From owner-freebsd-net@FreeBSD.ORG Fri Mar 30 16:01:01 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 602F71065672 for ; Fri, 30 Mar 2012 16:01:01 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 077108FC15 for ; Fri, 30 Mar 2012 16:01:00 +0000 (UTC) Received: by yenl9 with SMTP id l9so513994yen.13 for ; Fri, 30 Mar 2012 09:01:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :in-reply-to:content-type; bh=bNGQqrUKfGxnhaHEuWqDNT3POmfs7O6UjR7FoYI1DBc=; b=EHkYEBdpiQmuSl5jWWyK0c2ShwClsjHHDHTYGsg3Qhtf18AFKqceSzKBK/kPyCuFrd vAniT0rRRnotaatxUhYqFyYWIIUf0Vp3wC935EqpTIIwdIRyN6VUZLZdIIQbLMnAG9wr P6n3YY9k2GVials8JA2UjkGtrVW0H+VXLaEH0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :in-reply-to:x-gm-message-state:content-type; bh=bNGQqrUKfGxnhaHEuWqDNT3POmfs7O6UjR7FoYI1DBc=; b=puPxT+zQ/4tJZI2+9mZqqDBXHcjfxF1+UOkBhXGcSgYa3bC17iFqzEbimR9lj/sAZR HNB8cNBxMs7hUEf/LEjasbrqDRv9wVhGl68h5P/Q9Y8l5Lladq1Rm1+JDIzySE8TahZC lptH4lMI4fGjmgYJvdT5ZJytucJO6I7WCrvrR7jnaJPs6le6A7DnI/lm4dWpaiel9YI4 oNFDE1iZxLnRmm5awATfcZuTmHWNyxjA/XsgG9zazoYqxy8t1PlBAwdui4UM0Jz4LPxa /gYCI16Du8Ms69kjWQjf7J4rZDqJxofgISAAaNuvQL0MOjhZqC3N8d7b2KMgytr8JsIa ESrA== Received: by 10.50.159.196 with SMTP id xe4mr1798891igb.17.1333123259921; Fri, 30 Mar 2012 09:00:59 -0700 (PDT) Received: from DataIX.net ([99.181.151.192]) by mx.google.com with ESMTPS id l9sm2609206iga.6.2012.03.30.09.00.58 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 30 Mar 2012 09:00:59 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q2UG0uEq001643 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 30 Mar 2012 12:00:56 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jhellenthal@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q2UG0tNS001576; Fri, 30 Mar 2012 12:00:56 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Fri, 30 Mar 2012 12:00:55 -0400 From: Jason Hellenthal To: Darren Reed Message-ID: <20120330160055.GB78586@DataIX.net> References: <4F75C1A3.4030401@freebsd.org> MIME-Version: 1.0 In-Reply-To: <4F75C1A3.4030401@freebsd.org> X-Gm-Message-State: ALoCoQkbbCLmXlT6aFomcWKHDuhLCNE4x40RSQjlSu0RErKEuKbHpkn3QJKmPfiuX/oDbJMCXPjQ Content-Type: multipart/mixed; boundary=14dae934059b5a91d004bc77f24d Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD TCP ignores zero window size X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 16:01:01 -0000 --14dae934059b5a91d004bc77f24d Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Mar 31, 2012 at 01:22:27AM +1100, Darren Reed wrote: > I've been tracking down some problems with FreeBSD's sending > of TCP packets and seem to have come to the conclusion that > in FreeBSD 8.2-RELEASE, when the system is working with a > TCP connection that has a moderate delay in it, FreeBSD's > TCP ignores the other end telling it that the window size > is now 0 and continues to send data. I suspect that this is > meant to make sense because it is expecting that the ACK > that will open up the window is already in transit. But that > only accounts for the condition where the TCP on FreeBSD can > compute and decide that the remote TCP will have its buffer > full. What I find harder to accept is that when FreeBSD's > TCP receives a TCP packet from the remote end advertising > a window of 0, FreeBSD's response is to send more data and > not a window probe or is that now the expected behaviour? > And whilst you might say "ok" for a packet of data, I'm > somewhat hard pressed to explain why FreeBSD's TCP sends > multiple packets with data in them after receiving a TCP > packet from the other end advertising a zero window size. >=20 > However this causes a problem with firewalls (;_) that are > close to the FreeBSD end because for them, it appears that > FreeBSD is sending data outside of its window. >=20 > Is this a known problem? > If so, has it been fixed in a later version of FreeBSD? > (No, I haven't tested anything other than 8.2) >=20 > In the packet flow below, 192.168.1.1 is FreeBSD and 10.1.1.1 > is the other end. >=20 > Darren Hi Darren, I do believe this is the following bug at first glance that was patched after 8.2-RELEASE. and has to do more with x64 systems more than x32. See: "A Tale of a TCP Bug" for details... http://blogmal.42.org/tidbits/tcp-bug.story http://lists.freebsd.org/pipermail/freebsd-net/2011-April/028466.html >=20 > -------------- > DATA(1440):seq(5f665916|5f665eb6) ack(9349a95d)+4096=3D9349b95d > pass ip #48089 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(1240):seq(9349b485|9349b95d) ack(5f664296)+66240=3D5f674556 > pass ip #57457 1304(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f665eb6|5f666456) ack(9349a95d)+4096=3D9349b95d > pass ip #48149 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=3D5f674556 > pass ip #57459 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f666456|5f6669f6) ack(9349a95d)+4096=3D9349b95d > UFD2:td_end(5f6669f6) maxend(5f674556) > pass ip #48150 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=3D5f674556 > pass ip #57460 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f6669f6|5f666f96) ack(9349a95d)+4096=3D9349b95d > pass ip #48178 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=3D5f674556 > pass ip #57461 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f666f96|5f667536) ack(9349a95d)+4096=3D9349b95d > pass ip #48181 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=3D5f674556 > pass ip #57462 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f667536|5f667ad6) ack(9349a95d)+4096=3D9349b95d > pass ip #48182 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=3D5f674556 > pass ip #57463 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f667ad6|5f668076) ack(9349a95d)+4096=3D9349b95d > pass ip #48183 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(5f668076|5f668076) ack(9349a95d)+8192=3D9349c95d > ack(9349a95d)+win(8192) > pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=3D5f674556 > pass ip #57464 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1428):seq(9349b95d|9349bef1) ack(5f664296)+66240=3D5f674556 > pass ip #57465 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1428):seq(9349bef1|9349c485) ack(5f664296)+66240=3D5f674556 > pass ip #57466 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f668076|5f668616) ack(9349a95d)+8192=3D9349c95d > pass ip #48184 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(5f668bb6|5f668bb6) ack(9349a95d)+12288=3D9349d95d > ack(9349a95d)+win(12288) > pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(1240):seq(9349c485|9349c95d) ack(5f664296)+66240=3D5f674556 > pass ip #57467 1304(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1428):seq(9349c95d|9349cef1) ack(5f664296)+66240=3D5f674556 > pass ip #57468 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1428):seq(9349cef1|9349d485) ack(5f664296)+66240=3D5f674556 > pass ip #57469 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f668bb6|5f669156) ack(9349a95d)+12288=3D9349d95d > pass ip #48186 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(1240):seq(9349d485|9349d95d) ack(5f664296)+66240=3D5f674556 > pass ip #57470 1312(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f664296|5f664836) ack(9349a95d)+12288=3D9349d95d > pass ip #48193 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+48960=3D5f674556 > pass ip #57471 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+54088=3D5f67595e > ack(5f668616)+win(54088) > pass ip #57476 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+60632=3D5f6772ee > ack(5f668616)+win(60632) > pass ip #57489 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+64728=3D5f6782ee > ack(5f668616)+win(64728) > pass ip #57491 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(0):seq(5f6696f6|5f6696f6) ack(9349b485)+9408=3D9349d945 > pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(5f6696f6|5f6696f6) ack(9349bef1)+6752=3D9349d951 > pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(5f6696f6|5f6696f6) ack(9349c95d)+4096=3D9349d95d > pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(5f6696f6|5f6696f6) ack(9349d485)+1216=3D9349d945 > pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > win=3D=3D0 > DATA(1440):seq(5f668616|5f668bb6) ack(9349d95d)+1=3D9349d95e > pass ip #48360 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(1440):seq(9349d95d|9349defd) ack(5f669156)+63360=3D5f6788d6 > ack(5f669156) seq(9349d95d) > block ip #57494 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(9349defd|9349e49d) ack(5f669156)+63360=3D5f6788d6 > ackskew 1440 > ack(5f669156) seq(9349defd) > block ip #57495 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(9349e49d|9349ea3d) ack(5f669156)+63360=3D5f6788d6 > ackskew 1440 > ack(5f669156) seq(9349e49d) > block ip #57496 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(9349ea3d|9349efdd) ack(5f669156)+63360=3D5f6788d6 > ackskew 1440 > ack(5f669156) seq(9349ea3d) > block ip #57497 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(9349efdd|9349f57d) ack(5f669156)+63360=3D5f6788d6 > ackskew 1440 > ack(5f669156) seq(9349efdd) > block ip #57498 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" --=20 ;s =3D; --14dae934059b5a91d004bc77f24d Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJPddi3AAoJEJBXh4mJ2FR+qDIH/A4SdKPQdSGPSdPRuTXowx32 jnjWPeJdrQ4R19qyJ0DKYepgbXUuUHzJQ+IF9uMfJ7lGdGFG9S9nMBlqxY6Ukqdb jqKLjgTCG9CZVQk1NqCjek+RCn0MlXXdIxY4T+Hsk5Bnns+OkMATtFwJq81LYHQz 7/qg7MQe+vymZga+I5oK8j/PtxFYCzIOyqsy2pXVP86f/6/MwCRX3W6arMzMK4qo EoO1AHLHxeWKEVR/I8hXphRvt2lnIMtJDxgOR7ZrVNrwmyMJhaCf//Ge08jidUgZ d6r+rJLFUIIeSOq6PzOUWDHYHlW36MbA/JzeMrvbClfoQoXeIUlwBOFZA/HAp7A= =NKti -----END PGP SIGNATURE----- --14dae934059b5a91d004bc77f24d--