From owner-freebsd-questions@freebsd.org Sat Feb 11 08:09:09 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6DC12CDBCAD for ; Sat, 11 Feb 2017 08:09:09 +0000 (UTC) (envelope-from pse@aaagroup.ru) Received: from mail.aaagroup.ru (mail.aaagroup.ru [109.195.226.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 23D1AC56 for ; Sat, 11 Feb 2017 08:09:08 +0000 (UTC) (envelope-from pse@aaagroup.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=aaagroup.ru ; s=dkim; h=Content-Type:MIME-Version:Date:Message-ID:Subject:From:To: Reply-To; bh=P9sFQEvzwM/mR6JoArpwsDrPYUZ8nYKShVnK2VglIoc=; b=COyB9AGV1HG0qO2I 4FzMIqE2eO+c1p6krUnsPayW/w81chTbTjwg/gBNrcP/anQSZiu7iZajC3UjcUZUHmU5i+DbgFKVj Jw4zm6WIIxMnhgWrkzmraZCbGs9nx7IyHbf7ki3t8NZI1ombRBbGHn6anZ8+4KijoDp3h+Eul9oZ/ bo77Wxb8dhnlYXQV4Ec4svg8ddcxYXjdHsxig9goZ2Bnk5KzZRrakrdebQ/HW7YQtbUxrg8wZB358 nLA3ZjwFG+ib353MxXLXucR9Shj4q+L6eaDd0ASrZfrVFnwhZo6GQ2UMjSFk7sRdXtwwnaHzGl9op KH7ulymXecFfsrcEZA==; Received: from [10.0.2.70] by mail.aaagroup.ru with esmtp (Exim 4.86_2 (FreeBSD)) (envelope-from ) id 1ccSZn-000Nhc-91 for freebsd-questions@freebsd.org; Sat, 11 Feb 2017 10:58:35 +0300 Reply-To: "Sergey E. Ponomarev" To: freebsd-questions@freebsd.org From: "Sergey E. Ponomarev " Subject: FreeBSD ZeroWindow and Dup Ack problem Message-ID: <563ca1ff-3621-f3b3-5d7c-6aa5b922166f@aaagroup.ru> Date: Sat, 11 Feb 2017 10:58:35 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------F8C3076CF7CB92498DC22A5D" X-Virus-Scanned: by ClamAV X-Spam-Score: () X-Spam-Scanner: SpamAssassin X-Spam-Report: X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Feb 2017 08:09:09 -0000 This is a multi-part message in MIME format. --------------F8C3076CF7CB92498DC22A5D Content-Type: text/plain; charset=koi8-r; format=flowed Content-Transfer-Encoding: 7bit Hi, I'm using squid 3.5.22 on FreeBSD 10.3 server with Kerberos AD Auth. Recently, I noticed an extreamly large number of packets to and from squid. Tcpdump shows a lot of TCP ZeroWindow and TCP Dup Ack packages to/from different windows hosts (see attachment, pay attention to time column). Huge amount of small packets, It's really looks like a DOS. I think that the DUP ACK packets should be sent with a certain delay, but I can not find this setting. I tried to delete all settings from /boot/loader.conf and /etc/sysctl.conf with no luck. Thanks for any help. -- Best regards, Sergey Ponomarev --------------F8C3076CF7CB92498DC22A5D Content-Type: application/octet-stream; name="2.pcap" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="2.pcap" 