From owner-freebsd-current@FreeBSD.ORG Wed Aug 15 15:21:03 2007 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 87ED616A417 for ; Wed, 15 Aug 2007 15:21:03 +0000 (UTC) (envelope-from stefan.lambrev@moneybookers.com) Received: from blah.sun-fish.com (blah.sun-fish.com [217.18.249.150]) by mx1.freebsd.org (Postfix) with ESMTP id C27BB13C45B for ; Wed, 15 Aug 2007 15:21:02 +0000 (UTC) (envelope-from stefan.lambrev@moneybookers.com) Received: from blah.sun-fish.com (localhost [127.0.0.1]) by blah.sun-fish.com (Postfix) with ESMTP id D19811B10ED2; Wed, 15 Aug 2007 17:21:01 +0200 (CEST) Received: from hater.cmotd.com (hater.cmotd.com [192.168.3.125]) by blah.sun-fish.com (Postfix) with ESMTP id CC6A41B10EA4; Wed, 15 Aug 2007 17:21:01 +0200 (CEST) Message-ID: <46C319DD.3010806@moneybookers.com> Date: Wed, 15 Aug 2007 18:21:01 +0300 From: Stefan Lambrev User-Agent: Thunderbird 2.0.0.4pre (X11/20070711) MIME-Version: 1.0 To: Eygene Ryabinkin References: <20070806224112.GA21876@muon.bluestop.org> <20070807073920.GV50228@void.codelabs.ru> <46C18B60.8050400@moneybookers.com> <20070814145759.GB25169@void.codelabs.ru> <20070814193150.GA21553@rot26.obsecurity.org> <46C30FA6.7060108@moneybookers.com> <20070815145640.GQ988@void.codelabs.ru> In-Reply-To: <20070815145640.GQ988@void.codelabs.ru> Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP on BLAH Cc: current@freebsd.org, Kris Kennaway Subject: Re: "tcpflags 0x18; tcp_do_segment" kernel messages X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Aug 2007 15:21:03 -0000 Hello, Eygene Ryabinkin wrote: > Stefan, good day. > > Wed, Aug 15, 2007 at 05:37:26PM +0300, Stefan Lambrev wrote: > >> Now I have a tcpdump.out file and all packets are logged while this problem >> happened. >> Here is part of the file (I hope this is enough because the file itself is >> +150MB) : >> >> -cut- > It will be good to see SMTP protocol trace. If you have no sensitive > data, then add '-s 1500 -X' to the tcpdump's options and show us > the output. If you can upload the result or raw trace for the > abovementioned three connections, it will be good. You can extract > the sessions using something like (for the last session) > 'tcpdump -s 1500 -r dump.out -w session.out host 192.168.13.7 and port 60906' > > Thank you. > Here is the part that does not have anything sensible: 16:10:13.206555 IP mb7.intra.net.60906 > mb4.intra.net.smtp: S 219272317:219272317(0) win 65535 0x0000: 4500 003c 2747 4000 4006 0000 c0a8 0d07 E..<'G@.@....... 0x0010: c0a8 0d04 edea 0019 0d11 d47d 0000 0000 ...........}.... 0x0020: a002 ffff 9b8a 0000 0204 05b4 0103 0308 ................ 0x0030: 0402 080a 0672 33a3 0000 0000 .....r3..... 16:10:13.206789 IP mb4.intra.net.smtp > mb7.intra.net.60906: S 1948405606:1948405606(0) ack 219272318 win 65535 0x0000: 4500 0040 b86e 4000 4006 e6ed c0a8 0d04 E..@.n@.@....... 0x0010: c0a8 0d07 0019 edea 7422 4f66 0d11 d47e ........t"Of...~ 0x0020: b012 ffff 4709 0000 0204 05b4 0103 0301 ....G........... 0x0030: 0101 080a b553 d206 0672 33a3 0402 0000 .....S...r3..... 16:10:13.206824 IP mb7.intra.net.60906 > mb4.intra.net.smtp: . ack 1 win 260 0x0000: 4500 0034 2748 4000 4006 0000 c0a8 0d07 E..4'H@.