+5EeDcMaaDlcpcP39UQuUtzreq 5WNn7fOd4YTNZVK2kQyQhFvxu0= X-Sasl-enc: EMmjGJlQNS/yQpXFKREctxeREaXkU5Gxrg7IZjeANHHi 1333117346 Received: from [192.168.1.124] (dsl-202-45-110-141-static.VIC.netspace.net.au [202.45.110.141]) by mail.messagingengine.com (Postfix) with ESMTPSA id 41BE38E008D for ; Fri, 30 Mar 2012 10:22:25 -0400 (EDT) Message-ID: <4F75C1A3.4030401@freebsd.org> Date: Sat, 31 Mar 2012 01:22:27 +1100 From: Darren Reed Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-AU; rv:1.9.2.28) Gecko/20120306 Thunderbird/3.1.20 MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: FreeBSD TCP ignores zero window size X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: darrenr@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 14:22:34 -0000 I've been tracking down some problems with FreeBSD's sending of TCP packets and seem to have come to the conclusion that in FreeBSD 8.2-RELEASE, when the system is working with a TCP connection that has a moderate delay in it, FreeBSD's TCP ignores the other end telling it that the window size is now 0 and continues to send data. I suspect that this is meant to make sense because it is expecting that the ACK that will open up the window is already in transit. But that only accounts for the condition where the TCP on FreeBSD can compute and decide that the remote TCP will have its buffer full. What I find harder to accept is that when FreeBSD's TCP receives a TCP packet from the remote end advertising a window of 0, FreeBSD's response is to send more data and not a window probe or is that now the expected behaviour? And whilst you might say "ok" for a packet of data, I'm somewhat hard pressed to explain why FreeBSD's TCP sends multiple packets with data in them after receiving a TCP packet from the other end advertising a zero window size. However this causes a problem with firewalls (;_) that are close to the FreeBSD end because for them, it appears that FreeBSD is sending data outside of its window. Is this a known problem? If so, has it been fixed in a later version of FreeBSD? (No, I haven't tested anything other than 8.2) In the packet flow below, 192.168.1.1 is FreeBSD and 10.1.1.1 is the other end. Darren -------------- DATA(1440):seq(5f665916|5f665eb6) ack(9349a95d)+4096=9349b95d pass ip #48089 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A -------------- DATA(1240):seq(9349b485|9349b95d) ack(5f664296)+66240=5f674556 pass ip #57457 1304(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(1440):seq(5f665eb6|5f666456) ack(9349a95d)+4096=9349b95d pass ip #48149 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A -------------- DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556 pass ip #57459 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(1440):seq(5f666456|5f6669f6) ack(9349a95d)+4096=9349b95d UFD2:td_end(5f6669f6) maxend(5f674556) pass ip #48150 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A -------------- DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556 pass ip #57460 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(1440):seq(5f6669f6|5f666f96) ack(9349a95d)+4096=9349b95d pass ip #48178 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A -------------- DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556 pass ip #57461 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(1440):seq(5f666f96|5f667536) ack(9349a95d)+4096=9349b95d pass ip #48181 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A -------------- DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556 pass ip #57462 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(1440):seq(5f667536|5f667ad6) ack(9349a95d)+4096=9349b95d pass ip #48182 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A -------------- DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556 pass ip #57463 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(1440):seq(5f667ad6|5f668076) ack(9349a95d)+4096=9349b95d pass ip #48183 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A -------------- DATA(0):seq(5f668076|5f668076) ack(9349a95d)+8192=9349c95d ack(9349a95d)+win(8192) pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A -------------- DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556 pass ip #57464 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(1428):seq(9349b95d|9349bef1) ack(5f664296)+66240=5f674556 pass ip #57465 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(1428):seq(9349bef1|9349c485) ack(5f664296)+66240=5f674556 pass ip #57466 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(1440):seq(5f668076|5f668616) ack(9349a95d)+8192=9349c95d pass ip #48184 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A -------------- DATA(0):seq(5f668bb6|5f668bb6) ack(9349a95d)+12288=9349d95d ack(9349a95d)+win(12288) pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A -------------- DATA(1240):seq(9349c485|9349c95d) ack(5f664296)+66240=5f674556 pass ip #57467 1304(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(1428):seq(9349c95d|9349cef1) ack(5f664296)+66240=5f674556 pass ip #57468 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(1428):seq(9349cef1|9349d485) ack(5f664296)+66240=5f674556 pass ip #57469 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(1440):seq(5f668bb6|5f669156) ack(9349a95d)+12288=9349d95d pass ip #48186 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A -------------- DATA(1240):seq(9349d485|9349d95d) ack(5f664296)+66240=5f674556 pass ip #57470 1312(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(1440):seq(5f664296|5f664836) ack(9349a95d)+12288=9349d95d pass ip #48193 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A -------------- DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+48960=5f674556 pass ip #57471 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+54088=5f67595e ack(5f668616)+win(54088) pass ip #57476 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+60632=5f6772ee ack(5f668616)+win(60632) pass ip #57489 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+64728=5f6782ee ack(5f668616)+win(64728) pass ip #57491 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(0):seq(5f6696f6|5f6696f6) ack(9349b485)+9408=9349d945 pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A -------------- DATA(0):seq(5f6696f6|5f6696f6) ack(9349bef1)+6752=9349d951 pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A -------------- DATA(0):seq(5f6696f6|5f6696f6) ack(9349c95d)+4096=9349d95d pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A -------------- DATA(0):seq(5f6696f6|5f6696f6) ack(9349d485)+1216=9349d945 pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A -------------- win==0 DATA(1440):seq(5f668616|5f668bb6) ack(9349d95d)+1=9349d95e pass ip #48360 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A -------------- DATA(1440):seq(9349d95d|9349defd) ack(5f669156)+63360=5f6788d6 ack(5f669156) seq(9349d95d) block ip #57494 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(1440):seq(9349defd|9349e49d) ack(5f669156)+63360=5f6788d6 ackskew 1440 ack(5f669156) seq(9349defd) block ip #57495 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(1440):seq(9349e49d|9349ea3d) ack(5f669156)+63360=5f6788d6 ackskew 1440 ack(5f669156) seq(9349e49d) block ip #57496 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(1440):seq(9349ea3d|9349efdd) ack(5f669156)+63360=5f6788d6 ackskew 1440 ack(5f669156) seq(9349ea3d) block ip #57497 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A -------------- DATA(1440):seq(9349efdd|9349f57d) ack(5f669156)+63360=5f6788d6 ackskew 1440 ack(5f669156) seq(9349efdd) block ip #57498 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A --------------