From owner-freebsd-net@freebsd.org Thu Apr 7 23:11:27 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8811CB079EA for ; Thu, 7 Apr 2016 23:11:27 +0000 (UTC) (envelope-from joe@truespeed.com) Received: from mail.karthauser.co.uk (babel.karthauser.co.uk [212.13.197.151]) by mx1.freebsd.org (Postfix) with ESMTP id 444B0127F for ; Thu, 7 Apr 2016 23:11:26 +0000 (UTC) (envelope-from joe@truespeed.com) Received: from dspam (babel.karthauser.co.uk [212.13.197.151]) by mail.karthauser.co.uk (Postfix) with SMTP id 0D8738FF for ; Thu, 7 Apr 2016 23:11:23 +0000 (UTC) Received: from unnamed-72.karthauser.co.uk (unnamed-72.karthauser.co.uk [90.155.77.72]) (Authenticated sender: joemail@tao.org.uk) by mail.karthauser.co.uk (Postfix) with ESMTPSA id 533328FB; Thu, 7 Apr 2016 23:11:04 +0000 (UTC) Subject: Re: IPFW with NAT : Problems with duplicate packets on FreeBSD 10.3-RC3 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) From: Dr Josef Karthauser In-Reply-To: Date: Fri, 8 Apr 2016 00:11:03 +0100 Cc: freebsd-net@freebsd.org Message-Id: <72D86268-D082-4BB2-A951-69B62C3C4A9B@truespeed.com> References: To: FreeBSD Stable X-Mailer: Apple Mail (2.2104) X-DSPAM-Result: Innocent X-DSPAM-Processed: Thu Apr 7 23:11:23 2016 X-DSPAM-Confidence: 1.0000 X-DSPAM-Probability: 0.0023 X-DSPAM-Signature: 5706e91b31274001741303 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.21 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2016 23:11:27 -0000 > On 7 Apr 2016, at 17:08, Dr Josef Karthauser = wrote: >=20 > Looks like the first packet is being retransmitted, which means that = the nat is probably misconfigured and the TCP connection is broken in = some strange way. >=20 > Does anyone have a clue as to where to look? The ipfw rules are simple = enough - what have I missed? Ok, the packet definitely isn=E2=80=99t being retransmitted. I=E2=80=99ve = done a tcpdump/pcap capture and taken a look and I get a packet that = I=E2=80=99ve included below. It=E2=80=99s got a 'HTTP/1.1 200 OK=E2=80=99 inserted mid-flow right in = the middle of an HTTP response. Looking at this I=E2=80=99d be inclined = to think it=E2=80=99s a bug in the webserver/tomcat, however, what=E2=80=99= s strange is that if I =E2=80=98curl' the jailed web server directly = from the host machine on the private IP address (bypassing the NAT), the = HTTP response received is perfectly fine. It=E2=80=99s only when I do = an HTTP request to the public IP address and go through the NAT that I = experience the problem. How could this happen? Is it a buggy packet reassembly in the kernel = perhaps? Joe p.s here=E2=80=99s the strange packet with an HTTP response injected in = the middle of a HTML stream: 23:01:07.204016 IP (tos 0x0, ttl 64, id 4190, offset 0, flags [DF], = proto TCP (6), length 1500) 31.210.26.216.8080 > infiniverse.karthauser.co.uk.62475: Flags [.], = cksum 0xda1c (incorrect -> 0x7ff7), seq 8689:10137, ack 86, win 1040, = options [nop,nop,TS val 124159447 ecr 1737359970], length 1448 .........g.)............. .f..g..b

Other Documentation