@....... 0x0010: c0a8 0d04 edea 0019 0d11 d47e 7422 4f67 ...........~t"Og 0x0020: 8010 0104 9b82 0000 0101 080a 0672 33a4 .............r3. 0x0030: b553 d206 .S.. 16:10:13.208261 IP mb4.intra.net.smtp > mb7.intra.net.60906: P 1:48(47) ack 1 win 33304 0x0000: 4500 0063 b873 4000 4006 e6c5 c0a8 0d04 E..c.s@.@....... 0x0010: c0a8 0d07 0019 edea 7422 4f67 0d11 d47e ........t"Og...~ 0x0020: 8018 8218 fca6 0000 0101 080a b553 d207 .............S.. 0x0030: 0672 33a4 3232 3020 6d62 342e 6d6f 6e65 .r3.220.mb4.mone 0x0040: 7962 6f6f 6b65 7273 2e63 6f6d 2045 534d ybookers.com.ESM 0x0050: 5450 206d 6169 6c2d 6578 6368 616e 6765 TP.mail-exchange 0x0060: 720d 0a r.. 16:10:13.208347 IP mb7.intra.net.60906 > mb4.intra.net.smtp: P 1:21(20) ack 48 win 260 0x0000: 4500 0048 2749 4000 4006 0000 c0a8 0d07 E..H'I@.@....... 0x0010: c0a8 0d04 edea 0019 0d11 d47e 7422 4f96 ...........~t"O. 0x0020: 8018 0104 9b96 0000 0101 080a 0672 33a5 .............r3. 0x0030: b553 d207 4845 4c4f 206d 6237 2e69 6e74 .S..HELO.mb7.int 0x0040: 7261 2e6e 6574 0d0a ra.net.. 16:10:13.208690 IP mb4.intra.net.smtp > mb7.intra.net.60906: P 48:74(26) ack 21 win 33304 0x0000: 4500 004e b877 4000 4006 e6d6 c0a8 0d04 E..N.w@.@....... 0x0010: c0a8 0d07 0019 edea 7422 4f96 0d11 d492 ........t"O..... 0x0020: 8018 8218 b312 0000 0101 080a b553 d208 .............S.. 0x0030: 0672 33a5 3235 3020 6d62 342e 6d6f 6e65 .r3.250.mb4.mone 0x0040: 7962 6f6f 6b65 7273 2e63 6f6d 0d0a ybookers.com.. 16:10:13.208715 IP mb7.intra.net.60906 > mb4.intra.net.smtp: P 21:27(6) ack 74 win 260 0x0000: 4500 003a 274a 4000 4006 0000 c0a8 0d07 E..:'J@.@....... 0x0010: c0a8 0d04 edea 0019 0d11 d492 7422 4fb0 ............t"O. 0x0020: 8018 0104 9b88 0000 0101 080a 0672 33a5 .............r3. 0x0030: b553 d208 5155 4954 0d0a .S..QUIT.. I'm not sure why this QUIT is here. But I noticed that the app normaly use "quit" (small letters) May be the problem is in the application itself ? Anyway here are the rest of the packets (and one of them trigger the error msg) : 16:10:13.208729 IP mb7.intra.net.60906 > mb4.intra.net.smtp: F 27:27(0) ack 74 win 260 0x0000: 4500 0034 274b 4000 4006 0000 c0a8 0d07 E..4'K@.@....... 0x0010: c0a8 0d04 edea 0019 0d11 d498 7422 4fb0 ............t"O. 0x0020: 8011 0104 9b82 0000 0101 080a 0672 33a5 .............r3. 0x0030: b553 d208 .S.. 16:10:13.208835 IP mb4.intra.net.smtp > mb7.intra.net.60906: . ack 28 win 33301 0x0000: 4500 0034 b878 4000 4006 e6ef c0a8 0d04 E..4.x@.@....... 0x0010: c0a8 0d07 0019 edea 7422 4fb0 0d11 d499 ........t"O..... 0x0020: 8010 8215 0457 0000 0101 080a b553 d208 .....W.......S.. 0x0030: 0672 33a5 .r3. 16:10:13.208986 IP mb4.intra.net.smtp > mb7.intra.net.60906: P 74:89(15) ack 28 win 33304 0x0000: 4500 0043 b879 4000 4006 e6df c0a8 0d04 E..C.y@.@....... 0x0010: c0a8 0d07 0019 edea 7422 4fb0 0d11 d499 ........t"O..... 0x0020: 8018 8218 5ce7 0000 0101 080a b553 d208 ....\........S.. 0x0030: 0672 33a5 3232 3120 322e 302e 3020 4279 .r3.221.2.0.0.By 0x0040: 650d 0a e.. 16:10:13.209069 IP mb7.intra.net.60906 > mb4.intra.net.smtp: R 219272345:219272345(0) win 0 0x0000: 4500 0028 274c 4000 4006 0000 c0a8 0d07 E..('L@.@....... 0x0010: c0a8 0d04 edea 0019 0d11 d499 0000 0000 ................ 