From owner-freebsd-stable@FreeBSD.ORG Fri Jul 28 01:58:03 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 35CAF16A4DD for ; Fri, 28 Jul 2006 01:58:03 +0000 (UTC) (envelope-from drosih@rpi.edu) Received: from smtp7.server.rpi.edu (smtp7.server.rpi.edu [128.113.2.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id A154B43D46 for ; Fri, 28 Jul 2006 01:58:02 +0000 (GMT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by smtp7.server.rpi.edu (8.13.1/8.13.1) with ESMTP id k6S1vwUj004736 for ; Thu, 27 Jul 2006 21:58:00 -0400 Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Thu, 27 Jul 2006 21:57:58 -0400 To: freebsd-stable@freebsd.org From: Garance A Drosihn Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-CanItPRO-Stream: default X-RPI-SA-Score: undef - spam-scanning disabled X-Scanned-By: CanIt (www . canit . ca) Subject: Re: Weird problems with 'pf' (on both 5.x and 6.x) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jul 2006 01:58:03 -0000 At 9:18 PM -0400 7/27/06, Garance A Drosihn wrote: >At 9:07 PM -0400 7/27/06, Garance A Drosihn wrote: >> >>But if I restart pf after adding these lines to pf.conf: >> >> # Allow all outgoing tcp and udp connections and keep state >> pass out quick proto { tcp, udp } all keep state >> >>then I have the problem where the second 'lpq' from a remote >>host will hang, if it is done right after the first one. > >The client-machine which is doing the lpq is a solaris >machine, so here is the 'snoop' output from that side >of things. It occurred to me that it might be more informative to see the transaction from the *freebsd* side of things, since that's the machine running pf! So, here is a similar set of two lpq's, as seen from the print-server side of the connection. It seems to be telling the same basic story, as far as I can tell. (316) santropez/root # tcpdump -vvvvX -r /tmp/gadchecks/all-060727.212311 host lpq-client reading from file /tmp/gadchecks/all-060727.212311, link-type EN10MB (Ethernet) 21:23:32.175093 IP (tos 0x0, ttl 63, id 53775, offset 0, flags [DF], proto: TCP (6), length: 48) lpq-client.1023 > print-serv.printer: S, cksum 0x6b2c (correct), 2119630748:2119630748(0) win 24820 0x0000: 4500 0030 d20f 4000 3f06 36af 8071 1985 E..0..@.?.6..q.. 0x0010: 8071 18a2 03ff 0203 7e56 ff9c 0000 0000 .q......~V...... 0x0020: 7002 60f4 6b2c 0000 0101 0402 0204 05b4 p.`.k,.......... 21:23:32.175205 IP (tos 0x0, ttl 64, id 4488, offset 0, flags [DF], proto: TCP (6), length: 48) print-serv.printer > lpq-client.1023: S, cksum 0x0bfa (correct), 2140553600:2140553600(0) ack 2119630749 win 65535 0x0000: 4500 0030 1188 4000 4006 f636 8071 18a2 E..0..@.@..6.q.. 0x0010: 8071 1985 0203 03ff 7f96 4180 7e56 ff9d .q........A.~V.. 0x0020: 7012 ffff 0bfa 0000 0204 05b4 0402 0000 p............... 21:23:32.175787 IP (tos 0x0, ttl 63, id 53776, offset 0, flags [DF], proto: TCP (6), length: 40) lpq-client.1023 > print-serv.printer: ., cksum 0xd6c8 (correct), 1:1(0) ack 1 win 24820 0x0000: 4500 0028 d210 4000 3f06 36b6 8071 1985 E..(..