Date: Fri, 30 Mar 2012 12:00:55 -0400 From: Jason Hellenthal <jhellenthal@dataix.net> To: Darren Reed <darrenr@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD TCP ignores zero window size Message-ID: <20120330160055.GB78586@DataIX.net> In-Reply-To: <4F75C1A3.4030401@freebsd.org> References: <4F75C1A3.4030401@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--14dae934059b5a91d004bc77f24d Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Mar 31, 2012 at 01:22:27AM +1100, Darren Reed wrote: > I've been tracking down some problems with FreeBSD's sending > of TCP packets and seem to have come to the conclusion that > in FreeBSD 8.2-RELEASE, when the system is working with a > TCP connection that has a moderate delay in it, FreeBSD's > TCP ignores the other end telling it that the window size > is now 0 and continues to send data. I suspect that this is > meant to make sense because it is expecting that the ACK > that will open up the window is already in transit. But that > only accounts for the condition where the TCP on FreeBSD can > compute and decide that the remote TCP will have its buffer > full. What I find harder to accept is that when FreeBSD's > TCP receives a TCP packet from the remote end advertising > a window of 0, FreeBSD's response is to send more data and > not a window probe or is that now the expected behaviour? > And whilst you might say "ok" for a packet of data, I'm > somewhat hard pressed to explain why FreeBSD's TCP sends > multiple packets with data in them after receiving a TCP > packet from the other end advertising a zero window size. >=20 > However this causes a problem with firewalls (;_) that are > close to the FreeBSD end because for them, it appears that > FreeBSD is sending data outside of its window. >=20 > Is this a known problem? > If so, has it been fixed in a later version of FreeBSD? > (No, I haven't tested anything other than 8.2) >=20 > In the packet flow below, 192.168.1.1 is FreeBSD and 10.1.1.1 > is the other end. >=20 > Darren Hi Darren, I do believe this is the following bug at first glance that was patched after 8.2-RELEASE. and has to do more with x64 systems more than x32. See: "A Tale of a TCP Bug" for details... http://blogmal.42.org/tidbits/tcp-bug.story http://lists.freebsd.org/pipermail/freebsd-net/2011-April/028466.html >=20 > -------------- > DATA(1440):seq(5f665916|5f665eb6) ack(9349a95d)+4096=3D9349b95d > pass ip #48089 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(1240):seq(9349b485|9349b95d) ack(5f664296)+66240=3D5f674556 > pass ip #57457 1304(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f665eb6|5f666456) ack(9349a95d)+4096=3D9349b95d > pass ip #48149 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=3D5f674556 > pass ip #57459 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f666456|5f6669f6) ack(9349a95d)+4096=3D9349b95d > UFD2:td_end(5f6669f6) maxend(5f674556) > pass ip #48150 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=3D5f674556 > pass ip #57460 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f6669f6|5f666f96) ack(9349a95d)+4096=3D9349b95d > pass ip #48178 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=3D5f674556 > pass ip #57461 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f666f96|5f667536) ack(9349a95d)+4096=3D9349b95d > pass ip #48181 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=3D5f674556 > pass ip #57462 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f667536|5f667ad6) ack(9349a95d)+4096=3D9349b95d > pass ip #48182 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=3D5f674556 > pass ip #57463 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f667ad6|5f668076) ack(9349a95d)+4096=3D9349b95d > pass ip #48183 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(5f668076|5f668076) ack(9349a95d)+8192=3D9349c95d > ack(9349a95d)+win(8192) > pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=3D5f674556 > pass ip #57464 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1428):seq(9349b95d|9349bef1) ack(5f664296)+66240=3D5f674556 > pass ip #57465 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1428):seq(9349bef1|9349c485) ack(5f664296)+66240=3D5f674556 > pass ip #57466 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f668076|5f668616) ack(9349a95d)+8192=3D9349c95d > pass ip #48184 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(5f668bb6|5f668bb6) ack(9349a95d)+12288=3D9349d95d > ack(9349a95d)+win(12288) > pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(1240):seq(9349c485|9349c95d) ack(5f664296)+66240=3D5f674556 > pass ip #57467 1304(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1428):seq(9349c95d|9349cef1) ack(5f664296)+66240=3D5f674556 > pass ip #57468 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1428):seq(9349cef1|9349d485) ack(5f664296)+66240=3D5f674556 > pass ip #57469 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f668bb6|5f669156) ack(9349a95d)+12288=3D9349d95d > pass ip #48186 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(1240):seq(9349d485|9349d95d) ack(5f664296)+66240=3D5f674556 > pass ip #57470 1312(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(5f664296|5f664836) ack(9349a95d)+12288=3D9349d95d > pass ip #48193 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+48960=3D5f674556 > pass ip #57471 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+54088=3D5f67595e > ack(5f668616)+win(54088) > pass ip #57476 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+60632=3D5f6772ee > ack(5f668616)+win(60632) > pass ip #57489 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+64728=3D5f6782ee > ack(5f668616)+win(64728) > pass ip #57491 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(0):seq(5f6696f6|5f6696f6) ack(9349b485)+9408=3D9349d945 > pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(5f6696f6|5f6696f6) ack(9349bef1)+6752=3D9349d951 > pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(5f6696f6|5f6696f6) ack(9349c95d)+4096=3D9349d95d > pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(0):seq(5f6696f6|5f6696f6) ack(9349d485)+1216=3D9349d945 > pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > win=3D=3D0 > DATA(1440):seq(5f668616|5f668bb6) ack(9349d95d)+1=3D9349d95e > pass ip #48360 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A > -------------- > DATA(1440):seq(9349d95d|9349defd) ack(5f669156)+63360=3D5f6788d6 > ack(5f669156) seq(9349d95d) > block ip #57494 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(9349defd|9349e49d) ack(5f669156)+63360=3D5f6788d6 > ackskew 1440 > ack(5f669156) seq(9349defd) > block ip #57495 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(9349e49d|9349ea3d) ack(5f669156)+63360=3D5f6788d6 > ackskew 1440 > ack(5f669156) seq(9349e49d) > block ip #57496 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(9349ea3d|9349efdd) ack(5f669156)+63360=3D5f6788d6 > ackskew 1440 > ack(5f669156) seq(9349ea3d) > block ip #57497 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- > DATA(1440):seq(9349efdd|9349f57d) ack(5f669156)+63360=3D5f6788d6 > ackskew 1440 > ack(5f669156) seq(9349efdd) > block ip #57498 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A > -------------- >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" --=20 ;s =3D; --14dae934059b5a91d004bc77f24d Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJPddi3AAoJEJBXh4mJ2FR+qDIH/A4SdKPQdSGPSdPRuTXowx32 jnjWPeJdrQ4R19qyJ0DKYepgbXUuUHzJQ+IF9uMfJ7lGdGFG9S9nMBlqxY6Ukqdb jqKLjgTCG9CZVQk1NqCjek+RCn0MlXXdIxY4T+Hsk5Bnns+OkMATtFwJq81LYHQz 7/qg7MQe+vymZga+I5oK8j/PtxFYCzIOyqsy2pXVP86f/6/MwCRX3W6arMzMK4qo EoO1AHLHxeWKEVR/I8hXphRvt2lnIMtJDxgOR7ZrVNrwmyMJhaCf//Ge08jidUgZ d6r+rJLFUIIeSOq6PzOUWDHYHlW36MbA/JzeMrvbClfoQoXeIUlwBOFZA/HAp7A= =NKti -----END PGP SIGNATURE----- --14dae934059b5a91d004bc77f24d--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120330160055.GB78586>