Date: Tue, 31 Dec 2002 06:51:14 -0800 (PST) From: Rostislav Krasny <rosti_bsd@yahoo.com> To: Eli Dart <dart@nersc.gov> Cc: freeBSD-net@freebsd.org Subject: Re: PPPoE and troubles with TCP Message-ID: <20021231145114.86936.qmail@web14801.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
I think that I found the source of my problem. In case of FreeBSD usage the first two TCP/IP packets are with following optins: 1. my host -----> SYN (DF) -----> www.ssh.com options = <mss 1452,nop,wscale 0,nop,nop,timestamp 1532715 0> 2. my host <----- ACK,SYN <----- www.ssh.com options = <mss 1460,nop,wscale 0,nop,nop,timestamp 12034970 1532715> In case of Win98SE usage the first two TCP/IP packets are with following options" 1. my host -----> SYN (DF) -----> www.ssh.com options = <mss 1452,nop,nop,0402> 2. my host <----- ACK,SYN <----- www.ssh.com options = <mss 1452> 0402 is SACK-Permitted option that IMHO have no influence to the problem. More information about this option can be found in RFCs 1072, 2018. Following command solved the problem with www.ssh.com: sysctl net.inet.tcp.rfc1323=0 Now, when I use FreeBSD, the first two TCP/IP packets are with following options: 1. my host -----> SYN (DF) -----> www.ssh.com options = <mss 1452> 2. my host <----- ACK,SYN <----- www.ssh.com options = <mss 1460> I don't know exactly what happened before I reconfigured TCP of my FreeBSD but it seems like some host (my or www.ssh.com) have a bug with TCP and its scaling extention option, described in RFC 1323. I think that more deeper analysis is needed. For example, why the second packet have MSS == 1452 in case of Win98SE usage and MSS == 1460 in case of FreeBSD usage (before and after TCP reconfiguration)? How MRU == MTU == 1484 (or smaller) helped before TCP of my FreeBSD was reconfigured? P.S. Happy new year! :-)) --- Rostislav Krasny <rosti_bsd@yahoo.com> wrote: > In the case of Win98SE my host don't send fragmented packets to > www.ssh.com, all packets are with DF bit set in the IP header. > www.ssh.com sends to my host packets that are not fragmented too, but > without DF bit set in the IP header. > I produced two .trace files by using tcpdump like you explained me. I > didn't find something special when I looked at them by command like > 'tcpdump -r 1492.telnet.trace -vvvnX | less'. > Also I saved capture files of NetXRay (version 3.0.3) sniffer in my > Win98SE. It is old application (I can't find something newer here) > and > it don't know anything about PPPoE but knows about PPP. There're two > capture files saved from this sniffer. That with "eth" in its name is > capture equivalent to 'tcpdump -i ed0 ....' and that with "IP" in its > name is capture equivalent to 'tcpdump -i tun0 ....'. I found in > google > that those capture files can be read in Unix by ethereal - > http://www.ethereal.com/ > 1492.trace was produced when I ran 'links www.ssh.com' (not lynx) and > 1492.telnet.trace was produced when I ran 'telnet www.ssh.com 80'. > Look at attachment. > > Now about other browsers and applications. I tried Netscape 7.01 and > Konqueror that comes with FreeBSD 4.7-RELEASE. Both have the problem > with www.ssh.com. Also I tried telnet to tcp/80 port of www.ssh.com > and > like you already know with negative result. Maybe there are others > hosts that I could not use because of a problem like the problem with > www.ssh.com but I didn't find any of those hosts yet. Also and yet, I > had no problems when I used ssh or ftp. I can't connect by ftp > protocol > to www.ssh.com but to ftp.ssh.com I can without any problem. I even > successfully downloaded ssh-3.2.2.tar.gz file from there. > > P.S. If you have ethernet connection to your ISP and your MTU is 1500 > and there are no proxies and no transparent proxies could you please > change the MTU to 1492 temporarily? Can you browse www.ssh.com with > such configuration? If you can then my problem is, probably, > somewhere > in ppp because ppp have some dial with TCP. If you can't then try MTU > 1484; will it help like it helps in my box? > > P.P.S. What are this mailing list rules about the attachments and > their > sizes? Where can I find these rules? Am I violate some rule