@.?.6..q.. 0x0010: 8071 18a2 03ff 0203 7e56 ff9d 7f96 4181 .q......~V....A. 0x0020: 5010 60f4 d6c8 0000 5555 5555 5555 P.`.....UUUUUU 21:23:32.175935 IP (tos 0x0, ttl 63, id 53777, offset 0, flags [DF], proto: TCP (6), length: 49) lpq-client.1023 > print-serv.printer: P, cksum 0xc80d (correct), 1:10(9) ack 1 win 24820 0x0000: 4500 0031 d211 4000 3f06 36ac 8071 1985 E..1..@.?.6..q.. 0x0010: 8071 18a2 03ff 0203 7e56 ff9d 7f96 4181 .q......~V....A. 0x0020: 5018 60f4 c80d 0000 0370 6269 6c6c 3264 P.`......bill 0x0030: 0a . 21:23:32.204946 IP (tos 0x0, ttl 64, id 4526, offset 0, flags [DF], proto: TCP (6), length: 118) print-serv.printer > lpq-client.1023: P, cksum 0x5bcb (correct), 1:79(78) ack 10 win 65535 0x0000: 4500 0076 11ae 4000 4006 f5ca 8071 18a2 E..v..@.@....q.. 0x0010: 8071 1985 0203 03ff 7f96 4181 7e56 ffa6 .q........A.~V.. 0x0020: 5018 ffff 5bcb 0000 5761 726e 696e 673a P...[...Warning: 0x0030: 2070 6269 6c6c 3264 2069 7320 646f 776e .bill.is.down 0x0040: 3a20 5468 6973 2071 7565 7565 2069 7320 :.This.queue.is. 0x0050: 666f 7220 4761 7261 6e63 6520 7465 7374 for.Garance.test 0x0060: 696e 672e 2073 742f 3678 0a6e 6f20 656e ing..st/6x.no.en 0x0070: 7472 6965 730a tries. 21:23:32.204988 IP (tos 0x0, ttl 64, id 4527, offset 0, flags [DF], proto: TCP (6), length: 40) print-serv.printer > lpq-client.1023: F, cksum 0x3765 (correct), 79:79(0) ack 10 win 65535 0x0000: 4500 0028 11af 4000 4006 f617 8071 18a2 E..(..@.@....q.. 0x0010: 8071 1985 0203 03ff 7f96 41cf 7e56 ffa6 .q........A.~V.. 0x0020: 5011 ffff 3765 0000 P...7e.. 21:23:32.205701 IP (tos 0x0, ttl 63, id 53778, offset 0, flags [DF], proto: TCP (6), length: 40) lpq-client.1023 > print-serv.printer: ., cksum 0xd671 (correct), 10:10(0) ack 79 win 24820 0x0000: 4500 0028 d212 4000 3f06 36b4 8071 1985 E..(..@.?.6..q.. 0x0010: 8071 18a2 03ff 0203 7e56 ffa6 7f96 41cf .q......~V....A. 0x0020: 5010 60f4 d671 0000 5555 5555 5555 P.`..q..UUUUUU 21:23:32.205755 IP (tos 0x0, ttl 63, id 53779, offset 0, flags [DF], proto: TCP (6), length: 40) lpq-client.1023 > print-serv.printer: ., cksum 0xd670 (correct), 10:10(0) ack 80 win 24820 0x0000: 4500 0028 d213 4000 3f06 36b3 8071 1985 E..(..@.?.6..q.. 0x0010: 8071 18a2 03ff 0203 7e56 ffa6 7f96 41d0 .q......~V....A. 0x0020: 5010 60f4 d670 0000 5555 5555 5555 P.`..p..UUUUUU 21:23:32.206880 IP (tos 0x0, ttl 63, id 53780, offset 0, flags [DF], proto: TCP (6), length: 40) lpq-client.1023 > print-serv.printer: F, cksum 0xd66f (correct), 10:10(0) ack 80 win 24820 0x0000: 4500 0028 d214 4000 3f06 36b2 8071 1985 E..(..@.?.6..q.. 0x0010: 8071 18a2 03ff 0203 7e56 ffa6 7f96 41d0 .q......~V....A. 0x0020: 5011 60f4 d66f 0000 5555 5555 5555 P.`..o..UUUUUU 21:23:32.206918 IP (tos 0x0, ttl 64, id 4528, offset 0, flags [DF], proto: TCP (6), length: 40) print-serv.printer > lpq-client.1023: ., cksum 0x3765 (correct), 80:80(0) ack 11 win 65534 0x0000: 4500 0028 11b0 4000 4006 f616 8071 18a2 E..(..@.@....q.. 0x0010: 8071 1985 0203 03ff 7f96 41d0 7e56 ffa7 .q........A.