FreeBSD Mail Archives

Date:      Sat, 3 Mar 2007 10:42:40 +1100
From:      Peter Jeremy <peterjeremy@optushome.com.au>
To:        freebsd-net@freebsd.org
Subject:   TCP source port reuse problems
Message-ID:  <20070302234240.GA9421@turion.vk2pj.dyndns.org>

next in thread | raw e-mail | index | archive | help


--uAKRQypu60I7Lcqm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

After upgrading my firewall to FreeBSD 6.2-RELEASE (with IPfilter), I
noticed that TCP connections between my firewall and internal hosts
(all FreeBSD and mostly 6.2) were randomly dropping out.  I've found a
variety of anomolies in both FreeBSD and IPfilter and will post about
them separately.

In the following, the internal host is 192.168.234.64 and it is
running 6.2-STABLE/amd64 from late January.

First problem:  FreeBSD appears to be re-using source ports too
rapidly.  My understanding is that a TCP socket ({src IP, src port,
dst IP, dst port} tuple) should not be re-used for 120 seconds after
teardown.  Sample tcpdumps and IPfilter whinges below show reuse
after 66 and 83 seconds.

Disabling net.inet.ip.portrange.randomized appears to work around this
but is undesirable for other reasons.

08:00:31.668618 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1301449385:13=
01449385(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 58112158 0,s=
ackOK,eol>
08:00:31.669181 IP 192.168.234.1.22 > 192.168.234.64.63872: S 2272001345:22=
72001345(0) ack 1301449386 win 65535 <mss 1460,nop,wscale 1,nop,nop,timesta=
mp 2020160 58112158,sackOK,eol>
08:00:31.672974 IP 192.168.234.64.63872 > 192.168.234.1.22: . ack 227200134=
6 win 33304 <nop,nop,timestamp 58112159 2020160>
=2E..
08:00:32.786175 IP 192.168.234.1.22 > 192.168.234.64.63872: P 2272031433:22=
72031561(128) ack 1301451929 win 33304 <nop,nop,timestamp 2021277 58113268>
08:00:32.786631 IP 192.168.234.64.63872 > 192.168.234.1.22: P 1301451929:13=
01451961(32) ack 2272031561 win 33304 <nop,nop,timestamp 58113276 2021277>
08:00:32.786690 IP 192.168.234.64.63872 > 192.168.234.1.22: F 1301451961:13=
01451961(0) ack 2272031561 win 33304 <nop,nop,timestamp 58113276 2021277>
08:00:32.787159 IP 192.168.234.1.22 > 192.168.234.64.63872: . ack 130145196=
2 win 33288 <nop,nop,timestamp 2021279 58113276>
08:00:32.796379 IP 192.168.234.1.22 > 192.168.234.64.63872: F 2272031561:22=
72031561(0) ack 1301451962 win 33288 <nop,nop,timestamp 2021288 58113276>
08:00:32.796621 IP 192.168.234.64.63872 > 192.168.234.1.22: . ack 227203156=
2 win 33303 <nop,nop,timestamp 58113286 2021288>

08:01:38.540025 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13=
71565575(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 58179027 0,s=
ackOK,eol>
08:01:41.536233 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13=
71565575(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 58182027 0,s=
ackOK,eol>
08:01:44.736148 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13=
71565575(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 58185227 0,s=
ackOK,eol>
08:01:47.936094 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13=
71565575(0) win 65535 <mss 1460,sackOK,eol>
08:01:51.136055 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13=
71565575(0) win 65535 <mss 1460,sackOK,eol>
08:01:54.336026 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13=
71565575(0) win 65535 <mss 1460,sackOK,eol>
08:02:00.535977 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13=
71565575(0) win 65535 <mss 1460,sackOK,eol>
08:02:12.735809 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13=
71565575(0) win 65535 <mss 1460,sackOK,eol>
08:02:36.935520 IP 192.168.234.64.63872 > 192.168.234.1.22: S 1371565575:13=
71565575(0) win 65535 <mss 1460,sackOK,eol>
Mar  3 08:01:39 fwall ipmon[575]: 08:01:38.540233 fxp1 @10:4 b 192.168.234.=
64,63872 -> 192.168.234.1,22 PR tcp len 20 64 -S IN OOW
Mar  3 08:01:42 fwall ipmon[575]: 08:01:41.536388 fxp1 @10:4 b 192.168.234.=
64,63872 -> 192.168.234.1,22 PR tcp len 20 64 -S IN OOW
Mar  3 08:01:45 fwall ipmon[575]: 08:01:44.736309 fxp1 @10:4 b 192.168.234.=
64,63872 -> 192.168.234.1,22 PR tcp len 20 64 -S IN OOW
Mar  3 08:01:48 fwall ipmon[575]: 08:01:47.936239 fxp1 @10:4 b 192.168.234.=
64,63872 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW
Mar  3 08:01:51 fwall ipmon[575]: 08:01:51.136205 fxp1 @10:4 b 192.168.234.=
64,63872 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW
Mar  3 08:01:54 fwall ipmon[575]: 08:01:54.336173 fxp1 @10:4 b 192.168.234.=
64,63872 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW
Mar  3 08:02:01 fwall ipmon[575]: 08:02:00.536124 fxp1 @10:4 b 192.168.234.=
64,63872 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW
Mar  3 08:02:13 fwall ipmon[575]: 08:02:12.735960 fxp1 @10:4 b 192.168.234.=
64,63872 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW
Mar  3 08:02:37 fwall ipmon[575]: 08:02:36.935674 fxp1 @10:4 b 192.168.234.=
64,63872 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW

