From owner-freebsd-net  Wed Dec  4  7: 4:45 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CF10337B401
	for <freebsd-net@freebsd.org>; Wed,  4 Dec 2002 07:04:42 -0800 (PST)
Received: from moebius2.Space.Net (moebius2.Space.Net [195.30.1.100])
	by mx1.FreeBSD.org (Postfix) with SMTP id 8BCA543EC2
	for <freebsd-net@freebsd.org>; Wed,  4 Dec 2002 07:04:41 -0800 (PST)
	(envelope-from maex@Space.Net)
Received: (qmail 88060 invoked by uid 1013); 4 Dec 2002 15:04:39 -0000
Date: Wed, 4 Dec 2002 16:04:39 +0100
From: Markus Stumpf <maex-lists-freebsd-net@Space.Net>
To: freebsd-net@freebsd.org
Subject: FreeBSD <-> PIX IP comm problem - no ACK received
Message-ID: <20021204160439.A66263@Space.Net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Organization: SpaceNet AG, Muenchen, Germany
X-PGP-Fingerprint: 66 F3 75 79 01 D0 B8 5F  1A C7 77 88 4A B6 70 DF
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

I have searched with google and on freebsd.org but my problem is I don't
know what exactly to search for :(
The machine is a
    FreeBSD 4.4-RELEASE #0: Fri Oct 26 23:34:42 CEST 2001
    CPU: Pentium III/Pentium III Xeon/Celeron (995.68-MHz 686-class CPU)
      Origin = "GenuineIntel"  Id = 0x686  Stepping = 6
      Features=0x383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
the nic is a
   fxp0: <Intel Pro 10/100B/100+ Ethernet> port 0x2800-0x283f mem 0xf4000000-0xf40fffff,0xf4102000-0xf4102fff irq 5 at device 14.0 on pci0
   fxp0: Ethernet address 00:03:47:11:2b:ea


Problem:
I have an email message that is 3374 Bytes. It should be sent via SMTP
to another server that is behind a PIX Firewall.
The communiction gets tricky at the end of the message, because instead of
    CR LF "." CR LF
packet N contains
    data CR LF "." CR
and the following packet would only contain
    LF
so far so good, but the problem is
a) the PIX does never ACK packet N
b) packet N+1 never gets out despite the fact that it could be sent
   according to the window size.

I have also tried
    sysctl -w net.inet.tcp.newreno=0
without any changes as to the behaviour.

While I think this surely is a bug in the PIX state machine / TPCI/IP
stack I wonder why the FreeBSD doesn't send out the N+1 packet? The window
size would be big enough AFAIK.

Here's a tcpdump of such a session. The FreeBSD "hangs" sending 2107:3475
on and on because it gets no ACK und doesn't send the final packet.

14:00:36.904944 vmail.space.net.2924 > 10.0.0.1.smtp: S 424064848:424064848(0) win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 1812497729 0> (DF)
14:00:36.915759 10.0.0.1.smtp > vmail.space.net.2924: S 1023758129:1023758129(0) ack 424064849 win 64240 <mss 1380,nop,wscale 0,nop,nop,timestamp 0 0> (DF)
14:00:36.915790 vmail.space.net.2924 > 10.0.0.1.smtp: . ack 1 win 16416 <nop,nop,timestamp 1812497730 0> (DF)
14:00:36.952765 10.0.0.1.smtp > vmail.space.net.2924: P 1:115(114) ack 1 win 64240 <nop,nop,timestamp 3463009 1812497730> (DF)
14:00:36.952895 vmail.space.net.2924 > 10.0.0.1.smtp: P 1:23(22) ack 115 win 16416 <nop,nop,timestamp 1812497733 3463009> (DF)
14:00:36.964287 10.0.0.1.smtp > vmail.space.net.2924: P 115:159(44) ack 23 win 64218 <nop,nop,timestamp 3463009 1812497733> (DF)
14:00:36.964334 vmail.space.net.2924 > 10.0.0.1.smtp: P 23:45(22) ack 159 win 16416 <nop,nop,timestamp 1812497734 3463009> (DF)
14:00:36.981656 10.0.0.1.smtp > vmail.space.net.2924: P 159:209(50) ack 45 win 64196 <nop,nop,timestamp 3463009 1812497734> (DF)
14:00:36.981781 vmail.space.net.2924 > 10.0.0.1.smtp: P 45:82(37) ack 209 win 16416 <nop,nop,timestamp 1812497736 3463009> (DF)
14:00:36.993773 10.0.0.1.smtp > vmail.space.net.2924: P 209:251(42) ack 82 win 64159 <nop,nop,timestamp 3463010 1812497736> (DF)
14:00:36.993825 vmail.space.net.2924 > 10.0.0.1.smtp: P 82:123(41) ack 251 win 16416 <nop,nop,timestamp 1812497737 3463010> (DF)
14:00:37.009846 10.0.0.1.smtp > vmail.space.net.2924: P 251:300(49) ack 123 win 64118 <nop,nop,timestamp 3463010 1812497737> (DF)
14:00:37.009966 vmail.space.net.2924 > 10.0.0.1.smtp: P 123:129(6) ack 300 win 16416 <nop,nop,timestamp 1812497739 3463010> (DF)
14:00:37.023160 10.0.0.1.smtp > vmail.space.net.2924: P 300:362(62) ack 129 win 64112 <nop,nop,timestamp 3463010 1812497739> (DF)
14:00:37.023273 vmail.space.net.2924 > 10.0.0.1.smtp: . 129:1497(1368) ack 362 win 16416 <nop,nop,timestamp 1812497740 3463010> (DF)
14:00:37.023284 vmail.space.net.2924 > 10.0.0.1.smtp: P 1497:2107(610) ack 362 win 16416 <nop,nop,timestamp 1812497740 3463010> (DF)
14:00:37.023338 vmail.space.net.2924 > 10.0.0.1.smtp: . 2107:3475(1368) ack 362 win 16416 <nop,nop,timestamp 1812497740 3463010> (DF)
14:00:37.046653 10.0.0.1.smtp > vmail.space.net.2924: . ack 2107 win 64240 <nop,nop,timestamp 3463010 1812497740> (DF)
14:01:41.038062 vmail.space.net.2924 > 10.0.0.1.smtp: . 2107:3475(1368) ack 362 win 16416 <nop,nop,timestamp 1812504143 3463010> (DF)
14:02:45.031617 vmail.space.net.2924 > 10.0.0.1.smtp: . 2107:3475(1368) ack 362 win 16416 <nop,nop,timestamp 1812510543 3463010> (DF)

Any ideas what goes wrong? Is there also a problem in the FreeBSD TCP/IP
stack? Is it fixed in a later release or is there a chance to get it working
with 4.4 ?

Thanks in advance

	\Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message