Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Mar 2007 12:16:50 -0700
From:      Chuck Swiger <cswiger@mac.com>
To:        Torbjorn Granlund <tg@swox.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: TCP conection problems IBM VM -> FreeBSD
Message-ID:  <4A2495E9-3060-4D05-A7B4-7CCC019AFEB8@mac.com>
In-Reply-To: <86odmlhzn8.fsf@king.swox.se>
References:  <868xdqnnzd.fsf@king.swox.se> <E2D691F7-FF70-4D6E-95D7-357B5815C419@mac.com> <86odmlhzn8.fsf@king.swox.se>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 22, 2007, at 12:00 PM, Torbjorn Granlund wrote:
>>   The second line should have been smtp.swox.se.smtp SYN+ACK'ing the
>>   ISN of 27523124.  vm is sending a RST to that because the sequence
>>   #'s don't match.  It's also odd that the set of options being  
>> listed
>>   don't correspond at all...if you run the tcpdump for several  
>> minutes,
>>   can you track down other SYN requests which do correspond?
>
> These are the ones the correspond.  They come in bursts like that.  If
> I let it run a little longer, I get output like this:
>
> 19:45:56.939958 IP vm.se.lsoft.com.58679 > bang.swox.se.smtp: S  
> 678305700:678305700(0) win 8192 <mss 1420,wscale  
> 0,nop,nop,nop,timestamp 2317060084 0>
> 19:45:56.940154 IP bang.swox.se.smtp > vm.se.lsoft.com.58679: S  
> 3183232720:3183232720(0) ack 678305701 win 57344 <mss  
> 1460,nop,wscale 0,nop,nop,timestamp 24588210 2317060084>

Notice the ACK from vm.se.lsoft.com is off by one, but the timestamp  
option corresponds.  Looks to be a bug with the vm machine, the bang  
machine is behaving properly per the TCP requirements.

Hmm, I wonder if something in between is fragmenting the initial  
traffic and causing vm to get confused?  Try setting the interface  
MTUs down to 1024 or 512 and see whether that makes any difference...

>>   Sometimes this kind of re-writing can happen if natd or PF is
>>   attempting to translate the packets, perhaps when they shouldn't if
>>   both sides of your router box are using routable IPs....
>
> I don't run natd at all, and to get the output above from tcpdump I
> had disabled pf with pfctl -d.  With pf running, it silently drops the
> 2nd packet.  Could that too be related to ISN's?

Yes, pf tracks connection state and will drop subsequent traffic  
which does match an legit connection or a new (permitted) connection  
open attempt.

> The outside of the fbsd 6.2 router has two addresses, one routable and
> one not routable.  This is due to the default setup my ISP is
> providing: Their is a little net 192.168.0.0/30 between their router
> and my fbsd 6.2 router.

OK.  That shouldn't matter then, if you're just doing straight  
routing via this /30, rather than re-writing the packets.

-- 
-Chuck




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A2495E9-3060-4D05-A7B4-7CCC019AFEB8>