08:03:06.348372 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3089625906:30=
89625906(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 58266837 0,s=
ackOK,eol>
08:03:06.348987 IP 192.168.234.1.22 > 192.168.234.64.60014: S 1659245487:16=
59245487(0) ack 3089625907 win 65535 <mss 1460,nop,wscale 1,nop,nop,timesta=
mp 2174888 58266837,sackOK,eol>
08:03:06.349213 IP 192.168.234.64.60014 > 192.168.234.1.22: . ack 165924548=
8 win 33304 <nop,nop,timestamp 58266841 2174888>
=2E..
08:03:07.472719 IP 192.168.234.1.22 > 192.168.234.64.60014: P 1659276391:16=
59276519(128) ack 3089628450 win 33304 <nop,nop,timestamp 2176012 58267955>
08:03:07.473177 IP 192.168.234.64.60014 > 192.168.234.1.22: P 3089628450:30=
89628482(32) ack 1659276519 win 33304 <nop,nop,timestamp 58267965 2176012>
08:03:07.473234 IP 192.168.234.64.60014 > 192.168.234.1.22: F 3089628482:30=
89628482(0) ack 1659276519 win 33304 <nop,nop,timestamp 58267965 2176012>
08:03:07.473722 IP 192.168.234.1.22 > 192.168.234.64.60014: . ack 308962848=
3 win 33288 <nop,nop,timestamp 2176013 58267965>
08:03:07.482770 IP 192.168.234.1.22 > 192.168.234.64.60014: F 1659276519:16=
59276519(0) ack 3089628483 win 33288 <nop,nop,timestamp 2176022 58267965>
08:03:07.483011 IP 192.168.234.64.60014 > 192.168.234.1.22: . ack 165927652=
0 win 33303 <nop,nop,timestamp 58267974 2176022>

08:04:30.990192 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31=
78380813(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 58351482 0,s=
ackOK,eol>
08:04:33.989120 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31=
78380813(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 58354482 0,s=
ackOK,eol>
08:04:37.189082 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31=
78380813(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 58357682 0,s=
ackOK,eol>
08:04:40.389049 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31=
78380813(0) win 65535 <mss 1460,sackOK,eol>
08:04:43.589015 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31=
78380813(0) win 65535 <mss 1460,sackOK,eol>
08:04:46.788957 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31=
78380813(0) win 65535 <mss 1460,sackOK,eol>
08:04:52.988886 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31=
78380813(0) win 65535 <mss 1460,sackOK,eol>
08:05:05.188740 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31=
78380813(0) win 65535 <mss 1460,sackOK,eol>
08:05:29.388457 IP 192.168.234.64.60014 > 192.168.234.1.22: S 3178380813:31=
78380813(0) win 65535 <mss 1460,sackOK,eol>
Mar  3 08:04:31 fwall ipmon[575]: 08:04:30.990391 fxp1 @10:4 b 192.168.234.=
64,60014 -> 192.168.234.1,22 PR tcp len 20 64 -S IN OOW
Mar  3 08:04:34 fwall ipmon[575]: 08:04:33.989273 fxp1 @10:4 b 192.168.234.=
64,60014 -> 192.168.234.1,22 PR tcp len 20 64 -S IN OOW
Mar  3 08:04:37 fwall ipmon[575]: 08:04:37.189232 fxp1 @10:4 b 192.168.234.=
64,60014 -> 192.168.234.1,22 PR tcp len 20 64 -S IN OOW
Mar  3 08:04:40 fwall ipmon[575]: 08:04:40.389201 fxp1 @10:4 b 192.168.234.=
64,60014 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW
Mar  3 08:04:44 fwall ipmon[575]: 08:04:43.589164 fxp1 @10:4 b 192.168.234.=
64,60014 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW
Mar  3 08:04:47 fwall ipmon[575]: 08:04:46.789101 fxp1 @10:4 b 192.168.234.=
64,60014 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW
Mar  3 08:04:53 fwall ipmon[575]: 08:04:52.989035 fxp1 @10:4 b 192.168.234.=
64,60014 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW
Mar  3 08:05:05 fwall ipmon[575]: 08:05:05.188887 fxp1 @10:4 b 192.168.234.=
64,60014 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW
Mar  3 08:05:29 fwall ipmon[575]: 08:05:29.388632 fxp1 @10:4 b 192.168.234.=
64,60014 -> 192.168.234.1,22 PR tcp len 20 48 -S IN OOW

--=20
Peter Jeremy

--uAKRQypu60I7Lcqm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)

iD8DBQFF6LZw/opHv/APuIcRAqiNAJ4ytizhvInH0Def0kjl6d6Tdc6sxQCaA8VP
8Ny/6E1GpCakBYE4O+3L0Nc=
=idLX
-----END PGP SIGNATURE-----

--uAKRQypu60I7Lcqm--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070302234240.GA9421>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation