From owner-freebsd-net@FreeBSD.ORG Fri Mar 2 23:42:43 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4883916A402 for ; Fri, 2 Mar 2007 23:42:43 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (c220-239-3-125.belrs4.nsw.optusnet.com.au [220.239.3.125]) by mx1.freebsd.org (Postfix) with ESMTP id A7CC013C46B for ; Fri, 2 Mar 2007 23:42:42 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by turion.vk2pj.dyndns.org (8.13.8/8.13.8) with ESMTP id l22NgfSQ009900 for ; Sat, 3 Mar 2007 10:42:41 +1100 (EST) (envelope-from peter@turion.vk2pj.dyndns.org) Received: (from peter@localhost) by turion.vk2pj.dyndns.org (8.13.8/8.13.8/Submit) id l22NgfSb009899 for freebsd-net@freebsd.org; Sat, 3 Mar 2007 10:42:41 +1100 (EST) (envelope-from peter) Date: Sat, 3 Mar 2007 10:42:40 +1100 From: Peter Jeremy To: freebsd-net@freebsd.org Message-ID: <20070302234240.GA9421@turion.vk2pj.dyndns.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="uAKRQypu60I7Lcqm" Content-Disposition: inline X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.13 (2006-08-11) Subject: TCP source port reuse problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Mar 2007 23:42:43 -0000 --uAKRQypu60I7Lcqm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, After upgrading my firewall to FreeBSD 6.2-RELEASE (with IPfilter), I noticed that TCP connections between my firewall and internal hosts (all FreeBSD and mostly 6.2) were randomly dropping out. I've found a variety of anomolies in both FreeBSD and IPfilter and will post about them separately. In the following, the internal host is 192.168.234.64 and it is running 6.2-STABLE/amd64 from late January. First problem: FreeBSD appears to be re-using source ports too rapidly. My understanding is that a TCP socket ({src IP, src port, dst IP, dst port} tuple) should not be re-used for 120 seconds after teardown. Sample tcpdumps and IPfilter whinges below show reuse after 66 and 83 seconds. Disabling net.inet.ip.portrange.randomized appears to work around this but is undesirable for other reasons. 08:00:31.668618 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1301449385:13= 01449385(0) win 65535 08:00:31.669181 IP 192.168.234.1.22 > 192.168.234.64.63872: S 2272001345:22= 72001345(0) ack 1301449386 win 65535 08:00:31.672974 IP 192.168.234.64.63872 > 192.168.234.1.22: . ack 227200134= 6 win 33304 =2E.. 08:00:32.786175 IP 192.168.234.1.22 > 192.168.234.64.63872: P 2272031433:22= 72031561(128) ack 1301451929 win 33304 08:00:32.786631 IP 192.168.234.64.63872 > 192.168.234.1.22: P 1301451929:13= 01451961(32) ack 2272031561 win 33304 08:00:32.786690 IP 192.168.234.64.63872 > 192.168.234.1.22: F 1301451961:13= 01451961(0) ack 2272031561 win 33304 08:00:32.787159 IP 192.168.234.1.22 > 192.168.234.64.63872: . ack 130145196= 2 win 33288 08:00:32.796379 IP 192.168.234.1.22 > 192.168.234.64.63872: F 2272031561:22= 72031561(0) ack 1301451962 win 33288 08:00:32.796621 IP 192.168.234.64.63872 > 192.168.234.1.22: . ack 227203156= 2 win 33303 08:01:38.540025 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13= 71565575(0) win 65535 08:01:41.536233 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13= 71565575(0) win 65535 08:01:44.736148 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13= 71565575(0) win 65535 08:01:47.936094 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13= 71565575(0) win 65535 08:01:51.136055 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13= 71565575(0) win 65535 08:01:54.336026 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13= 71565575(0) win 65535 08:02:00.535977 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13= 71565575(0) win 65535 08:02:12.735809 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13= 71565575(0) win 65535 08:02:36.935520 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13= 71565575(0) win 65535 Mar 3 08:01:39 fwall ipmon[575]: 08:01:38.540233 fxp1 @10:4 b 192.168.234.= 64,63872 -> 192.168.234.1,22 PR tcp len 20 64 -S IN OOW Mar 3 08:01:42 fwall ipmon[575]: 08:01:41.536388 fxp1 @10:4 b 192.168.234.= 64,63872 -> 192.168.234.1,22 PR tcp len 20 64 -S IN OOW Mar 3 08:01:45 fwall ipmon[575]: 08:01:44.736309 fxp1 @10:4 b 192.168.234.