Date: Wed, 17 Sep 1997 08:22:05 PDT From: Bill Fenner <fenner@parc.xerox.com> To: freebsd-hackers@freebsd.org (FreeBSD hackers) Cc: fenner@parc.xerox.com (Bill Fenner) Subject: Re: Any TCP expert around? Message-ID: <97Sep17.082214pdt.177486@crevenia.parc.xerox.com> In-Reply-To: Your message of "Tue, 16 Sep 97 09:15:10 PDT." <19970916181510.OK51303@ida.interface-business.de>
next in thread | previous in thread | raw e-mail | index | archive | help
For the interested -hackers viewers, we tracked this down to an extremely bogus TCP implementation on the Firewall/1 which reflects the TCP options on the SYN on its SYN/ACK, combined with a naive T/TCP implementation on FreeBSD that never thought that someone might send a CC or CCNEW option on a SYN/ACK without sending a CCECHO. The upshot is that the use of T/TCP (not to mention window scaling and timestamps) was negotiated on the connection, and all further packets from the Firewall/1 were dropped because they did not belong to this T/TCP session. The solution is just a couple of lines to double-check that CCECHO is present on the SYN/ACK. I'll be committing the fix in a little bit (I want to add more tcpstat counters too, since there are no counters for these drops so it's much harder to figure out what's going on). Bill (The Firewall/1 also sends a *second* SYN, with a smaller MSS, window, and different sequence numbers, but it is dropped because of the out-of-range sequence number and the connection continues as though nothing happened.)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?97Sep17.082214pdt.177486>