From owner-freebsd-net  Thu Jul 11 13:35:55 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 465C637B400
	for <net@freebsd.org>; Thu, 11 Jul 2002 13:35:53 -0700 (PDT)
Received: from patrocles.silby.com (d185.as6.nwbl0.wi.voyager.net [169.207.130.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9027643E52
	for <net@freebsd.org>; Thu, 11 Jul 2002 13:35:51 -0700 (PDT)
	(envelope-from silby@silby.com)
Received: from patrocles.silby.com (localhost [127.0.0.1])
	by patrocles.silby.com (8.12.4/8.12.4) with ESMTP id g6BKdZcv033122;
	Thu, 11 Jul 2002 15:39:35 -0500 (CDT)
	(envelope-from silby@silby.com)
Received: from localhost (silby@localhost)
	by patrocles.silby.com (8.12.4/8.12.4/Submit) with ESMTP id g6BKdW3r033119;
	Thu, 11 Jul 2002 15:39:33 -0500 (CDT)
X-Authentication-Warning: patrocles.silby.com: silby owned process doing -bs
Date: Thu, 11 Jul 2002 15:39:32 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: Alex Dyas <alexdyas@hotmail.com>
Cc: net@freebsd.org
Subject: Re: BSD / Firewall / 0 window size problem
In-Reply-To: <F255DapE6dEeQkhtzmC0000d00a@hotmail.com>
Message-ID: <20020711153621.O33106-100000@patrocles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org


On Thu, 11 Jul 2002, Alex Dyas wrote:

> The only clue I've managed to find as to what is going on is in a tcpdump of
> the session (attached).  The trigger for the lock up seems to be a messages
> from the Otherbox machine setting the window size to 0 :
>
> 10:41:38.614141 otherbox.foo.com.telnet > bsdbox.foo.com.2230: . ack 154 win
> 0
> 10:41:38.614200 bsdbox.foo.com.2230 > otherbox.foo.com.telnet: . ack 337 win
> 33304 <nop,nop,timestamp 9026230 147804149> (DF) [tos 0x10]
>
> I've tried all the following scenarios, none of which exhibit the same
> problem, which is why I think the problem is with FreeBSD :
>
> bsdbox.foo.com -> otherbox.foo.com
> solarisbox.foo.com -> internal GNAT firewall -> otherbox.foo.com
> windowsbox.foo.com -> internal GNAT firewall -> otherbox.foo.com
> linuxbox.foo.com -> internal GNAT firewall -> otherbox.foo.com

Could you post a tcpdump of one of the successful connections so that we
can see how 0 windows are handled there?

Also, have you tcpdump'd at both ends to ensure that we're not actually
seeing odd sideeffects of packet loss or something?  (Some reported
problems in the past have been due to misbehaving duplex autodetect and
bad cables.)

Offhand, I can't see what the FreeBSD box is doing wrong, but I'd like
something else to compare to.

Thanks,

Mike "Silby" Silbersack


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message