~V.. 0x0020: 5010 fffe 3765 0000 P...7e.. 21:23:34.252791 IP (tos 0x0, ttl 63, id 53781, offset 0, flags [DF], proto: TCP (6), length: 48) lpq-client.1023 > print-serv.printer: S, cksum 0x2329 (correct), 2120304533:2120304533(0) win 24820 0x0000: 4500 0030 d215 4000 3f06 36a9 8071 1985 E..0..@.?.6..q.. 0x0010: 8071 18a2 03ff 0203 7e61 4795 0000 0000 .q......~aG..... 0x0020: 7002 60f4 2329 0000 0101 0402 0204 05b4 p.`.#).......... 21:23:37.617105 IP (tos 0x0, ttl 63, id 53782, offset 0, flags [DF], proto: TCP (6), length: 48) lpq-client.1023 > print-serv.printer: S, cksum 0x2329 (correct), 2120304533:2120304533(0) win 24820 0x0000: 4500 0030 d216 4000 3f06 36a8 8071 1985 E..0..@.?.6..q.. 0x0010: 8071 18a2 03ff 0203 7e61 4795 0000 0000 .q......~aG..... 0x0020: 7002 60f4 2329 0000 0101 0402 0204 05b4 p.`.#).......... 21:23:44.367128 IP (tos 0x0, ttl 63, id 53783, offset 0, flags [DF], proto: TCP (6), length: 48) lpq-client.1023 > print-serv.printer: S, cksum 0x2329 (correct), 2120304533:2120304533(0) win 24820 0x0000: 4500 0030 d217 4000 3f06 36a7 8071 1985 E..0..@.?.6..q.. 0x0010: 8071 18a2 03ff 0203 7e61 4795 0000 0000 .q......~aG..... 0x0020: 7002 60f4 2329 0000 0101 0402 0204 05b4 p.`.#).......... 21:23:57.867184 IP (tos 0x0, ttl 63, id 53784, offset 0, flags [DF], proto: TCP (6), length: 48) lpq-client.1023 > print-serv.printer: S, cksum 0x2329 (correct), 2120304533:2120304533(0) win 24820 0x0000: 4500 0030 d218 4000 3f06 36a6 8071 1985 E..0..@.?.6..q.. 0x0010: 8071 18a2 03ff 0203 7e61 4795 0000 0000 .q......~aG..... 0x0020: 7002 60f4 2329 0000 0101 0402 0204 05b4 p.`.#).......... 21:24:24.867224 IP (tos 0x0, ttl 63, id 53785, offset 0, flags [DF], proto: TCP (6), length: 48) lpq-client.1023 > print-serv.printer: S, cksum 0x2329 (correct), 2120304533:2120304533(0) win 24820 0x0000: 4500 0030 d219 4000 3f06 36a5 8071 1985 E..0..@.?.6..q.. 0x0010: 8071 18a2 03ff 0203 7e61 4795 0000 0000 .q......~aG..... 0x0020: 7002 60f4 2329 0000 0101 0402 0204 05b4 p.`.#).......... 21:25:18.867322 IP (tos 0x0, ttl 63, id 53786, offset 0, flags [DF], proto: TCP (6), length: 48) lpq-client.1023 > print-serv.printer: S, cksum 0x2329 (correct), 2120304533:2120304533(0) win 24820 0x0000: 4500 0030 d21a 4000 3f06 36a4 8071 1985 E..0..@.?.6..q.. 0x0010: 8071 18a2 03ff 0203 7e61 4795 0000 0000 .q......~aG..... 0x0020: 7002 60f4 2329 0000 0101 0402 0204 05b4 p.`.#).......... 21:25:18.867426 IP (tos 0x0, ttl 64, id 4531, offset 0, flags [DF], proto: TCP (6), length: 48) print-serv.printer > lpq-client.1023: S, cksum 0x4f45 (correct), 933494308:933494308(0) ack 2120304534 win 65535 0x0000: 4500 0030 11b3 4000 4006 f60b 8071 18a2 E..0..@.@....q.. 0x0010: 8071 1985 0203 03ff 37a3 fe24 7e61 4796 .q......7..$~aG. 0x0020: 7012 ffff 4f45 0000 0204 05b4 0402 0000 p...OE.......... 21:25:18.868017 IP (tos 0x0, ttl 63, id 53787, offset 0, flags [DF], proto: TCP (6), length: 40) lpq-client.1023 > print-serv.printer: ., cksum 0x1a14 (correct), 1:1(0) ack 1 win 24820 0x0000: 4500 0028 d21b 4000 3f06 36ab 8071 1985 E..(..@.?.6..q.. 0x0010: 8071 18a2 03ff 0203 7e61 4796 37a3 fe25 .q......