From owner-freebsd-current  Fri Jan  3  5:35:25 2003
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BF53137B401
	for <current@freebsd.org>; Fri,  3 Jan 2003 05:35:22 -0800 (PST)
Received: from mail.tcoip.com.br (erato.tco.net.br [200.220.254.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4FEF743EC2
	for <current@freebsd.org>; Fri,  3 Jan 2003 05:35:18 -0800 (PST)
	(envelope-from dcs@tcoip.com.br)
Received: from tcoip.com.br ([10.0.2.6])
	by mail.tcoip.com.br (8.11.6/8.11.6) with ESMTP id h03DZDV00650
	for <current@freebsd.org>; Fri, 3 Jan 2003 11:35:13 -0200
Message-ID: <3E15917A.9090609@tcoip.com.br>
Date: Fri, 03 Jan 2003 11:34:50 -0200
From: "Daniel C. Sobral" <dcs@tcoip.com.br>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2b) Gecko/20021016
X-Accept-Language: en-us, en, pt-br, ja
MIME-Version: 1.0
To: current@freebsd.org
Subject: sshd login
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

Starting around the end of the year, sshd is taking a LONG time to=20
proceed, just a bit after the few first packets.

Here:

11:25:03.624519 172.31.199.17.2058 > 172.31.199.20.22: S [tcp sum ok]=20
2790790408:2790790408(0) win 57344 <mss 1460,nop,wscale=20
0,nop,nop,timestamp 187450151 0> (DF) (ttl 64, id 17561, len 60)
11:25:03.624771 172.31.199.20.22 > 172.31.199.17.2058: S [tcp sum ok]=20
714515882:714515882(0) ack 2790790409 win 65535 <mss 1460,nop,wscale=20
1,nop,nop,timestamp 794169 187450151> (DF) (ttl 64, id 6630, len 60)
11:25:03.624825 172.31.199.17.2058 > 172.31.199.20.22: . [tcp sum ok]=20
1:1(0) ack 1 win 57920 <nop,nop,timestamp 187450151 794169> (DF) (ttl=20
64, id 17562, len 52)
11:25:03.627353 172.31.199.20.22 > 172.31.199.17.2058: P [tcp sum ok]=20
1:40(39) ack 1 win 33304 <nop,nop,timestamp 794174 187450151> (DF) (ttl=20
64, id 6631, len 91)
11:25:03.627677 172.31.199.17.2058 > 172.31.199.20.22: P [tcp sum ok]=20
1:40(39) ack 40 win 57920 <nop,nop,timestamp 187450151 794174> (DF) (ttl =

64, id 17563, len 91)
11:25:03.631703 172.31.199.20.22 > 172.31.199.17.2058: P [tcp sum ok]=20
40:576(536) ack 40 win 33304 <nop,nop,timestamp 794183 187450151> (DF)=20
(ttl 64, id 6632, len 588)
11:25:03.631786 172.31.199.17.2058 > 172.31.199.20.22: P [tcp sum ok]=20
40:576(536) ack 576 win 57384 <nop,nop,timestamp 187450151 794183> (DF)=20
(ttl 64, id 17564, len 588)
11:25:03.731944 172.31.199.20.22 > 172.31.199.17.2058: . [tcp sum ok]=20
576:576(0) ack 576 win 33304 <nop,nop,timestamp 794384 187450151> (DF)=20
(ttl 64, id 6633, len 52)
11:25:03.731990 172.31.199.17.2058 > 172.31.199.20.22: P [tcp sum ok]=20
576:600(24) ack 576 win 57920 <nop,nop,timestamp 187450161 794384> (DF)=20
(ttl 64, id 17566, len 76)
11:25:03.740924 172.31.199.20.22 > 172.31.199.17.2058: P [tcp sum ok]=20
576:1000(424) ack 600 win 33304 <nop,nop,timestamp 794401 187450161>=20
(DF) (ttl 64, id 6634, len 476)
11:25:03.775190 172.31.199.17.2058 > 172.31.199.20.22: P [tcp sum ok]=20
600:1016(416) ack 1000 win 57920 <nop,nop,timestamp 187450166 794401>=20
(DF) (ttl 64, id 17567, len 468)
11:25:03.826489 172.31.199.20.22 > 172.31.199.17.2058: P [tcp sum ok]=20
1000:1928(928) ack 1016 win 33304 <nop,nop,timestamp 794572 187450166>=20
(DF) (ttl 64, id 6635, len 980)
11:25:03.878175 172.31.199.17.2058 > 172.31.199.20.22: P [tcp sum ok]=20
1016:1032(16) ack 1928 win 57920 <nop,nop,timestamp 187450176 794572>=20
(DF) (ttl 64, id 17570, len 68)
11:25:03.978067 172.31.199.20.22 > 172.31.199.17.2058: . [tcp sum ok]=20
1928:1928(0) ack 1032 win 33304 <nop,nop,timestamp 794876 187450176>=20
(DF) (ttl 64, id 6637, len 52)
11:25:03.978113 172.31.199.17.2058 > 172.31.199.20.22: P [tcp sum ok]=20
1032:1080(48) ack 1928 win 57920 <nop,nop,timestamp 187450186 794876>=20
(DF) (ttl 64, id 17587, len 100)
11:25:03.978519 172.31.199.20.22 > 172.31.199.17.2058: P [tcp sum ok]=20
1928:1976(48) ack 1080 win 33304 <nop,nop,timestamp 794876 187450186>=20
(DF) (ttl 64, id 6638, len 100)
11:25:03.978750 172.31.199.17.2058 > 172.31.199.20.22: P [tcp sum ok]=20
1080:1144(64) ack 1976 win 57920 <nop,nop,timestamp 187450186 794876>=20
(DF) (ttl 64, id 17588, len 116)
11:25:04.078627 172.31.199.20.22 > 172.31.199.17.2058: . [tcp sum ok]=20
1976:1976(0) ack 1144 win 33304 <nop,nop,timestamp 795077 187450186>=20
(DF) (ttl 64, id 6640, len 52)

At this point, ps alx shows:

     0  6609  6387   0   4  0  4004 2072 sbwait S     ??    0:00.02=20
/usr/sbin/sshd
    22  6610  6609   0   4  0  4076 2200 kqread S     ??    0:00.08=20
sshd: [net] (sshd)

and then:

     0  6609  6387   0   4  0  4004 2072 sbwait I     ??    0:00.02=20
/usr/sbin/sshd
    22  6610  6609   0   4  0  4076 2200 kqread S     ??    0:00.08=20
sshd: [net] (sshd)

It proceeds from there after a while.

11:26:19.030401 172.31.199.20.22 > 172.31.199.17.2058: P [tcp sum ok]=20
1976:2056(80) ack 1144 win 33304 <nop,nop,timestamp 944898 187450186>=20
(DF) (ttl 64, id 11691, len 132)

[etc]

Ok, this is 75 seconds, which is the common timeout for NS. Thing is...

1) No NS queries are made during this process.
2) Nothing changed in the environment, except updating FreeBSD.
3) My sshd is not configured to check for reverse.

Anyone has any clues?

--=20
Daniel C. Sobral
Ger=EAncia de Opera=E7=F5es
Divis=E3o de Comunica=E7=E3o de Dados
Coordena=E7=E3o de Seguran=E7a
TCO
Fones: 55-61-313-7654/Cel: 55-61-9618-0904
E-mail:	Daniel.Capo@tco.net.br
	Daniel.Sobral@tcoip.com.br
	dcs@tcoip.com.br



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message