Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 10 Dec 2019 11:40:45 +0100
From:      Axel Rau <Axel.Rau@Chaos1.DE>
To:        net@FreeBSD.ORG
Subject:   TCP 3-way-handshake fails
Message-ID:  <12A16AC0-651B-4CAC-814A-FD5A8FF68D2F@Chaos1.DE>
next in thread | raw e-mail | index | archive | help 


--Apple-Mail=_C78C3F62-8533-477D-ABFF-F3C11AE915A8
Content-Type: multipart/mixed;
	boundary="Apple-Mail=_F3EF256F-F9ED-4FF8-91AE-73BB57AEFC06"


--Apple-Mail=_F3EF256F-F9ED-4FF8-91AE-73BB57AEFC06
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=us-ascii

Hi all

I have a fancy behaviour on a FreeBSD 12.1 box, with
some servers (e.g. rsyslogd, nginx) which happens with
some clients, with others not (both are in the same sub-
nets). Everything is dualstack. Disabling IPv6, stops
the problem.
The traffic is routed via 2 firewalls OpenBSD 6.6)
and a VPN.

I attach 2 textfiles (tcpdump) with an extracted flow:

gw1, the OpenBSD side
db3: the FreeBSD side

I also include an example, where the problem
does not happen: db3,ok.txt

Which details needs to be collected to insulate
the problem?

Any help is very welcome,
Axel


--Apple-Mail=_F3EF256F-F9ED-4FF8-91AE-73BB57AEFC06
Content-Disposition: attachment;
	filename=gw1.32404.txt
Content-Type: text/plain;
	x-unix-mode=0644;
	name="gw1.32404.txt"
Content-Transfer-Encoding: quoted-printable