~aG.7..% 0x0020: 5010 60f4 1a14 0000 5555 5555 5555 P.`.....UUUUUU 21:25:18.868252 IP (tos 0x0, ttl 63, id 53788, offset 0, flags [DF], proto: TCP (6), length: 49) lpq-client.1023 > print-serv.printer: P, cksum 0x0b59 (correct), 1:10(9) ack 1 win 24820 0x0000: 4500 0031 d21c 4000 3f06 36a1 8071 1985 E..1..@.?.6..q.. 0x0010: 8071 18a2 03ff 0203 7e61 4796 37a3 fe25 .q......~aG.7..% 0x0020: 5018 60f4 0b59 0000 0370 6269 6c6c 3264 P.`..Y...bill 0x0030: 0a . 21:25:18.897042 IP (tos 0x0, ttl 64, id 4569, offset 0, flags [DF], proto: TCP (6), length: 118) print-serv.printer > lpq-client.1023: P, cksum 0x9f16 (correct), 1:79(78) ack 10 win 65535 0x0000: 4500 0076 11d9 4000 4006 f59f 8071 18a2 E..v..@.@....q.. 0x0010: 8071 1985 0203 03ff 37a3 fe25 7e61 479f .q......7..%~aG. 0x0020: 5018 ffff 9f16 0000 5761 726e 696e 673a P.......Warning: 0x0030: 2070 6269 6c6c 3264 2069 7320 646f 776e .bill.is.down 0x0040: 3a20 5468 6973 2071 7565 7565 2069 7320 :.This.queue.is. 0x0050: 666f 7220 4761 7261 6e63 6520 7465 7374 for.Garance.test 0x0060: 696e 672e 2073 742f 3678 0a6e 6f20 656e ing..st/6x.no.en 0x0070: 7472 6965 730a tries. 21:25:18.897085 IP (tos 0x0, ttl 64, id 4570, offset 0, flags [DF], proto: TCP (6), length: 40) print-serv.printer > lpq-client.1023: F, cksum 0x7ab0 (correct), 79:79(0) ack 10 win 65535 0x0000: 4500 0028 11da 4000 4006 f5ec 8071 18a2 E..(..@.@....q.. 0x0010: 8071 1985 0203 03ff 37a3 fe73 7e61 479f .q......7..s~aG. 0x0020: 5011 ffff 7ab0 0000 P...z... 21:25:18.897800 IP (tos 0x0, ttl 63, id 53789, offset 0, flags [DF], proto: TCP (6), length: 40) lpq-client.1023 > print-serv.printer: ., cksum 0x19bd (correct), 10:10(0) ack 79 win 24820 0x0000: 4500 0028 d21d 4000 3f06 36a9 8071 1985 E..(..@.?.6..q.. 0x0010: 8071 18a2 03ff 0203 7e61 479f 37a3 fe73 .q......~aG.7..s 0x0020: 5010 60f4 19bd 0000 5555 5555 5555 P.`.....UUUUUU 21:25:18.897853 IP (tos 0x0, ttl 63, id 53790, offset 0, flags [DF], proto: TCP (6), length: 40) lpq-client.1023 > print-serv.printer: ., cksum 0x19bc (correct), 10:10(0) ack 80 win 24820 0x0000: 4500 0028 d21e 4000 3f06 36a8 8071 1985 E..(..@.?.6..q.. 0x0010: 8071 18a2 03ff 0203 7e61 479f 37a3 fe74 .q......~aG.7..t 0x0020: 5010 60f4 19bc 0000 5555 5555 5555 P.`.....UUUUUU 21:25:18.899111 IP (tos 0x0, ttl 63, id 53791, offset 0, flags [DF], proto: TCP (6), length: 40) lpq-client.1023 > print-serv.printer: F, cksum 0x19bb (correct), 10:10(0) ack 80 win 24820 0x0000: 4500 0028 d21f 4000 3f06 36a7 8071 1985 E..(..@.?.6..q.. 0x0010: 8071 18a2 03ff 0203 7e61 479f 37a3 fe74 .q......~aG.7..t 0x0020: 5011 60f4 19bb 0000 5555 5555 5555 P.`.....UUUUUU 21:25:18.899149 IP (tos 0x0, ttl 64, id 4571, offset 0, flags [DF], proto: TCP (6), length: 40) print-serv.printer > lpq-client.1023: ., cksum 0x7ab0 (correct), 80:80(0) ack 11 win 65534 0x0000: 4500 0028 11db 4000 4006 f5eb 8071 18a2 E..(..@.@....q.. 0x0010: 8071 1985 0203 03ff 37a3 fe74 7e61 47a0 .q......7..t~aG. 0x0020: 5010 fffe 7ab0 0000 P...z... -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu