From owner-freebsd-net@FreeBSD.ORG Fri Dec 18 15:40:20 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 344B21065679; Fri, 18 Dec 2009 15:40:20 +0000 (UTC) (envelope-from pierre.reveillon@gmail.com) Received: from mail-ew0-f226.google.com (mail-ew0-f226.google.com [209.85.219.226]) by mx1.freebsd.org (Postfix) with ESMTP id 8E36D8FC08; Fri, 18 Dec 2009 15:40:19 +0000 (UTC) Received: by ewy26 with SMTP id 26so2505388ewy.3 for ; Fri, 18 Dec 2009 07:40:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:content-type :content-transfer-encoding; bh=18ZVebnruDTvGY+WnA9ykcvArxYRyMhnuX8aRUQ1jxU=; b=LOLDwADukhoxO1UQ5b2gcEuiUiZIMyAaoQvMXXimMohOGsRDEG1xBgD9zGSUjKK8s8 PC691k5O6VT+/BJEfxH7lszcZG/+iLyys2oUCZ8qBDjEiqW0wse6BN99qdwP+85+HSZB tiJuJzQS73JRHDDl6rx0kQkksxO4b8fiWIQMc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :content-type:content-transfer-encoding; b=Gs8xkQ6NBrZl9YbuWmCX0ywyoJmQwIVOdWL/QDxS8foIZR1u1anc1cbAMBqw+TodD1 fYqhaRdW6qzTm177C4to8UkRbDGWm3YbEBqQvPqhTMS5cEEt4em36KUg3gj2h2Ow55wO 8UpS06m2aiHjQXNS3b04KYE0bRBjPlD0wTmTk= Received: by 10.213.102.66 with SMTP id f2mr4925552ebo.12.1261149290058; Fri, 18 Dec 2009 07:14:50 -0800 (PST) Received: from ?192.168.51.51? (lns-bzn-50f-81-56-231-226.adsl.proxad.net [81.56.231.226]) by mx.google.com with ESMTPS id 23sm5268407eya.3.2009.12.18.07.14.48 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 18 Dec 2009 07:14:49 -0800 (PST) Message-ID: <4B2B9C67.2010801@gmail.com> Date: Fri, 18 Dec 2009 16:14:47 +0100 From: "pierre.reveillon" User-Agent: Mozilla-Thunderbird 2.0.0.22 (X11/20090707) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Network ACK loss problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Dec 2009 15:40:20 -0000 Hi, I just upgraded a server to 8.0_RELEASE and I started having network problems when pf is enabled (even with only "pass all" rules). It seems that some ACK are loss (see tcpdump results at the end). I still have some strange mail server problems when pf is disabled but I'm not sure it's linked. Thanks, Pierre Informations about my configuration : [root@papaya ~]# uname -a FreeBSD papaya.yyy.net 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 [root@papaya ~]# dmesg | grep vge0 vge0: port 0xfc00-0xfcff mem 0xfdfff000-0xfdfff0ff irq 18 at device 14.0 on pci0 miibus0: on vge0 vge0: WARNING: using obsoleted if_watchdog interface vge0: Ethernet address: 00:xx:xx:xx:xx:xx vge0: [ITHREAD] vge0: link state changed to UP vge0: promiscuous mode enabled vge0: promiscuous mode disabled [root@papaya ~]# pfctl -sr No ALTQ support in kernel ALTQ related functions disabled pass in all flags S/SA keep state pass out all flags S/SA keep state Tcpdump output: ******************** BAD ONE (pf enabled) ******************** listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 15:29:26.847488 IP bagherra.local.42567 > papaya.yyy.net.www: Flags [S], seq 4010981448, win 5840, options [mss 1460,sackOK,TS val 27823034 ecr 0,nop,wscale 7], length 0 15:29:26.891968 IP papaya.yyy.net.www > bagherra.local.42567: Flags [S.], seq 3588656077, ack 4010981449, win 65535, options [mss 1412,nop,wscale 3,sackOK,TS val 1087266140 ecr 27823034], length 0 15:29:26.892034 IP bagherra.local.42567 > papaya.yyy.net.www: Flags [.], ack 1, win 46, options [nop,nop,TS val 27823045 ecr 1087266140], length 0 15:29:26.892281 IP bagherra.local.42567 > papaya.yyy.net.www: Flags [P.], seq 1:120, ack 1, win 46, options [nop,nop,TS val 27823045 ecr 1087266140], length 119 15:29:26.982496 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.], seq 1:1401, ack 120, win 8225, options [nop,nop,TS val 1087266186 ecr 27823045], length 1400 15:29:26.982536 IP bagherra.local.42567 > papaya.yyy.net.www: Flags [.], ack 1401, win 69, options [nop,nop,TS val 27823068 ecr 1087266186], length 0 15:29:27.027653 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.], seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087266275 ecr 27823068], length 1400 15:29:27.028035 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.], seq 2801:4201, ack 120, win 8225, options [nop,nop,TS val 1087266275 ecr 27823068], length 1400 15:29:27.446470 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.], seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087266694 ecr 27823068], length 1400 15:29:28.082905 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.], seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087267331 ecr 27823068], length 1400 15:29:29.156079 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.], seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087268404 ecr 27823068], length 1400 15:29:31.100271 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.], seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087270349 ecr 27823068], length 1400 15:29:34.788167 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.], seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087274038 ecr 27823068], length 1400 15:29:40.266521 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.], seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087279519 ecr 27823068], length 1400 15:29:51.023919 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.], seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087290280 