Date: Wed, 4 Dec 2002 16:04:39 +0100 From: Markus Stumpf <maex-lists-freebsd-net@Space.Net> To: freebsd-net@freebsd.org Subject: FreeBSD <-> PIX IP comm problem - no ACK received Message-ID: <20021204160439.A66263@Space.Net>
next in thread | raw e-mail | index | archive | help
I have searched with google and on freebsd.org but my problem is I don't
know what exactly to search for :(
The machine is a
FreeBSD 4.4-RELEASE #0: Fri Oct 26 23:34:42 CEST 2001
CPU: Pentium III/Pentium III Xeon/Celeron (995.68-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x686 Stepping = 6
Features=0x383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
the nic is a
fxp0: <Intel Pro 10/100B/100+ Ethernet> port 0x2800-0x283f mem 0xf4000000-0xf40fffff,0xf4102000-0xf4102fff irq 5 at device 14.0 on pci0
fxp0: Ethernet address 00:03:47:11:2b:ea
Problem:
I have an email message that is 3374 Bytes. It should be sent via SMTP
to another server that is behind a PIX Firewall.
The communiction gets tricky at the end of the message, because instead of
CR LF "." CR LF
packet N contains
data CR LF "." CR
and the following packet would only contain
LF
so far so good, but the problem is
a) the PIX does never ACK packet N
b) packet N+1 never gets out despite the fact that it could be sent
according to the window size.
I have also tried
sysctl -w net.inet.tcp.newreno=0
without any changes as to the behaviour.
While I think this surely is a bug in the PIX state machine / TPCI/IP
stack I wonder why the FreeBSD doesn't send out the N+1 packet? The window
size would be big enough AFAIK.
Here's a tcpdump of such a session. The FreeBSD "hangs" sending 2107:3475
on and on because it gets no ACK und doesn't send the final packet.
14:00:36.904944 vmail.space.net.2924 > 10.0.0.1.smtp: S 424064848:424064848(0) win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 1812497729 0> (DF)
14:00:36.915759 10.0.0.1.smtp > vmail.space.net.2924: S 1023758129:1023758129(0) ack 424064849 win 64240 <mss 1380,nop,wscale 0,nop,nop,timestamp 0 0> (DF)
14:00:36.915790 vmail.space.net.2924 > 10.0.0.1.smtp: . ack 1 win 16416 <nop,nop,timestamp 1812497730 0> (DF)
14:00:36.952765 10.0.0.1.smtp > vmail.space.net.2924: P 1:115(114) ack 1 win 64240 <nop,nop,timestamp 3463009 1812497730> (DF)
14:00:36.952895 vmail.space.net.2924 > 10.0.0.1.smtp: P 1:23(22) ack 115 win 16416 <nop,nop,timestamp 1812497733 3463009> (DF)
14:00:36.964287 10.0.0.1.smtp > vmail.space.net.2924: P 115:159(44) ack 23 win 64218 <nop,nop,timestamp 3463009 1812497733> (DF)
14:00:36.964334 vmail.space.net.2924 > 10.0.0.1.smtp: P 23:45(22) ack 159 win 16416 <nop,nop,timestamp 1812497734 3463009> (DF)
14:00:36.981656 10.0.0.1.smtp > vmail.space.net.2924: P 159:209(50) ack 45 win 64196 <nop,nop,timestamp 3463009 1812497734> (DF)
14:00:36.981781 vmail.space.net.2924 > 10.0.0.1.smtp: P 45:82(37) ack 209 win 16416 <nop,nop,timestamp 1812497736 3463009> (DF)
14:00:36.993773 10.0.0.1.smtp > vmail.space.net.2924: P 209:251(42) ack 82 win 64159 <nop,nop,timestamp 3463010 1812497736> (DF)
14:00:36.993825 vmail.space.net.2924 > 10.0.0.1.smtp: P 82:123(41) ack 251 win 16416 <nop,nop,timestamp 1812497737 3463010> (DF)
14:00:37.009846 10.0.0.1.smtp > vmail.space.net.2924: P 251:300(49) ack 123 win 64118 <nop,nop,timestamp 3463010 1812497737> (DF)
14:00:37.009966 vmail.space.net.2924 > 10.0.0.1.smtp: P 123:129(6) ack 300 win 16416 <nop,nop,timestamp 1812497739 3463010> (DF)
14:00:37.023160 10.0.0.1.smtp > vmail.space.net.2924: P 300:362(62) ack 129 win 64112 <nop,nop,timestamp 3463010 1812497739> (DF)
14:00:37.023273 vmail.space.net.2924 > 10.0.0.1.smtp: . 129:1497(1368) ack 362 win 16416 <nop,nop,timestamp 1812497740 3463010> (DF)
14:00:37.023284 vmail.space.net.2924 > 10.0.0.1.smtp: P 1497:2107(610) ack 362 win 16416 <nop,nop,timestamp 1812497740 3463010> (DF)
14:00:37.023338 vmail.space.net.2924 > 10.0.0.1.smtp: . 2107:3475(1368) ack 362 win 16416 <nop,nop,timestamp 1812497740 3463010> (DF)
14:00:37.046653 10.0.0.1.smtp > vmail.space.net.2924: . ack 2107 win 64240 <nop,nop,timestamp 3463010 1812497740> (DF)
14:01:41.038062 vmail.space.net.2924 > 10.0.0.1.smtp: . 2107:3475(1368) ack 362 win 16416 <nop,nop,timestamp 1812504143 3463010> (DF)
14:02:45.031617 vmail.space.net.2924 > 10.0.0.1.smtp: . 2107:3475(1368) ack 362 win 16416 <nop,nop,timestamp 1812510543 3463010> (DF)
Any ideas what goes wrong? Is there also a problem in the FreeBSD TCP/IP
stack? Is it fixed in a later release or is there a chance to get it working
with 4.4 ?
Thanks in advance
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021204160439.A66263>