Date: Fri, 20 Apr 2007 13:40:16 +0200 From: Andre Oppermann <andre@freebsd.org> To: Krassimir Slavchev <krassi@bulinfo.net> Cc: Peter Jeremy <peterjeremy@optushome.com.au>, freebsd-current@freebsd.org Subject: Re: network problems? Message-ID: <4628A6A0.40102@freebsd.org> In-Reply-To: <462868FF.2050008@bulinfo.net> References: <46272B99.9090100@bulinfo.net> <20070419223759.GA4051@turion.vk2pj.dyndns.org> <462868FF.2050008@bulinfo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Krassimir Slavchev wrote: > Peter Jeremy wrote: > >> On 2007-Apr-19 11:43:05 +0300, Krassimir Slavchev <krassi@bulinfo.net> >> wrote: >> >> >>> The problem is when I try to access ftp servers, the connection >>> stalls randomly. Also I can't do cvsup and fetch. >>> This happens only with machines running -current and when the traffic >>> is passed through router based on FreeBSD 4.4. One of the test >>> machines is my notebook which have installed 7.0-CURRENT (from today) >>> and 5.4-STABLE and I see this problem only with -current. >>> >> >> >> The default TCP send and receive spaces were increased just after >> RELENG4 was branched. The new receive space requires window scaling >> to be used. I know that some versions of IPfilter have bugs in their >> window scaling code and incorrectly block packets as "out of window". >> >> You could try reducing net.inet.tcp.recvspace or disabling >> net.inet.tcp.rfc1323 and see if that helps. (Though RELENG5 should >> also be affected if this is the problem). >> > > Disabling net.inet.tcp.rfc1323 solves the problem. Decreasing > net.inet.tcp.recvspace (16384 on 4.x) increases stallages. > >> Are you in a position to run tcpdump on your router? If so, can you >> tcpdump both the internal and external interfaces and find packets >> that don't make it thru? >> > > Yes. I can do this when the traffic is minimal. > > It is very strange that both 6.2 and 5.4 have the same settings as 7.0: > > net.inet.tcp.recvspace: 65536 > net.inet.tcp.rfc1323: 1 > > but the problem is with 7.0 only. 7-current uses larger receive windows with a higher scaling factor. If your firewall doesn't correctly track that you get the problem you are describing. In pf based firewalls it is a common thing to misplace the keep-state rule. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4628A6A0.40102>