Date: Mon, 10 Nov 2003 07:24:26 +0100 From: Joerg Pernfuss <elessar@galgenberg.net> To: freebsd-net@freebsd.org Subject: Re: problems caused by net.inet.tcp.blackhole=2 Message-ID: <20031110072426.0607baf4.elessar@galgenberg.net> In-Reply-To: <200311082325.hA8NPIeF062364@gw.catspoiler.org> References: <3FAD6103.1010407@knology.net> <200311082325.hA8NPIeF062364@gw.catspoiler.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Signature=_Mon__10_Nov_2003_07_24_26_+0100_Ufw_wsPnf4ohFro6 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit On Sat, 8 Nov 2003 15:25:18 -0800 (PST) Don Lewis <truckman@freebsd.org> wrote: > On 8 Nov, Michal wrote: > > Hello, > > maybe someone will be able to help me with the problem. Namely setting > > net.inet.tcp.blackhole=2 make samba to start very slow (90sec). Also > > smbclient is slow. After samba starts there is no delay to connect from > > the another machine with persistant local problems (smbclient). > > Additionally the sysctl setting has veird impact on mozilla: trying to > > write to web forms causes freezing of mozilla. Now setting > > net.inet.tcp.blackhole=0 reverts all the problemsr: samba starts fast > > and no problems with writing to the web forms. > > my system: > > FreeBSD 5.1-CURRENT #0: Thu Oct 30 17:49:13 EST 2003 > > ports updated 11-08-03 > > > > I appreciate any suggestions > > I looked at a similar problem that someone was having a while back. It > appears that the problem is that this sysctl setting is suppressing the > sending of TCP RST packets which are needed to tear down dead > connections, and if one end of the connection thinks the connection is > still established, it is not possible to create a new connection between > the hosts that reuses the same addresses and ports as the old > connection. > > Since the whole point of net.inet.tcp.blackhole=2 is to block the RST > packets that could allow the host to be scanned, I suspect you are > stuck. That's not a bug, that is the only feature :) First of all, check on which ports the connections that time out occur. One possibility would be `tcpdump', the other is to set the sysctl net.inet.tcp.log_in_vain to 1. Then start samba and look in the logs to which closed ports connection attempts were made. Maybe there is a decent solution to provide these packets the answer they desire so hard. Joerg --Signature=_Mon__10_Nov_2003_07_24_26_+0100_Ufw_wsPnf4ohFro6 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/ry8nIrY0CTTJX8ARAtMUAJ94J5C5QO+Ci1+38647/dzHMxZneQCeONwM oaOqrKheBm5rlS/XuDfoAp0= =T1si -----END PGP SIGNATURE----- --Signature=_Mon__10_Nov_2003_07_24_26_+0100_Ufw_wsPnf4ohFro6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031110072426.0607baf4.elessar>