From owner-freebsd-current@FreeBSD.ORG Wed Jul 11 06:04:31 2007 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F29C016A46B; Wed, 11 Jul 2007 06:04:30 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from pobox.codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id A226413C448; Wed, 11 Jul 2007 06:04:30 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender:X-Spam-Status:Subject; b=HI7NO6lta9Avbq1p2gObXk7MZd7AniavOXlkgISsvE1X6NrseJOIMH4JS1oy+Z9S4NCEz47Rxh6DsjTR5bRrjf3fwzQwguDgMEvYdnyiIoFT0Anq8T+0XQFy53nSOrqe55rKXqkNQ2ib7wop1STmhOI+x1fRehG3TeUQTwjBuZ8=; Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by pobox.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1I8VJM-0007wC-7S; Wed, 11 Jul 2007 10:04:28 +0400 Date: Wed, 11 Jul 2007 10:04:23 +0400 From: Eygene Ryabinkin To: Mike Silbersack Message-ID: <20070711060423.GV1038@void.codelabs.ru> References: <20070709234401.S29353@odysseus.silby.com> <20070710132253.GJ1038@void.codelabs.ru> <20070710202028.I34890@odysseus.silby.com> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20070710202028.I34890@odysseus.silby.com> Sender: rea-fbsd@codelabs.ru X-Spam-Status: No, score=-3.0 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_00 Cc: Andre Oppermann , Robert Watson , current@freebsd.org, net@freebsd.org Subject: Re: FreeBSD 7 TCP syncache fix: request for testers X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jul 2007 06:04:31 -0000 Mike, good day. Tue, Jul 10, 2007 at 08:29:14PM -0500, Mike Silbersack wrote: > The fact that you're still getting the syncache_expand message tells me that > there's another bug which I have not yet fixed still present. > > My suspicion is that the "Segment failed SYNCOOKIE authentication" message is > the aftereffect of FreeBSD 7 randomly dropping TCP connections, and not the > problem itself. My theory is that the connection is silently dropped, without > the other endpoint knowing. That other endpoint then sends an ACK packet, > which is then believed to be a syncookie. Since it is not, it obviously fails > the verification. OK, maybe I have something that can be related to this bug. It provokes another message, 'Spurious RST', but can be correlated with your guess. What is happening is that when one side closes the connection and releases the socket (running -CURRENT) while the other one is still pushing data through the connection, we are getting 'Spurious RST' messages. This happens, because we are checking the 'so->so_state' for the presence of the 'SS_NOFDREF' flag (tcp_input.c, version 1.361, line 1581) and dropping such connections with RST. But the connection was already closed (living in the FIN-WAIT-2 state, to be precise) from that side, so it provokes the debug message. If you're interested, I have the tcpdump trace and the relevant dmesg output for such a session: http://codelabs.ru/fbsd/session-with-close.tar.bz2 It was produced on the lo0 with client connecting to Apache instance and performing the close() on the socket after some (but not all) bytes of HTTP reply were received. > >But the patch received only half a day of testing, so I will continue > >the tests and will inform you if some other information will be > >available. Up to date I don't see problems that had appeared without > >the patch, but they tend to show up after a midnight ;)) > > Thanks for testing, You're welcome ;)) > I look forward to hearing how things work for you. My problem, as usual, showed up after midnight -- the sockets with the weird state: ----- tcp4 0 0 127.0.0.1.* 127.0.0.1.40001 CLOSED tcp4 0 0 127.0.0.1.* 127.0.0.1.40001 CLOSED ----- 127.0.0.1:40001 used to be the real connections to the service on the port 40001, but they lose their port association from the client side and are stuck in the CLOSED state. The effect is that I can not connect to the service listening to 127.0.0.1:40001 anymore. Only service restart helps. Perhaps that can give you some clue. Perhaps not: it may be totally unrelated to the syncache issues :(( This is also documented in the thread http://lists.freebsd.org/pipermail/freebsd-net/2007-June/014406.html Thank you! -- Eygene