like > those > by sending this attachment? > > > --- Eli Dart <dart@nersc.gov> wrote: > > > > In reply to Rostislav Krasny <rosti_bsd@yahoo.com> : > > > > > > > > --0-1140876309-1041159137=:12973 > > > Content-Type: text/plain; charset=us-ascii > > > Content-Disposition: inline > > > > > > I have some sniffer in Win98SE but don't know how to save its > dump > > in > > > the text format to make it easy to read. So I maked a screenshot > of > > the > > > first TCP/IP packet with HTTP response I got from www.ssh.com in > my > > > Win98SE. Look at ssw_com.png file in the attachments. Draw your > > > attention to the "Total length" and to the "Flags" in the IP > > header. > > > > Well, it appears that your packets are being fragmented -- if I'm > > interpreting the image correctly. > > > > It also appears that www.ssh.com is able to get fragmented packets > to > > > > you. > > > > I think you should look at another tcpdump. This time, don't kill > > tcpdump for at least 2 minutes (we want to watch what TCP does). > > Also, > > kill the tcpdump before you kill lynx. Also, capture at least 200 > > bytes of the packet (preferably the whole thing), and write it out > to > > > > a trace file (tcpdump's -w option) so that you can look at it in > > different ways later. So, something like tcpdump -i <iface> -w > > 1492.trace -s 1500 Then do your test, wait for a while, kill the > > dump, kill the app. Now run strings on the tcpdump file -- how > much > > of your http request do you see? Read the trace file with -vv in > the > > > > tcpdump command line, etc etc. > > > > Have you used any other browser? What about ssh traffic? FTP? > The > > idea here is to determine what doesn't change, and also to > determine > > if the problem is local to a given app. > > > > --eli > > > > > > > > > > --- Rostislav Krasny <rosti_bsd@yahoo.com> wrote: > > > > To produce these tcpdump's log files I used two terminals. In > the > > > > first > > > > I ran 'tcpdump -n > filename' and in the second I ran 'links > > URL'. I > > > > ran the first command before the second one, of course. In case > > of > > > > www.ssh.com the "links" browsers maked TCP connection, sent > HTTP > > > > request and the last thing it got from www.ssh.com was ACK > > packet, > > > > nothing more. I waited few seconds and pressed to the 'q' key > so > > > > "links" will quit. That is why you see FIN packet sent from my > > host. > > > > If > > > > I stop "tcpdump" before "links" quiting there is no FIN packet > in > > the > > > > log file of "tcpdump". Look at 1492-2.log and 1492-3.log new > > files. > > > > In > > > > case of the 1492-2.log file I just stoped tcpdump before > quiting > > > > "links". In case of the 1492-3.log file I stoped tcpdump after > > > > quiting > > > > links but I waited more time. So you can see few PPPoE echo > > requests > > > > and responses before the FIN. That is the time I was waiting > > before I > > > > closed the "links" browser. > > > > I use links because it is a text mode browser, so I will not > > download > > > > images that can flood tcpdump's logs. But the problem with > > > > www.ssh.com > > > > exists when I use any browser or even simulate it by sending > > HTTP/1.1 > > > > or HTTP/1.0 "GET" request manually through 'telnet www.ssh.com > > 80'. > > > > If > > > > I send just "GET /<newline>" (it is HTTP/0.9 request) I get > some > > > > short > > > > response about that document was moved. HTTP/0.9 is not in use > > today > > > > by > > > > most web sites (including www.ssh.com) and browsers. > > > > Look at 1492-fbsd.org.log file, there is the log of successful > > HTTP > > > > connection with www.freebsd.org when MTU==MRU==1492. > > > > > > > > Of course I can use smaller MTU and MRU (<=1484) but when I use > > > > Win98SE > > > > with RASPPPOE driver I have no troubles when MTU == 1492. Why > in > > > > FreeBSD it is impossibly? If FreeBSD or its ppp have some bug > why > > not > > > > to fix it instead? And it looks like a bug. > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > ATTACHMENT part 2 application/gzip name=ssh_com.tar.gz __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021231145114.86936.qmail>