0x0020: 5004 0000 9b76 0000 0000 0000 0000 P....v........ 16:10:13.209074 IP mb4.intra.net.smtp > mb7.intra.net.60906: F 89:89(0) ack 28 win 33304 0x0000: 4500 0034 b87a 4000 4006 e6ed c0a8 0d04 E..4.z@.@....... 0x0010: c0a8 0d07 0019 edea 7422 4fbf 0d11 d499 ........t"O..... 0x0020: 8011 8218 0444 0000 0101 080a b553 d208 .....D.......S.. 0x0030: 0672 33a5 .r3. 16:10:13.209079 IP mb7.intra.net.60906 > mb4.intra.net.smtp: R 219272345:219272345(0) win 0 0x0000: 4500 0028 274d 4000 4006 0000 c0a8 0d07 E..('M@.@....... 0x0010: c0a8 0d04 edea 0019 0d11 d499 0000 0000 ................ 0x0020: 5004 0000 9b76 0000 0000 0000 0000 P....v........ And here is the normal end of the task (same socket used ~9 min earlier) : 16:01:20.298645 IP mb4.intra.net.smtp > mb7.intra.net.60906: P 246:283(37) ack 24881 win 33304 0x0000: 4500 0059 f4bc 4000 4006 aa86 c0a8 0d04 E..Y..@.@....... 0x0010: c0a8 0d07 0019 edea a76e cce8 ebc6 8f74 .........n.....t 0x0020: 8018 8218 3e15 0000 0101 080a b54b afe1 ....>........K.. 0x0030: 066a 1166 3235 3020 322e 302e 3020 4f6b .j.f250.2.0.0.Ok 0x0040: 3a20 7175 6575 6564 2061 7320 3546 4541 :.queued.as.5FEA 0x0050: 4532 3044 3539 430d 0a E20D59C.. 16:01:20.298900 IP mb7.intra.net.60906 > mb4.intra.net.smtp: P 24881:24887(6) ack 283 win 260 0x0000: 4500 003a d953 4000 4006 0000 c0a8 0d07 E..:.S@.@....... 0x0010: c0a8 0d04 edea 0019 ebc6 8f74 a76e cd0d ...........t.n.. 0x0020: 8018 0104 9b88 0000 0101 080a 066a 1180 .............j.. 0x0030: b54b afe1 7175 6974 0d0a .K..quit.. 16:01:20.299675 IP mb4.intra.net.smtp > mb7.intra.net.60906: P 283:298(15) ack 24887 win 33304 0x0000: 4500 0043 f4c2 4000 4006 aa96 c0a8 0d04 E..C..@.@....... 0x0010: c0a8 0d07 0019 edea a76e cd0d ebc6 8f7a .........n.....z 0x0020: 8018 8218 5702 0000 0101 080a b54b afe2 ....W........K.. 0x0030: 066a 1180 3232 3120 322e 302e 3020 4279 .j..221.2.0.0.By 0x0040: 650d 0a e.. 16:01:20.299688 IP mb4.intra.net.smtp > mb7.intra.net.60906: F 298:298(0) ack 24887 win 33304 0x0000: 4500 0034 f4c3 4000 4006 aaa4 c0a8 0d04 E..4..@.@....... 0x0010: c0a8 0d07 0019 edea a76e cd1c ebc6 8f7a .........n.....z 0x0020: 8011 8218 fe5e 0000 0101 080a b54b afe2 .....^.......K.. 0x0030: 066a 1180 .j.. 16:01:20.299700 IP mb7.intra.net.60906 > mb4.intra.net.smtp: . ack 299 win 260 0x0000: 4500 0034 d954 4000 4006 0000 c0a8 0d07 E..4.T@.@....... 0x0010: c0a8 0d04 edea 0019 ebc6 8f7a a76e cd1d ...........z.n.. 0x0020: 8010 0104 9b82 0000 0101 080a 066a 1181 .............j.. 0x0030: b54b afe2 .K.. 16:01:20.299746 IP mb7.intra.net.60906 > mb4.intra.net.smtp: F 24887:24887(0) ack 299 win 260 0x0000: 4500 0034 d955 4000 4006 0000 c0a8 0d07 E..4.U@.@....... 0x0010: c0a8 0d04 edea 0019 ebc6 8f7a a76e cd1d ...........z.n.. 0x0020: 8011 0104 9b82 0000 0101 080a 066a 1181 .............j.. 0x0030: b54b afe2 .K.. 16:01:20.299972 IP mb4.intra.net.smtp > mb7.intra.net.60906: . ack 24888 win 33303 0x0000: 4500 0034 f4c4 4000 4006 aaa3 c0a8 0d04 E..4..@.@....... 0x0010: c0a8 0d07 0019 edea a76e cd1d ebc6 8f7b .........n.....{ 0x0020: 8010 8217 fe5d 0000 0101 080a b54b afe2 .....].......K.. 0x0030: 066a 1181 .j.. -- Best Wishes, Stefan Lambrev ICQ# 24134177