From owner-freebsd-current@FreeBSD.ORG Wed May 30 22:07:50 2007 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D701016A421; Wed, 30 May 2007 22:07:50 +0000 (UTC) (envelope-from sgk@troutmask.apl.washington.edu) Received: from troutmask.apl.washington.edu (troutmask.apl.washington.edu [128.208.78.105]) by mx1.freebsd.org (Postfix) with ESMTP id A0E0C13C455; Wed, 30 May 2007 22:07:50 +0000 (UTC) (envelope-from sgk@troutmask.apl.washington.edu) Received: from troutmask.apl.washington.edu (localhost.apl.washington.edu [127.0.0.1]) by troutmask.apl.washington.edu (8.14.1/8.13.8) with ESMTP id l4UM5lh1014884; Wed, 30 May 2007 15:05:47 -0700 (PDT) (envelope-from sgk@troutmask.apl.washington.edu) Received: (from sgk@localhost) by troutmask.apl.washington.edu (8.14.1/8.13.8/Submit) id l4UM5lCp014883; Wed, 30 May 2007 15:05:47 -0700 (PDT) (envelope-from sgk) Date: Wed, 30 May 2007 15:05:47 -0700 From: Steve Kargl To: Andre Oppermann Message-ID: <20070530220547.GA14801@troutmask.apl.washington.edu> References: <20070525234115.GA48789@troutmask.apl.washington.edu> <465AF5C6.2010302@freebsd.org> <20070529002304.GA90534@troutmask.apl.washington.edu> <465D70A4.3040107@freebsd.org> <20070530193523.GA13655@troutmask.apl.washington.edu> <465DE3F6.3030001@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <465DE3F6.3030001@freebsd.org> User-Agent: Mutt/1.4.2.2i Cc: freebsd-current@freebsd.org Subject: Re: Segment failed SYNCOOKIE? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 May 2007 22:07:50 -0000 On Wed, May 30, 2007 at 10:52:06PM +0200, Andre Oppermann wrote: > Steve Kargl wrote: > >On Wed, May 30, 2007 at 02:40:04PM +0200, Andre Oppermann wrote: > >>I have committed further changes and logging to tcp_input() that > >>will give more insight into this. Please update to the latest > >>current and report the new log messages. > > > >I have > > src/sys/netinet/tcp_syncache.c,v 1.120 2007/05/28 23:27:44 andre Exp $ > >which is giving me > > > >May 30 12:20:07 node13 kernel: bge0: watchdog timeout -- resetting > >May 30 12:20:07 node13 kernel: bge0: link state changed to DOWN > >May 30 12:20:09 node13 kernel: bge0: link state changed to UP > >May 30 12:20:53 node13 kernel: TCP: [192.168.0.13]:55626 to > >[192.168.0.13]:59148 tcpflags 0x10; syncache_expand: Segment failed > >SYNCOOKIE authentication, segment rejected (probably spoofed) > >May 30 12:20:53 node13 kernel: TCP: [192.168.0.11]:62391 to > >[192.168.0.13]:50827 tcpflags 0x11; syncache_expand: Segment > >failed SYNCOOKIE authentication, segment rejected (probably spoofed) > >May 30 12:20:54 node13 kernel: TCP: [192.168.0.12]:63318 to > >[192.168.0.13]:55624 tcpflags 0x10; syncache_expand: Segment failed > >SYNCOOKIE authentication, segment rejected (probably spoofed) > > Our TCP has a bug where it closes a socket and tcpcb too fast and > follow-up replies from the remote host may then hit the listen > socket giving these artifacts. I have a large TCP cleanup/rewrite > upcoming that fixes these issues. Thanks for the info. Do you have an ETA for the rewrite? If you need someone to do some testing of the patch, you can send to me. > >I don't know if the watchdog timeout is a symptom or cause of the > >SYNCOOKIE problem. > > In theory this is not related. However if it *only* happens shortly > after a bge0 watchdog timeout then there may be a relation. Given your statement above, I think it's simple a coincidence. > >Note, this is an openmpi app that is using the Message Passing Interface > >to communicate between processes. > > Does the openmpi application or the openmpi library raise any errors? I'll have to get back to you on this one. -- Steve