09:02:41.926033 1234:56:78:9a::72.32404 > abcd:2222:3333:4444::200.601: =
S [tcp sum ok] 3144001835:3144001835(0) win 65535 <mss 1440,nop,wscale =
6,sackOK,timestamp 1921615380 0> [flowlabel 0xd6aca] (len 40, hlim 62)
09:02:41.926553 abcd:2222:3333:4444::200.601 > 1234:56:78:9a::72.32404: =
S [tcp sum ok] 3857072979:3857072979(0) ack 3144001836 win 65535 <mss =
1440,nop,wscale 6,sackOK,timestamp 62022082 1921615380> [class 0x1] =
[flowlabel 0x64353] (len 40, hlim 64)
09:02:42.941912 abcd:2222:3333:4444::200.601 > 1234:56:78:9a::72.32404: =
S [tcp sum ok] 3857072979:3857072979(0) ack 3144001836 win 65535 <mss =
1440,nop,wscale 6,sackOK,timestamp 62023097 1921615380> [class 0x2] =
[flowlabel 0x64353] (len 40, hlim 64)
09:02:44.931650 1234:56:78:9a::72.32404 > abcd:2222:3333:4444::200.601: =
S [tcp sum ok] 3144001835:3144001835(0) win 65535 <mss 1440,nop,wscale =
6,sackOK,timestamp 1921618386 0> [flowlabel 0xd6aca] (len 40, hlim 62)
09:02:44.932179 abcd:2222:3333:4444::200.601 > 1234:56:78:9a::72.32404: =
S [tcp sum ok] 3857072979:3857072979(0) ack 3144001836 win 65535 <mss =
1440,nop,wscale 6,sackOK,timestamp 62025088 1921618386> [class 0x1] =
[flowlabel 0x64353] (len 40, hlim 64)
09:02:45.947682 abcd:2222:3333:4444::200.601 > 1234:56:78:9a::72.32404: =
S [tcp sum ok] 3857072979:3857072979(0) ack 3144001836 win 65535 <mss =
1440,nop,wscale 6,sackOK,timestamp 62026103 1921618386> [flowlabel =
0x64353] (len 40, hlim 64)
09:02:48.156565 abcd:2222:3333:4444::200.601 > 1234:56:78:9a::72.32404: =
S [tcp sum ok] 3857072979:3857072979(0) ack 3144001836 win 65535 <mss =
1440,nop,wscale 6,sackOK,timestamp 62028312 1921618386> [class 0x7] =
[flowlabel 0x64353] (len 40, hlim 64)
09:02:48.163491 1234:56:78:9a::72.32404 > abcd:2222:3333:4444::200.601: =
S [tcp sum ok] 3144001835:3144001835(0) win 65535 <mss 1440,nop,wscale =
6,sackOK,timestamp 1921621618 0> [flowlabel 0xd6aca] (len 40, hlim 62)
09:02:48.164015 abcd:2222:3333:4444::200.601 > 1234:56:78:9a::72.32404: =
S [tcp sum ok] 3857072979:3857072979(0) ack 3144001836 win 65535 <mss =
1440,nop,wscale 6,sackOK,timestamp 62028320 1921621618> [class 0x2] =
[flowlabel 0x64353] (len 40, hlim 64)
09:02:49.164007 abcd:2222:3333:4444::200.601 > 1234:56:78:9a::72.32404: =
S [tcp sum ok] 3857072979:3857072979(0) ack 3144001836 win 65535 <mss =
1440,nop,wscale 6,sackOK,timestamp 62029320 1921621618> [flowlabel =
0x64353] (len 40, hlim 64)
09:02:51.369689 abcd:2222:3333:4444::200.601 > 1234:56:78:9a::72.32404: =
S [tcp sum ok] 3857072979:3857072979(0) ack 3144001836 win 65535 <mss =
1440,nop,wscale 6,sackOK,timestamp 62031525 1921621618> [class 0x7] =
[flowlabel 0x64353] (len 40, hlim 64)
09:02:51.370872 1234:56:78:9a::72.32404 > abcd:2222:3333:4444::200.601: =
S [tcp sum ok] 3144001835:3144001835(0) win 65535 <mss 1440,nop,wscale =
6,sackOK,timestamp 1921624825 0> [flowlabel 0xd6aca] (len 40, hlim 62)
09:02:51.371023 abcd:2222:3333:4444::200.601 > 1234:56:78:9a::72.32404: =
S [tcp sum ok] 3857072979:3857072979(0) ack 3144001836 win 65535 <mss =
1440,nop,wscale 6,sackOK,timestamp 62031527 1921624825> [class 0x2] =
[flowlabel 0x64353] (len 40, hlim 64)
09:02:52.388482 abcd:2222:3333:4444::200.601 > 1234:56:78:9a::72.32404: =
S [tcp sum ok] 3857072979:3857072979(0) ack 3144001836 win 65535 <mss =
1440,nop,wscale 6,sackOK,timestamp 62032544 1921624825> [class 0x5] =
[flowlabel 0x64353] (len 40, hlim 64)
09:02:54.602691 abcd:2222:3333:4444::200.601 > 1234:56:78:9a::72.32404: =
S [tcp sum ok] 3857072979:3857072979(0) ack 3144001836 win 65535 <mss =
1440,nop,wscale 6,sackOK,timestamp 62034758 1921624825> [class 0x5] =
[flowlabel 0x64353] (len 40, hlim 64)
09:02:58.809898 abcd:2222:3333:4444::200.601 > 1234:56:78:9a::72.32404: =
S [tcp sum ok] 3857072979:3857072979(0) ack 3144001836 win 65535 <mss =
1440,nop,wscale 6,sackOK,timestamp 62038965 1921624825> [flowlabel =
0x64353] (len 40, hlim 64)

--Apple-Mail=_F3EF256F-F9ED-4FF8-91AE-73BB57AEFC06
Content-Disposition: attachment;
	filename=db3.32404.txt
Content-Type: text/plain;
	x-unix-mode=0644;
	name="db3.32404.txt"
Content-Transfer-Encoding: quoted-printable