1MOyoQIABAAAAAAAAAAAAP//AAABAAAAqr2eWGr7AAA8AAAAPAAAAFQEprS3lZDiuhCd0QgA RQAAKEbPQAB/BmxkCgAySQoAAlTvKQw4jBVpqMQy0ylQEAAA3rsAAAAAAAAAAKq9nlhs+wAA NgAAADYAAACQ4roQndFUBKa0t5UIAEUAACjS00AAQAYAAAoAAlQKADJJDDjvKcQy0yiMFWmn UBD//0i3AACqvZ5YqPsAADwAAAA8AAAAVASmtLeVkOK6EJ3RCABFAAAoRtBAAH8GbGMKADJJ CgACVO8pDDiMFWmoxDLTKVAQAADeuwAAAAAAAAAAqr2eWKv7AAA2AAAANgAAAJDiuhCd0VQE prS3lQgARQAAKNLVQABABgAACgACVAoAMkkMOO8pxDLTKIwVaadQEP//SLcAAKq9nlir+wAA PAAAADwAAABUBKa0t5WQ4roQndEIAEUAAChG0UAAfwZsYgoAMkkKAAJU6t4MOBvT2Sc6dEXb UBAAAPrWAAAAAAAAAACqvZ5YrvsAADYAAAA2AAAAkOK6EJ3RVASmtLeVCABFAAAo0tZAAEAG AAAKAAJUCgAySQw46t46dEXaG9PZJlAQ//9ItwAAqr2eWPT7AAA8AAAAPAAAAFQEprS3lZDi uhCd0QgARQAAKEbUQAB/BmxfCgAySQoAAlTvKQw4jBVpqMQy0ylQEAAA3rsAAAAAAAAAAKq9 nlj2+wAANgAAADYAAACQ4roQndFUBKa0t5UIAEUAACjS10AAQAYAAAoAAlQKADJJDDjvKcQy 0yiMFWmnUBD//0i3AACqvZ5Y9/sAADwAAAA8AAAAVASmtLeVkOK6EJ3RCABFAAAoRtVAAH8G bF4KADJJCgACVOreDDgb09knOnRF21AQAAD61gAAAAAAAAAAqr2eWPn7AAA2AAAANgAAAJDi uhCd0VQEprS3lQgARQAAKNLYQABABgAACgACVAoAMkkMOOreOnRF2hvT2SZQEP//SLcAAKq9 nlj6+wAAPAAAADwAAABUBKa0t5WQ4roQndEIAEUAAChG1kAAfwZsXQoAMkkKAAJU54sMOPQr ovOaFjF6UBAAABDEAAAAAAAAAACqvZ5Y/PsAADYAAAA2AAAAkOK6EJ3RVASmtLeVCABFAAAo 0tlAAEAGAAAKAAJUCgAySQw454uaFjF59Cui8lAQ//9ItwAAqr2eWAH8AAA8AAAAPAAAAFQE prS3lZDiuhCd0QgARQAAKEbXQAB/BmxcCgAySQoAAlTq3gw4G9PZJzp0RdtQEAAA+tYAAAAA AAAAAKq9nlgD/AAANgAAADYAAACQ4roQndFUBKa0t5UIAEUAACjS2kAAQAYAAAoAAlQKADJJ DDjq3jp0Rdob09kmUBD//0i3AACqvZ5YSfwAADwAAAA8AAAAVASmtLeVkOK6EJ3RCABFAAAo RthAAH8GbFsKADJJCgACVOreDDgb09knOnRF21AQAAD61gAAAAAAAAAAqr2eWEv8AAA2AAAA NgAAAJDiuhCd0VQEprS3lQgARQAAKNLbQABABgAACgACVAoAMkkMOOreOnRF2hvT2SZQEP// SLcAAKq9nlhM/AAAPAAAADwAAABUBKa0t5WQ4roQndEIAEUAAChG2UAAfwZsWgoAMkkKAAJU 6t4MOBvT2Sc6dEXbUBAAAPrWAAAAAAAAAACqvZ5YTvwAADYAAAA2AAAAkOK6EJ3RVASmtLeV CABFAAAo0txAAEAGAAAKAAJUCgAySQw46t46dEXaG9PZJlAQ//9ItwAAqr2eWE/8AAA8AAAA PAAAAFQEprS3lZDiuhCd0QgARQAAKEbSQAB/BmxhCgAySQoAAlTvJgw4djMUkqUBr0hQEAAA jMkAAAAAAAAAAKq9nlhR/AAANgAAADYAAACQ4roQndFUBKa0t5UIAEUAACjS3UAAQAYAAAoA AlQKADJJDDjvJqUBr0d2MxSRUBD//0i3AACqvZ5YUvwAADwAAAA8AAAAVASmtLeVkOK6EJ3R CABFAAAoRtNAAH8GbGAKADJJCgACVO8mDDh2MxSSpQGvSFAQAACMyQAAAAAAAAAAqr2eWFT8 AAA2AAAANgAAAJDiuhCd0VQEprS3lQgARQAAKNLeQABABgAACgACVAoAMkkMOO8mpQGvR3Yz FJFQEP//SLcAAKq9nlhV/AAAPAAAADwAAABUBKa0t5WQ4roQndEIAEUAAChG2kAAfwZsWQoA MkkKAAJU7ykMOIwVaajEMtMpUBAAAN67AAAAAAAAAACqvZ5YV/wAADYAAAA2AAAAkOK6EJ3R VASmtLeVCABFAAAo0t9AAEAGAAAKAAJUCgAySQw47ynEMtMojBVpp1AQ//9ItwAAqr2eWFj8 AAA8AAAAPAAAAFQEprS3lZDiuhCd0QgARQAAKEbbQAB/BmxYCgAySQoAAlTniww49Cui85oW MXpQEAAAEMQAAAAAAAAAAA== --------------F8C3076CF7CB92498DC22A5D--