ecr 27823068], length 1400 15:30:12.336745 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.], seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087311601 ecr 27823068], length 1400 15:30:54.762699 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.], seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087354042 ecr 27823068], length 1400 15:31:58.740422 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.], seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087418043 ecr 27823068], length 1400 15:33:02.718736 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.], seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087482044 ecr 27823068], length 1400 15:34:06.696421 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.], seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087546045 ecr 27823068], length 1400 ********************** GOOD ONE (pf disabled) ********************** listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 15:35:20.857405 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [S], seq 989268196, win 5840, options [mss 1460,sackOK,TS val 27911536 ecr 0,nop,wscale 7], length 0 15:35:20.901493 IP papaya.yyy.net.www > bagherra.local.52734: Flags [S.], seq 2220327620, ack 989268197, win 65535, options [mss 1412,nop,wscale 3,sackOK,TS val 1324570413 ecr 27911536], length 0 15:35:20.901541 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.], ack 1, win 46, options [nop,nop,TS val 27911548 ecr 1324570413], length 0 15:35:20.901682 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [P.], seq 1:120, ack 1, win 46, options [nop,nop,TS val 27911548 ecr 1324570413], length 119 15:35:20.949199 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.], seq 1:1401, ack 120, win 8225, options [nop,nop,TS val 1324570459 ecr 27911548], length 1400 15:35:20.949243 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.], ack 1401, win 69, options [nop,nop,TS val 27911559 ecr 1324570459], length 0 15:35:20.994274 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.], seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1324570504 ecr 27911559], length 1400 15:35:20.994310 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.], ack 2801, win 91, options [nop,nop,TS val 27911571 ecr 1324570504], length 0 15:35:20.994758 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.], seq 2801:4201, ack 120, win 8225, options [nop,nop,TS val 1324570504 ecr 27911559], length 1400 15:35:20.994772 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.], ack 4201, win 114, options [nop,nop,TS val 27911571 ecr 1324570504], length 0 15:35:21.038843 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.], seq 4201:5601, ack 120, win 8225, options [nop,nop,TS val 1324570549 ecr 27911571], length 1400 15:35:21.038876 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.], ack 5601, win 137, options [nop,nop,TS val 27911582 ecr 1324570549], length 0 15:35:21.039366 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.], seq 5601:7001, ack 120, win 8225, options [nop,nop,TS val 1324570549 ecr 27911571], length 1400 15:35:21.039383 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.], ack 7001, win 159, options [nop,nop,TS val 27911582 ecr 1324570549], length 0 15:35:21.040337 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.], seq 7001:8401, ack 120, win 8225, options [nop,nop,TS val 1324570550 ecr 27911571], length 1400 15:35:21.040351 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.], ack 8401, win 182, options [nop,nop,TS val 27911582 ecr 1324570550], length 0 15:35:21.084159 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.], seq 8401:9801, ack 120, win 8225, options [nop,nop,TS val 1324570594 ecr 27911582], length 1400 15:35:21.084201 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.], ack 9801, win 204, options [nop,nop,TS val 27911593 ecr 1324570594], length 0 15:35:21.085054 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.], seq 9801:11201, ack 120, win 8225, options [nop,nop,TS val 1324570595 ecr 27911582], length 1400 15:35:21.085076 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.], ack 11201, win 227, options [nop,nop,TS val 27911593 ecr 1324570595], length 0 15:35:21.085088 IP papaya.yyy.net.www > bagherra.local.52734: Flags [P.], seq 11201:11727, ack 120, win 8225, options [nop,nop,TS val 1324570595 ecr 27911582], length 526 15:35:21.085098 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.], ack 11727, win 249, options [nop,nop,TS val 27911593 ecr 1324570595], length 0 15:35:21.085950 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [F.], seq 120, ack 11727, win 249, options [nop,nop,TS val 27911594 ecr 1324570595], length 0 15:35:21.131345 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.], ack 121, win 8225, options [nop,nop,TS val 1324570642 ecr 27911594], length 0 15:35:21.131563 IP papaya.yyy.net.www > bagherra.local.52734: Flags [F.], seq 11727, ack 121, win 8225, options [nop,nop,TS val 1324570642 ecr 27911594], length 0 15:35:21.131596 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.], ack 11728, win 249, options [nop,nop,TS val 27911605 ecr 1324570642], length 0