09:02:41.925105 IP6 (flowlabel 0xd6aca, hlim 62, next-header TCP (6) =
payload length: 40) 1234:56:78:9a::72.32404 > =
abcd:2222:3333:4444::200.601: Flags [S], cksum 0x9599 (correct), seq =
3144001835, win 65535, options [mss 1440,nop,wscale 6,sackOK,TS val =
1921615380 ecr 0], length 0
09:02:41.925140 IP6 (class 0x01, flowlabel 0x64353, hlim 64, next-header =
TCP (6) payload length: 40) abcd:2222:3333:4444::200.601 > =
1234:56:78:9a::72.32404: Flags [S.], cksum 0xd48d (incorrect -> 0x06da), =
seq 3857072979, ack 3144001836, win 65535, options [mss 1440,nop,wscale =
6,sackOK,TS val 62022082 ecr 1921615380], length 0
09:02:42.940483 IP6 (class 0x02, flowlabel 0x64353, hlim 64, next-header =
TCP (6) payload length: 40) abcd:2222:3333:4444::200.601 > =
1234:56:78:9a::72.32404: Flags [S.], cksum 0xd48d (incorrect -> 0x02e3), =
seq 3857072979, ack 3144001836, win 65535, options [mss 1440,nop,wscale =
6,sackOK,TS val 62023097 ecr 1921615380], length 0
09:02:44.930730 IP6 (flowlabel 0xd6aca, hlim 62, next-header TCP (6) =
payload length: 40) 1234:56:78:9a::72.32404 > =
abcd:2222:3333:4444::200.601: Flags [S], cksum 0x89db (correct), seq =
3144001835, win 65535, options [mss 1440,nop,wscale 6,sackOK,TS val =
1921618386 ecr 0], length 0
09:02:44.930760 IP6 (class 0x01, flowlabel 0x64353, hlim 64, next-header =
TCP (6) payload length: 40) abcd:2222:3333:4444::200.601 > =
1234:56:78:9a::72.32404: Flags [S.], cksum 0xd48d (incorrect -> 0xef5d), =
seq 3857072979, ack 3144001836, win 65535, options [mss 1440,nop,wscale =
6,sackOK,TS val 62025088 ecr 1921618386], length 0
09:02:45.946251 IP6 (flowlabel 0x64353, hlim 64, next-header TCP (6) =
payload length: 40) abcd:2222:3333:4444::200.601 > =
1234:56:78:9a::72.32404: Flags [S.], cksum 0xd48d (incorrect -> 0xeb66), =
seq 3857072979, ack 3144001836, win 65535, options [mss 1440,nop,wscale =
6,sackOK,TS val 62026103 ecr 1921618386], length 0
09:02:48.155145 IP6 (class 0x07, flowlabel 0x64353, hlim 64, next-header =
TCP (6) payload length: 40) abcd:2222:3333:4444::200.601 > =
1234:56:78:9a::72.32404: Flags [S.], cksum 0xd48d (incorrect -> 0xe2c5), =
seq 3857072979, ack 3144001836, win 65535, options [mss 1440,nop,wscale =
6,sackOK,TS val 62028312 ecr 1921618386], length 0
09:02:48.162563 IP6 (flowlabel 0xd6aca, hlim 62, next-header TCP (6) =
payload length: 40) 1234:56:78:9a::72.32404 > =
abcd:2222:3333:4444::200.601: Flags [S], cksum 0x7d3b (correct), seq =
3144001835, win 65535, options [mss 1440,nop,wscale 6,sackOK,TS val =
1921621618 ecr 0], length 0
09:02:48.162594 IP6 (class 0x02, flowlabel 0x64353, hlim 64, next-header =
TCP (6) payload length: 40) abcd:2222:3333:4444::200.601 > =
1234:56:78:9a::72.32404: Flags [S.], cksum 0xd48d (incorrect -> 0xd61d), =
seq 3857072979, ack 3144001836, win 65535, options [mss 1440,nop,wscale =
6,sackOK,TS val 62028320 ecr 1921621618], length 0
09:02:49.162606 IP6 (flowlabel 0x64353, hlim 64, next-header TCP (6) =
payload length: 40) abcd:2222:3333:4444::200.601 > =
1234:56:78:9a::72.32404: Flags [S.], cksum 0xd48d (incorrect -> 0xd235), =
seq 3857072979, ack 3144001836, win 65535, options [mss 1440,nop,wscale =
6,sackOK,TS val 62029320 ecr 1921621618], length 0
09:02:51.368270 IP6 (class 0x07, flowlabel 0x64353, hlim 64, next-header =
TCP (6) payload length: 40) abcd:2222:3333:4444::200.601 > =
1234:56:78:9a::72.32404: Flags [S.], cksum 0xd48d (incorrect -> 0xc998), =
seq 3857072979, ack 3144001836, win 65535, options [mss 1440,nop,wscale =
6,sackOK,TS val 62031525 ecr 1921621618], length 0
09:02:51.369530 IP6 (flowlabel 0xd6aca, hlim 62, next-header TCP (6) =
payload length: 40) 1234:56:78:9a::72.32404 > =
abcd:2222:3333:4444::200.601: Flags [S], cksum 0x70b4 (correct), seq =
3144001835, win 65535, options [mss 1440,nop,wscale 6,sackOK,TS val =
1921624825 ecr 0], length 0
09:02:51.369562 IP6 (class 0x02, flowlabel 0x64353, hlim 64, next-header =
TCP (6) payload length: 40) abcd:2222:3333:4444::200.601 > =
1234:56:78:9a::72.32404: Flags [S.], cksum 0xd48d (incorrect -> 0xbd0f), =
seq 3857072979, ack 3144001836, win 65535, options [mss 1440,nop,wscale =
6,sackOK,TS val 62031527 ecr 1921624825], length 0
09:02:52.387064 IP6 (class 0x05, flowlabel 0x64353, hlim 64, next-header =
TCP (6) payload length: 40) abcd:2222:3333:4444::200.601 > =
1234:56:78:9a::72.32404: Flags [S.], cksum 0xd48d (incorrect -> 0xb916), =
seq 3857072979, ack 3144001836, win 65535, options [mss 1440,nop,wscale =
6,sackOK,TS val 62032544 ecr 1921624825], length 0
09:02:54.601270 IP6 (class 0x05, flowlabel 0x64353, hlim 64, next-header =
TCP (6) payload length: 40) abcd:2222:3333:4444::200.601 > =
1234:56:78:9a::72.32404: Flags [S.], cksum 0xd48d (incorrect -> 0xb070), =
seq 3857072979, ack 3144001836, win 65535, options [mss 1440,nop,wscale =
6,sackOK,TS val 62034758 ecr 1921624825], length 0
09:02:58.808473 IP6 (flowlabel 0x64353, hlim 64, next-header TCP (6) =
payload length: 40) abcd:2222:3333:4444::200.601 > =
1234:56:78:9a::72.32404: Flags [S.], cksum 0xd48d (incorrect -> 0xa001), =
seq 3857072979, ack 3144001836, win 65535, options [mss 1440,nop,wscale =
6,sackOK,TS val 62038965 ecr 1921624825], length 0

