Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 16 Jul 2002 13:36:26 -0400
From:      Barney Wolff <barney@tp.databus.com>
To:        Alex Dyas <alexdyas@hotmail.com>
Cc:        net@FreeBSD.ORG, silby@silby.com
Subject:   Re: BSD / Firewall / 0 window size problem
Message-ID:  <20020716173626.GA79838@tp.databus.com>
In-Reply-To: <F175KzGZuNY1SWoBDys00012182@hotmail.com>
References:  <F175KzGZuNY1SWoBDys00012182@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Wrong - the packet you're interpreting as "not freeze up" is an ack.
The next data packet, which is a window probe in both cases, shows
about the same delay with both OS's.

On Tue, Jul 16, 2002 at 04:24:56PM +0000, Alex Dyas wrote:
> Mike Silbersack wrote:
> >On Thu, 11 Jul 2002, Alex Dyas wrote:
> >
> >
> >>The only clue I've managed to find as to what is going on is in a tcpdump 
> >>of
> >>the session (attached).  The trigger for the lock up seems to be a 
> >>messages
> >>from the Otherbox machine setting the window size to 0 :
> >>
> >>10:41:38.614141 otherbox.foo.com.telnet > bsdbox.foo.com.2230: . ack 154 
> >>win
> >>0
> >>10:41:38.614200 bsdbox.foo.com.2230 > otherbox.foo.com.telnet: . ack 337 
> >>win
> >>33304 <nop,nop,timestamp 9026230 147804149> (DF) [tos 0x10]
> >>
> >>I've tried all the following scenarios, none of which exhibit the same
> >>problem, which is why I think the problem is with FreeBSD :
> >>
> >>bsdbox.foo.com -> otherbox.foo.com
> >>solarisbox.foo.com -> internal GNAT firewall -> otherbox.foo.com
> >>windowsbox.foo.com -> internal GNAT firewall -> otherbox.foo.com
> >>linuxbox.foo.com -> internal GNAT firewall -> otherbox.foo.com
> >
> >
> >Could you post a tcpdump of one of the successful connections so that we
> >can see how 0 windows are handled there?
> >
> >Also, have you tcpdump'd at both ends to ensure that we're not actually
> >seeing odd sideeffects of packet loss or something?  (Some reported
> >problems in the past have been due to misbehaving duplex autodetect and
> >bad cables.)
> >
> >Offhand, I can't see what the FreeBSD box is doing wrong, but I'd like
> >something else to compare to.
> >
> >Thanks,
> >
> >Mike "Silby" Silbersack
> >
> 
> I've attached a tcpdump of a Linux machine doing the same thing 
> (working.txt).
> 
> the same 0 sized window can be seen:
> 
> 17:15:56.094161 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack 
> 456 win 5840 <nop,nop,timestamp 176027347 193370834> (DF) [tos 0x10]
> 17:16:12.634540 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: . ack 74 
> win 0
> 17:16:12.634540 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack 
> 456 win 5840 <nop,nop,timestamp 176029001 193370834> (DF) [tos 0x10]
> 
> but the Linux telnet session does not freeze up as the BSD one does.
> 
> Again, any help would be most appreciated.
> 
> Thanks again,
> 
> Alex...
> 
> 
> _________________________________________________________________
> Join the world?s largest e-mail service with MSN Hotmail. 
