Date: Tue, 02 Jul 2002 01:36:11 -0700 From: Tom Pavel <pavel@networkphysics.com> To: Mike Silbersack <silby@silby.com> Cc: net@FreeBSD.ORG Subject: Re: questions about TCP RST validity Message-ID: <200207020836.g628aBR64517@scout.networkphysics.com> In-Reply-To: Message from Mike Silbersack <silby@silby.com> of "Mon, 01 Jul 2002 23:51:42 CDT." <20020701234858.G87544-100000@patrocles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Mon, 1 Jul 2002, Mike Silbersack <silby@silby.com> writes: > On Mon, 1 Jul 2002, Tom Pavel wrote: > > > Here is a trace to illustrate: > > > > 09:05:35.956066 AA.80 > BB.61390: . 3568529946:3568531406(1460) ack 2597111 > 261 win 4380 (DF) > > 09:05:36.961787 AA.80 > BB.61390: . 3568529946:3568531406(1460) ack 2597111 > 261 win 4380 (DF) > > 09:05:38.973207 AA.80 > BB.61390: . 3568529946:3568531406(1460) ack 2597111 > 261 win 4380 (DF) > > Is this a real trace? It looks highly irregular to me. I don't see why > BB isn't RSTing each packet, and AA looks to be retransmitting way too > quickly. Yes, this is a real trace. And it is not a single fluke BB host either. If you look at enough web traces, you will eventually find such examples (it is pretty rare, though). Other OSes I was able to test show the same behavior as AA. I included my theories about the cause for BB's behavior (stateful firewall or modem hangup), but I really have no info about that. I'm not sure why you say the retrans are too quick. The 2 above are 1 sec and 2 sec, respectively. The rest continue exponentially. > > In any event, though, it seems to me relatively harmless to have AA > > accept seqnums "slightly" to the left of its current advertised window > > (say last_ack_sent - rcv_wnd). This would save a bunch of needless > > retransmits and it would clean up the control block much sooner than > > letting AA timeout on retransmitting. > > > > What collective wisdom do folks have about this? > > I'm not sure doubling the "RST window" is a good idea. With window sizes > increasing as they are, that could become a significant issue as time goes > on. How about one MSS worth of window or something similar? That sounds pretty reasonable. All of the traces I have noticed came with an "early" FIN from the web client, so even 1 byte would have been enough in those cases. One MSS sounds like a good compromise. Tom Pavel Network Physics pavel@networkphysics.com / pavel@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207020836.g628aBR64517>