--Apple-Mail=_F3EF256F-F9ED-4FF8-91AE-73BB57AEFC06
Content-Disposition: attachment;
	filename=db3.ok.txt
Content-Type: text/plain;
	x-unix-mode=0644;
	name="db3.ok.txt"
Content-Transfer-Encoding: quoted-printable

    10:30:32.636565 IP6 (flowlabel 0xfc3df, hlim 62, next-header TCP (6) =
payload length: 40) 1234:56:78:9a::75.35075 > =
abcd:2222:3333:4444::200.601: Flags [S], cksum 0x6a5b (correct), seq =
911110344, win 65535, options [mss 1440,nop,wscale 6,sackOK,TS val =
3197376592 ecr 0], length 0
10:30:32.636723 IP6 (flowlabel 0x828b9, hlim 64, next-header TCP (6) =
payload length: 40) abcd:2222:3333:4444::200.601 > =
1234:56:78:9a::75.35075: Flags [S.], cksum 0xd490 (incorrect -> 0x8f16), =
seq 267921593, ack 911110345, win 65535, options [mss 1440,nop,wscale =
6,sackOK,TS val 3070094212 ecr 3197376592], length 0
10:30:32.643382 IP6 (flowlabel 0xfc3df, hlim 62, next-header TCP (6) =
payload length: 128) 1234:56:78:9a::75.35075 > =
abcd:2222:3333:4444::200.601: Flags [.], cksum 0x754e (correct), seq =
1:97, ack 1, win 1035, options [nop,nop,TS val 3197376600 ecr =
3070094212], length 96
10:30:32.647735 IP6 (flowlabel 0x828b9, hlim 64, next-header TCP (6) =
payload length: 134) abcd:2222:3333:4444::200.601 > =
1234:56:78:9a::75.35075: Flags [P.], cksum 0xd4ee (incorrect -> 0xc78b), =
seq 1:103, ack 97, win 1035, options [nop,nop,TS val 3070094222 ecr =
3197376600], length 102
10:30:32.654236 IP6 (flowlabel 0xfc3df, hlim 62, next-header TCP (6) =
payload length: 390) 1234:56:78:9a::75.35075 > =
abcd:2222:3333:4444::200.601: Flags [P.], seq 97:455, ack 103, win 1035, =
options [nop,nop,TS val 3197376611 ecr 3070094222], length 358
10:30:32.654377 IP6 (flowlabel 0x828b9, hlim 64, next-header TCP (6) =
payload length: 47) abcd:2222:3333:4444::200.601 > =
1234:56:78:9a::75.35075: Flags [P.], cksum 0xd497 (incorrect -> 0xb0eb), =
seq 103:118, ack 455, win 1035, options [nop,nop,TS val 3070094229 ecr =
3197376611], length 15
10:30:32.766567 IP6 (flowlabel 0xfc3df, hlim 62, next-header TCP (6) =
payload length: 32) 1234:56:78:9a::75.35075 > =
abcd:2222:3333:4444::200.601: Flags [.], cksum 0xb6f4 (correct), ack =
118, win 1034, options [nop,nop,TS val 3197376723 ecr 3070094229], =
length 0
10:30:32.766603 IP6 (flowlabel 0x828b9, hlim 64, next-header TCP (6) =
payload length: 47) abcd:2222:3333:4444::200.601 > =
1234:56:78:9a::75.35075: Flags [P.], cksum 0xd497 (incorrect -> 0xaefb), =
seq 118:133, ack 455, win 1035, options [nop,nop,TS val 3070094342 ecr =
3197376723], length 15
10:30:32.878581 IP6 (flowlabel 0xfc3df, hlim 62, next-header TCP (6) =
payload length: 32) 1234:56:78:9a::75.35075 > =
abcd:2222:3333:4444::200.601: Flags [.], cksum 0xb604 (correct), ack =
133, win 1034, options [nop,nop,TS val 3197376835 ecr 3070094342], leng=

