From owner-freebsd-net Tue Jul 2 1:36:47 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 69F6E37B400 for ; Tue, 2 Jul 2002 01:36:44 -0700 (PDT) Received: from scout.networkphysics.com (fw.networkphysics.com [205.158.104.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC7BF43E31 for ; Tue, 2 Jul 2002 01:36:43 -0700 (PDT) (envelope-from pavel@networkphysics.com) Received: from NetworkPhysics.COM (gt500.fractal.networkphysics.com [10.10.0.192]) by scout.networkphysics.com (8.11.5/8.11.5) with ESMTP id g628aBR64517; Tue, 2 Jul 2002 01:36:11 -0700 (PDT) Message-Id: <200207020836.g628aBR64517@scout.networkphysics.com> To: Mike Silbersack Cc: net@FreeBSD.ORG Subject: Re: questions about TCP RST validity In-Reply-To: Message from Mike Silbersack of "Mon, 01 Jul 2002 23:51:42 CDT." <20020701234858.G87544-100000@patrocles.silby.com> Date: Tue, 02 Jul 2002 01:36:11 -0700 From: Tom Pavel Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >>>>> On Mon, 1 Jul 2002, Mike Silbersack writes: > On Mon, 1 Jul 2002, Tom Pavel wrote: > > > Here is a trace to illustrate: > > > > 09:05:35.956066 AA.80 > BB.61390: . 3568529946:3568531406(1460) ack 2597111 > 261 win 4380 (DF) > > 09:05:36.961787 AA.80 > BB.61390: . 3568529946:3568531406(1460) ack 2597111 > 261 win 4380 (DF) > > 09:05:38.973207 AA.80 > BB.61390: . 3568529946:3568531406(1460) ack 2597111 > 261 win 4380 (DF) > > Is this a real trace? It looks highly irregular to me. I don't see why > BB isn't RSTing each packet, and AA looks to be retransmitting way too > quickly. Yes, this is a real trace. And it is not a single fluke BB host either. If you look at enough web traces, you will eventually find such examples (it is pretty rare, though). Other OSes I was able to test show the same behavior as AA. I included my theories about the cause for BB's behavior (stateful firewall or modem hangup), but I really have no info about that. I'm not sure why you say the retrans are too quick. The 2 above are 1 sec and 2 sec, respectively. The rest continue exponentially. > > In any event, though, it seems to me relatively harmless to have AA > > accept seqnums "slightly" to the left of its current advertised window > > (say last_ack_sent - rcv_wnd). This would save a bunch of needless > > retransmits and it would clean up the control block much sooner than > > letting AA timeout on retransmitting. > > > > What collective wisdom do folks have about this? > > I'm not sure doubling the "RST window" is a good idea. With window sizes > increasing as they are, that could become a significant issue as time goes > on. How about one MSS worth of window or something similar? That sounds pretty reasonable. All of the traces I have noticed came with an "early" FIN from the web client, so even 1 byte would have been enough in those cases. One MSS sounds like a good compromise. Tom Pavel Network Physics pavel@networkphysics.com / pavel@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message