> http://www.hotmail.com

> 17:15:52.134070 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: P 
> 68:70(2) ack 417 win 5840 <nop,nop,timestamp 176026951 193369280> (DF) [tos 
> 0x10]
> 17:15:52.144070 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P 
> 417:419(2) ack 70 win 24616 <nop,nop,timestamp 193370439 176026951> (DF)
> 17:15:52.144070 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack 
> 419 win 5840 <nop,nop,timestamp 176026952 193370439> (DF) [tos 0x10]
> 17:15:52.144070 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P 
> 419:430(11) ack 70 win 24616 <nop,nop,timestamp 193370439 176026952> (DF)
> 17:15:52.144070 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack 
> 430 win 5840 <nop,nop,timestamp 176026952 193370439> (DF) [tos 0x10]
> 17:15:53.744107 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: P 
> 70:72(2) ack 430 win 5840 <nop,nop,timestamp 176027112 193370439> (DF) [tos 
> 0x10]
> 17:15:53.744107 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P 
> 430:432(2) ack 72 win 24616 <nop,nop,timestamp 193370599 176027112> (DF)
> 17:15:53.744107 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack 
> 432 win 5840 <nop,nop,timestamp 176027112 193370599> (DF) [tos 0x10]
> 17:15:53.744107 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P 
> 432:443(11) ack 72 win 24616 <nop,nop,timestamp 193370599 176027112> (DF)
> 17:15:53.744107 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack 
> 443 win 5840 <nop,nop,timestamp 176027112 193370599> (DF) [tos 0x10]
> 17:15:56.094161 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: P 
> 72:74(2) ack 443 win 5840 <nop,nop,timestamp 176027347 193370599> (DF) [tos 
> 0x10]
> 17:15:56.094161 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P 
> 443:445(2) ack 74 win 24616 <nop,nop,timestamp 193370834 176027347> (DF)
> 17:15:56.094161 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack 
> 445 win 5840 <nop,nop,timestamp 176027347 193370834> (DF) [tos 0x10]
> 17:15:56.094161 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P 
> 445:456(11) ack 74 win 24616 <nop,nop,timestamp 193370834 176027347> (DF)
> 17:15:56.094161 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack 
> 456 win 5840 <nop,nop,timestamp 176027347 193370834> (DF) [tos 0x10]
> 17:16:12.634540 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: . ack 74 
> win 0
> 17:16:12.634540 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack 
> 456 win 5840 <nop,nop,timestamp 176029001 193370834> (DF) [tos 0x10]
> 17:16:20.034709 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: P 
> 74:76(2) ack 456 win 5840 <nop,nop,timestamp 176029741 193370834> (DF) [tos 
> 0x10]
> 17:16:20.034709 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P 
> 456:458(2) ack 76 win 24616 <nop,nop,timestamp 193373228 176029741> (DF)
> 17:16:20.034709 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack 
> 458 win 5840 <nop,nop,timestamp 176029741 193373228> (DF) [tos 0x10]
> 17:16:20.034709 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P 
> 458:469(11) ack 76 win 24616 <nop,nop,timestamp 193373228 176029741> (DF)
> 17:16:20.034709 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack 
> 469 win 5840 <nop,nop,timestamp 176029741 193373228> (DF) [tos 0x10]
> 17:16:20.234714 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: P 
> 76:78(2) ack 469 win 5840 <nop,nop,timestamp 176029761 193373228> (DF) [tos 
> 0x10]
> 17:16:20.234714 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P 
> 469:471(2) ack 78 win 24616 <nop,nop,timestamp 193373248 176029761> (DF)
> 17:16:20.234714 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack 
> 471 win 5840 <nop,nop,timestamp 176029761 193373248> (DF) [tos 0x10]
> 17:16:20.234714 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P 
> 471:482(11) ack 78 win 24616 <nop,nop,timestamp 193373249 176029761> (DF)
> 17:16:20.234714 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack 
> 482 win 5840 <nop,nop,timestamp 176029761 193373249> (DF) [tos 0x10]
> 

> 10:41:22.149761 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: P 
> 146:148(2) ack 285 win 33304 <nop,nop,timestamp 9024584 147802840> (DF) 
> [tos 0x10]