--Apple-Mail=_F3EF256F-F9ED-4FF8-91AE-73BB57AEFC06
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8


---
PGP-Key: CDE74120  =E2=98=80  computing @ chaos claudius


--Apple-Mail=_F3EF256F-F9ED-4FF8-91AE-73BB57AEFC06--

--Apple-Mail=_C78C3F62-8533-477D-ABFF-F3C11AE915A8
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.2
Comment: GPGTools - http://gpgtools.org

iQIzBAEBCAAdFiEEl5evOTfnjZdhkBzKaPxTRM3nQSAFAl3vdi0ACgkQaPxTRM3n
QSAmZQ/+NSmjBPzU6y1N681k5rt3jgAo+lP+0CI+KpV9Pq18VsxCx30bT06t/vKn
7bRQzB2fxJltxZxlJKTyNYoHKIACN9+2EdQ4NWCwGv+glKYDCwyfWXDDyP4P9rXZ
LNCYRjZKUU+IaUz647bzQpnhn1ZgMJLzlCDI5thBzvo2hSycPU9Xv6AMt+7quhW/
3OTrq4KWMiS5O0R5gr6tbhb2sUlybxV2RZWmMlvJP89VCg7F9qNZS2xNhg+fPp7V
dm8XZNkHtLMux9cH/fhKT8EwXF2LGaBmwqcHE+jkRlBMetkM/bZZMGox4PkbtwYl
B8TLJOGi2I/uRSWUsxGK8hMWdHxdNAajR0LdAwYu0eLElYO3vp6ZTczdx9pXlO9I
RQ6rrg5Q6yW4vrP6LLQ+dX3zbTD2mWZM7YHbZ4IoNzrEangkKDMUlDKEP2pmpzBN
3hHhWFqiW3EsdfLiQ9h4w6wWsTgGrwnkMFSmWtZc0oXULHSLtjGA5+XoJrSd+/we
JX7Auh0aJCUnv+ysrQTOI0DNLl2oRZgYGmsp5TnGyvYc/sKetXvyQmG6x1I5zI0P
bU75DxtXixhwbaxwMYpNsQzdlfFxlE7vPg4/Yxe3ZxZ2qarscQ77EmSxd6AscZYp
NbNkrMTyLy9GtdEXvhoBtR1JN+e4A75GG6HKep7SXkpvswJQz/g=
=/Ld3
-----END PGP SIGNATURE-----

--Apple-Mail=_C78C3F62-8533-477D-ABFF-F3C11AE915A8--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12A16AC0-651B-4CAC-814A-FD5A8FF68D2F>