= 64,63872 -> 192.168.234.1,22 PR tcp len 20 64 -S IN OOW Mar 3 08:01:48 fwall ipmon[575]: 08:01:47.936239 fxp1 @10:4 b 192.168.234.= 64,63872 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW Mar 3 08:01:51 fwall ipmon[575]: 08:01:51.136205 fxp1 @10:4 b 192.168.234.= 64,63872 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW Mar 3 08:01:54 fwall ipmon[575]: 08:01:54.336173 fxp1 @10:4 b 192.168.234.= 64,63872 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW Mar 3 08:02:01 fwall ipmon[575]: 08:02:00.536124 fxp1 @10:4 b 192.168.234.= 64,63872 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW Mar 3 08:02:13 fwall ipmon[575]: 08:02:12.735960 fxp1 @10:4 b 192.168.234.= 64,63872 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW Mar 3 08:02:37 fwall ipmon[575]: 08:02:36.935674 fxp1 @10:4 b 192.168.234.= 64,63872 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW 08:03:06.348372 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3089625906:30= 89625906(0) win 65535 08:03:06.348987 IP 192.168.234.1.22 > 192.168.234.64.60014: S 1659245487:16= 59245487(0) ack 3089625907 win 65535 08:03:06.349213 IP 192.168.234.64.60014 > 192.168.234.1.22: . ack 165924548= 8 win 33304 =2E.. 08:03:07.472719 IP 192.168.234.1.22 > 192.168.234.64.60014: P 1659276391:16= 59276519(128) ack 3089628450 win 33304 08:03:07.473177 IP 192.168.234.64.60014 > 192.168.234.1.22: P 3089628450:30= 89628482(32) ack 1659276519 win 33304 08:03:07.473234 IP 192.168.234.64.60014 > 192.168.234.1.22: F 3089628482:30= 89628482(0) ack 1659276519 win 33304 08:03:07.473722 IP 192.168.234.1.22 > 192.168.234.64.60014: . ack 308962848= 3 win 33288 08:03:07.482770 IP 192.168.234.1.22 > 192.168.234.64.60014: F 1659276519:16= 59276519(0) ack 3089628483 win 33288 08:03:07.483011 IP 192.168.234.64.60014 > 192.168.234.1.22: . ack 165927652= 0 win 33303 08:04:30.990192 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31= 78380813(0) win 65535 08:04:33.989120 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31= 78380813(0) win 65535 08:04:37.189082 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31= 78380813(0) win 65535 08:04:40.389049 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31= 78380813(0) win 65535 08:04:43.589015 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31= 78380813(0) win 65535 08:04:46.788957 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31= 78380813(0) win 65535 08:04:52.988886 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31= 78380813(0) win 65535 08:05:05.188740 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31= 78380813(0) win 65535 08:05:29.388457 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31= 78380813(0) win 65535 Mar 3 08:04:31 fwall ipmon[575]: 08:04:30.990391 fxp1 @10:4 b 192.168.234.= 64,60014 -> 192.168.234.1,22 PR tcp len 20 64 -S IN OOW Mar 3 08:04:34 fwall ipmon[575]: 08:04:33.989273 fxp1 @10:4 b 192.168.234.= 64,60014 -> 192.168.234.1,22 PR tcp len 20 64 -S IN OOW Mar 3 08:04:37 fwall ipmon[575]: 08:04:37.189232 fxp1 @10:4 b 192.168.234.= 64,60014 -> 192.168.234.1,22 PR tcp len 20 64 -S IN OOW Mar 3 08:04:40 fwall ipmon[575]: 08:04:40.389201 fxp1 @10:4 b 192.168.234.= 64,60014 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW Mar 3 08:04:44 fwall ipmon[575]: 08:04:43.589164 fxp1 @10:4 b 192.168.234.= 64,60014 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW Mar 3 08:04:47 fwall ipmon[575]: 08:04:46.789101 fxp1 @10:4 b 192.168.234.= 64,60014 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW Mar 3 08:04:53 fwall ipmon[575]: 08:04:52.989035 fxp1 @10:4 b 192.168.234.= 64,60014 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW Mar 3 08:05:05 fwall ipmon[575]: 08:05:05.188887 fxp1 @10:4 b 192.168.234.= 64,60014 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW Mar 3 08:05:29 fwall ipmon[575]: 08:05:29.388632 fxp1 @10:4 b 192.168.234.= 64,60014 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW --=20 Peter Jeremy --uAKRQypu60I7Lcqm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFF6LZw/opHv/APuIcRAqiNAJ4ytizhvInH0Def0kjl6d6Tdc6sxQCaA8VP 8Ny/6E1GpCakBYE4O+3L0Nc= =idLX -----END PGP SIGNATURE----- --uAKRQypu60I7Lcqm--