From owner-freebsd-net Tue Jul 16 10:36:38 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA68237B400 for ; Tue, 16 Jul 2002 10:36:28 -0700 (PDT) Received: from tp.databus.com (p72-186.acedsl.com [66.114.72.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1659043E31 for ; Tue, 16 Jul 2002 10:36:28 -0700 (PDT) (envelope-from barney@databus.com) Received: from databus.com (localhost.databus.com [127.0.0.1]) by tp.databus.com (8.12.5/8.12.5) with ESMTP id g6GHaRBM079873; Tue, 16 Jul 2002 13:36:27 -0400 (EDT) (envelope-from barney@databus.com) Received: (from barney@localhost) by databus.com (8.12.5/8.12.5/Submit) id g6GHaQcK079872; Tue, 16 Jul 2002 13:36:26 -0400 (EDT) Date: Tue, 16 Jul 2002 13:36:26 -0400 From: Barney Wolff To: Alex Dyas Cc: net@FreeBSD.ORG, silby@silby.com Subject: Re: BSD / Firewall / 0 window size problem Message-ID: <20020716173626.GA79838@tp.databus.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Wrong - the packet you're interpreting as "not freeze up" is an ack. The next data packet, which is a window probe in both cases, shows about the same delay with both OS's. On Tue, Jul 16, 2002 at 04:24:56PM +0000, Alex Dyas wrote: > Mike Silbersack wrote: > >On Thu, 11 Jul 2002, Alex Dyas wrote: > > > > > >>The only clue I've managed to find as to what is going on is in a tcpdump > >>of > >>the session (attached). The trigger for the lock up seems to be a > >>messages > >>from the Otherbox machine setting the window size to 0 : > >> > >>10:41:38.614141 otherbox.foo.com.telnet > bsdbox.foo.com.2230: . ack 154 > >>win > >>0 > >>10:41:38.614200 bsdbox.foo.com.2230 > otherbox.foo.com.telnet: . ack 337 > >>win > >>33304 (DF) [tos 0x10] > >> > >>I've tried all the following scenarios, none of which exhibit the same > >>problem, which is why I think the problem is with FreeBSD : > >> > >>bsdbox.foo.com -> otherbox.foo.com > >>solarisbox.foo.com -> internal GNAT firewall -> otherbox.foo.com > >>windowsbox.foo.com -> internal GNAT firewall -> otherbox.foo.com > >>linuxbox.foo.com -> internal GNAT firewall -> otherbox.foo.com > > > > > >Could you post a tcpdump of one of the successful connections so that we > >can see how 0 windows are handled there? > > > >Also, have you tcpdump'd at both ends to ensure that we're not actually > >seeing odd sideeffects of packet loss or something? (Some reported > >problems in the past have been due to misbehaving duplex autodetect and > >bad cables.) > > > >Offhand, I can't see what the FreeBSD box is doing wrong, but I'd like > >something else to compare to. > > > >Thanks, > > > >Mike "Silby" Silbersack > > > > I've attached a tcpdump of a Linux machine doing the same thing > (working.txt). > > the same 0 sized window can be seen: > > 17:15:56.094161 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack > 456 win 5840 (DF) [tos 0x10] > 17:16:12.634540 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: . ack 74 > win 0 > 17:16:12.634540 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack > 456 win 5840 (DF) [tos 0x10] > > but the Linux telnet session does not freeze up as the BSD one does. > > Again, any help would be most appreciated. > > Thanks again, > > Alex... > > > _________________________________________________________________ > Join the world?s largest e-mail service with MSN Hotmail. > http://www.hotmail.com > 17:15:52.134070 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: P > 68:70(2) ack 417 win 5840 (DF) [tos > 0x10] > 17:15:52.144070 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P > 417:419(2) ack 70 win 24616 (DF) > 17:15:52.144070 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack > 419 win 5840 (DF) [tos 0x10] > 17:15:52.144070 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P > 419:430(11) ack 70 win 24616 (DF) > 17:15:52.144070 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack > 430 win 5840 (DF) [tos 0x10] > 17:15:53.744107 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: P > 70:72(2) ack 430 win 5840 (DF) [tos > 0x10] > 17:15:53.744107 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P > 430:432(2) ack 72 win 24616 (DF) > 17:15:53.744107 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack > 432 win 5840 (DF) [tos 0x10] > 17:15:53.744107 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P > 432:443(11) ack 72 win 24616 (DF) > 17:15:53.744107 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack > 443 win 5840 (DF) [tos 0x10] > 17:15:56.094161 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: P > 72:74(2) ack 443 win 5840 (DF) [tos > 0x10] > 17:15:56.094161 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P > 443:445(2) ack 74 win 24616 (DF) > 17:15:56.094161 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack > 445 win 5840 (DF) [tos 0x10] > 