Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 31 Mar 2012 01:22:27 +1100
From:      Darren Reed <darrenr@freebsd.org>
To:        freebsd-net@freebsd.org
Subject:   FreeBSD TCP ignores zero window size
Message-ID:  <4F75C1A3.4030401@freebsd.org>

next in thread | raw e-mail | index | archive | help
I've been tracking down some problems with FreeBSD's sending
of TCP packets and seem to have come to the conclusion that
in FreeBSD 8.2-RELEASE, when the system is working with a
TCP connection that has a moderate delay in it, FreeBSD's
TCP ignores the other end telling it that the window size
is now 0 and continues to send data. I suspect that this is
meant to make sense because it is expecting that the ACK
that will open up the window is already in transit. But that
only accounts for the condition where the TCP on FreeBSD can
compute and decide that the remote TCP will have its buffer
full. What I find harder to accept is that when FreeBSD's
TCP receives a TCP packet from the remote end advertising
a window of 0, FreeBSD's response is to send more data and
not a window probe or is that now the expected behaviour?
And whilst you might say "ok" for a packet of data, I'm
somewhat hard pressed to explain why FreeBSD's TCP sends
multiple packets with data in them after receiving a TCP
packet from the other end advertising a zero window size.

However this causes a problem with firewalls (;_) that are
close to the FreeBSD end because for them, it appears that
FreeBSD is sending data outside of its window.

Is this a known problem?
If so, has it been fixed in a later version of FreeBSD?
(No, I haven't tested anything other than 8.2)

In the packet flow below, 192.168.1.1 is FreeBSD and 10.1.1.1
is the other end.

Darren

--------------
DATA(1440):seq(5f665916|5f665eb6) ack(9349a95d)+4096=9349b95d
pass ip #48089 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
--------------
DATA(1240):seq(9349b485|9349b95d) ack(5f664296)+66240=5f674556
pass ip #57457 1304(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(1440):seq(5f665eb6|5f666456) ack(9349a95d)+4096=9349b95d
pass ip #48149 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
--------------
DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556
pass ip #57459 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(1440):seq(5f666456|5f6669f6) ack(9349a95d)+4096=9349b95d
UFD2:td_end(5f6669f6) maxend(5f674556)
pass ip #48150 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
--------------
DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556
pass ip #57460 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(1440):seq(5f6669f6|5f666f96) ack(9349a95d)+4096=9349b95d
pass ip #48178 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
--------------
DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556
pass ip #57461 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(1440):seq(5f666f96|5f667536) ack(9349a95d)+4096=9349b95d
pass ip #48181 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
--------------
DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556
pass ip #57462 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(1440):seq(5f667536|5f667ad6) ack(9349a95d)+4096=9349b95d
pass ip #48182 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
--------------
DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556
pass ip #57463 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(1440):seq(5f667ad6|5f668076) ack(9349a95d)+4096=9349b95d
pass ip #48183 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
--------------
DATA(0):seq(5f668076|5f668076) ack(9349a95d)+8192=9349c95d
ack(9349a95d)+win(8192)
pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
--------------
DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556
pass ip #57464 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(1428):seq(9349b95d|9349bef1) ack(5f664296)+66240=5f674556
pass ip #57465 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(1428):seq(9349bef1|9349c485) ack(5f664296)+66240=5f674556
pass ip #57466 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(1440):seq(5f668076|5f668616) ack(9349a95d)+8192=9349c95d
pass ip #48184 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
--------------
DATA(0):seq(5f668bb6|5f668bb6) ack(9349a95d)+12288=9349d95d
ack(9349a95d)+win(12288)
pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
--------------
DATA(1240):seq(9349c485|9349c95d) ack(5f664296)+66240=5f674556
pass ip #57467 1304(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(1428):seq(9349c95d|9349cef1) ack(5f664296)+66240=5f674556
pass ip #57468 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(1428):seq(9349cef1|9349d485) ack(5f664296)+66240=5f674556
pass ip #57469 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(1440):seq(5f668bb6|5f669156) ack(9349a95d)+12288=9349d95d
pass ip #48186 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
--------------
DATA(1240):seq(9349d485|9349d95d) ack(5f664296)+66240=5f674556
pass ip #57470 1312(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(1440):seq(5f664296|5f664836) ack(9349a95d)+12288=9349d95d
pass ip #48193 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
--------------
DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+48960=5f674556
pass ip #57471 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+54088=5f67595e
ack(5f668616)+win(54088)
pass ip #57476 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+60632=5f6772ee
ack(5f668616)+win(60632)
pass ip #57489 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+64728=5f6782ee
ack(5f668616)+win(64728)
pass ip #57491 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(0):seq(5f6696f6|5f6696f6) ack(9349b485)+9408=9349d945
pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
--------------
DATA(0):seq(5f6696f6|5f6696f6) ack(9349bef1)+6752=9349d951
pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
--------------
DATA(0):seq(5f6696f6|5f6696f6) ack(9349c95d)+4096=9349d95d
pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
--------------
DATA(0):seq(5f6696f6|5f6696f6) ack(9349d485)+1216=9349d945
pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
--------------
win==0
DATA(1440):seq(5f668616|5f668bb6) ack(9349d95d)+1=9349d95e
pass ip #48360 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
--------------
DATA(1440):seq(9349d95d|9349defd) ack(5f669156)+63360=5f6788d6
ack(5f669156) seq(9349d95d)
block ip #57494 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(1440):seq(9349defd|9349e49d) ack(5f669156)+63360=5f6788d6
ackskew 1440
ack(5f669156) seq(9349defd)
block ip #57495 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(1440):seq(9349e49d|9349ea3d) ack(5f669156)+63360=5f6788d6
ackskew 1440
ack(5f669156) seq(9349e49d)
block ip #57496 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(1440):seq(9349ea3d|9349efdd) ack(5f669156)+63360=5f6788d6
ackskew 1440
ack(5f669156) seq(9349ea3d)
block ip #57497 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------
DATA(1440):seq(9349efdd|9349f57d) ack(5f669156)+63360=5f6788d6
ackskew 1440
ack(5f669156) seq(9349efdd)
block ip #57498 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
--------------




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F75C1A3.4030401>