> 10:41:22.150396 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
> 285:287(2) ack 148 win 24616 <nop,nop,timestamp 147804072 9024584> (DF)
> 10:41:22.249151 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 287 
> win 33304 <nop,nop,timestamp 9024594 147804072> (DF) [tos 0x10]
> 10:41:22.249515 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
> 287:298(11) ack 148 win 24616 <nop,nop,timestamp 147804082 9024594> (DF)
> 10:41:22.349154 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 298 
> win 33304 <nop,nop,timestamp 9024604 147804082> (DF) [tos 0x10]
> 10:41:22.380132 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: P 
> 148:150(2) ack 298 win 33304 <nop,nop,timestamp 9024607 147804082> (DF) 
> [tos 0x10]
> 10:41:22.380644 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
> 298:300(2) ack 150 win 24616 <nop,nop,timestamp 147804095 9024607> (DF)
> 10:41:22.484269 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 300 
> win 33304 <nop,nop,timestamp 9024617 147804095> (DF) [tos 0x10]
> 10:41:22.484920 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
> 300:311(11) ack 150 win 24616 <nop,nop,timestamp 147804105 9024617> (DF)
> 10:41:22.579160 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 311 
> win 33304 <nop,nop,timestamp 9024627 147804105> (DF) [tos 0x10]
> 10:41:22.599564 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: P 
> 150:152(2) ack 311 win 33304 <nop,nop,timestamp 9024629 147804105> (DF) 
> [tos 0x10]
> 10:41:22.600250 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
> 311:313(2) ack 152 win 24616 <nop,nop,timestamp 147804117 9024629> (DF)
> 10:41:22.699161 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 313 
> win 33304 <nop,nop,timestamp 9024639 147804117> (DF) [tos 0x10]
> 10:41:22.699564 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
> 313:324(11) ack 152 win 24616 <nop,nop,timestamp 147804127 9024639> (DF)
> 10:41:22.799162 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 324 
> win 33304 <nop,nop,timestamp 9024649 147804127> (DF) [tos 0x10]
> 10:41:22.818906 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: P 
> 152:154(2) ack 324 win 33304 <nop,nop,timestamp 9024650 147804127> (DF) 
> [tos 0x10]
> 10:41:22.819479 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
> 324:326(2) ack 154 win 24616 <nop,nop,timestamp 147804139 9024650> (DF)
> 10:41:22.919168 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 326 
> win 33304 <nop,nop,timestamp 9024661 147804139> (DF) [tos 0x10]
> 10:41:22.919576 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
> 326:337(11) ack 154 win 24616 <nop,nop,timestamp 147804149 9024661> (DF)
> 10:41:23.019171 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 337 
> win 33304 <nop,nop,timestamp 9024671 147804149> (DF) [tos 0x10]
> 10:41:38.614141 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: . ack 154 
> win 0
> 10:41:38.614200 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 337 
> win 33304 <nop,nop,timestamp 9026230 147804149> (DF) [tos 0x10]
> 10:41:47.199533 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . 
> 154:155(1) ack 337 win 33304 <nop,nop,timestamp 9027089 147804149> (DF) 
> [tos 0x10]
> 10:41:47.297912 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: . ack 155 
> win 24616 <nop,nop,timestamp 147806587 9027089> (DF)
> 10:41:47.297970 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: P 
> 155:162(7) ack 337 win 33304 <nop,nop,timestamp 9027098 147806587> (DF) 
> [tos 0x10]
> 10:41:47.298154 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
> 337:339(2) ack 155 win 24616 <nop,nop,timestamp 147806587 9027089> (DF)
> 10:41:47.389540 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 339 
> win 33304 <nop,nop,timestamp 9027108 147806587> (DF) [tos 0x10]
> 10:41:47.390038 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P 
> 339:395(56) ack 162 win 24616 <nop,nop,timestamp 147806596 9027098> (DF)
> 10:41:47.489541 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 395 
> win 33304 <nop,nop,timestamp 9027118 147806596> (DF) [tos 0x10]
> 


-- 
Barney Wolff
I never met a computer I didn't like.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020716173626.GA79838>