17:15:56.094161 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P > 445:456(11) ack 74 win 24616 (DF) > 17:15:56.094161 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack > 456 win 5840 (DF) [tos 0x10] > 17:16:12.634540 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: . ack 74 > win 0 > 17:16:12.634540 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack > 456 win 5840 (DF) [tos 0x10] > 17:16:20.034709 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: P > 74:76(2) ack 456 win 5840 (DF) [tos > 0x10] > 17:16:20.034709 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P > 456:458(2) ack 76 win 24616 (DF) > 17:16:20.034709 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack > 458 win 5840 (DF) [tos 0x10] > 17:16:20.034709 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P > 458:469(11) ack 76 win 24616 (DF) > 17:16:20.034709 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack > 469 win 5840 (DF) [tos 0x10] > 17:16:20.234714 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: P > 76:78(2) ack 469 win 5840 (DF) [tos > 0x10] > 17:16:20.234714 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P > 469:471(2) ack 78 win 24616 (DF) > 17:16:20.234714 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack > 471 win 5840 (DF) [tos 0x10] > 17:16:20.234714 solarisbox.foo.com.telnet > linuxbox.foo.com.3479: P > 471:482(11) ack 78 win 24616 (DF) > 17:16:20.234714 linuxbox.foo.com.3479 > solarisbox.foo.com.telnet: . ack > 482 win 5840 (DF) [tos 0x10] > > 10:41:22.149761 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: P > 146:148(2) ack 285 win 33304 (DF) > [tos 0x10] > 10:41:22.150396 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P > 285:287(2) ack 148 win 24616 (DF) > 10:41:22.249151 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 287 > win 33304 (DF) [tos 0x10] > 10:41:22.249515 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P > 287:298(11) ack 148 win 24616 (DF) > 10:41:22.349154 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 298 > win 33304 (DF) [tos 0x10] > 10:41:22.380132 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: P > 148:150(2) ack 298 win 33304 (DF) > [tos 0x10] > 10:41:22.380644 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P > 298:300(2) ack 150 win 24616 (DF) > 10:41:22.484269 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 300 > win 33304 (DF) [tos 0x10] > 10:41:22.484920 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P > 300:311(11) ack 150 win 24616 (DF) > 10:41:22.579160 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 311 > win 33304 (DF) [tos 0x10] > 10:41:22.599564 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: P > 150:152(2) ack 311 win 33304 (DF) > [tos 0x10] > 10:41:22.600250 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P > 311:313(2) ack 152 win 24616 (DF) > 10:41:22.699161 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 313 > win 33304 (DF) [tos 0x10] > 10:41:22.699564 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P > 313:324(11) ack 152 win 24616 (DF) > 10:41:22.799162 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 324 > win 33304 (DF) [tos 0x10] > 10:41:22.818906 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: P > 152:154(2) ack 324 win 33304 (DF) > [tos 0x10] > 10:41:22.819479 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P > 324:326(2) ack 154 win 24616 (DF) > 10:41:22.919168 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 326 > win 33304 (DF) [tos 0x10] > 10:41:22.919576 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P > 326:337(11) ack 154 win 24616 (DF) > 10:41:23.019171 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 337 > win 33304 (DF) [tos 0x10] > 10:41:38.614141 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: . ack 154 > win 0 > 10:41:38.614200 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 337 > win 33304 (DF) [tos 0x10] > 10:41:47.199533 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . > 154:155(1) ack 337 win 33304 (DF) > [tos 0x10] > 10:41:47.297912 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: . ack 155 > win 24616 (DF) > 10:41:47.297970 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: P > 155:162(7) ack 337 win 33304 (DF) > [tos 0x10] > 10:41:47.298154 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P > 337:339(2) ack 155 win 24616 (DF) > 10:41:47.389540 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 339 > win 33304 (DF) [tos 0x10] > 10:41:47.390038 solarisbox.foo.com.telnet > bsdbox.foo.com.2230: P > 339:395(56) ack 162 win 24616 (DF) > 10:41:47.489541 bsdbox.foo.com.2230 > solarisbox.foo.com.telnet: . ack 395 > win 33304 (DF) [tos 0x10] > -- Barney Wolff I never met a computer I didn't like. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message