Date: Thu, 02 Aug 2007 13:29:36 +0200 From: "Frank Behrens" <frank@pinky.sax.de> To: freebsd-pf@freebsd.org Subject: Re: pf eates syn packet? Message-ID: <200708021129.l72BTcSQ007351@pinky.frank-behrens.de> In-Reply-To: <200708011233.l71CX4Od082534@pinky.frank-behrens.de>
next in thread | previous in thread | raw e-mail | index | archive | help
With the help of an email in another thread I could get more information... Frank Behrens <frank@pinky.sax.de> wrote on 1 Aug 2007 14:33: >.... > When I try to connect from internal (NATed) host to an external address I see a delay, > because the 1st SYN is resent (on internal interface): > 13:55:30.256823 IP (tos 0x0, ttl 128, id 35958, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.50.02.2923 > 193.99.144.85.80: S, cksum 0x3f22 (correct), 1489020152:1489020152(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,sackOK> > 13:55:33.266554 IP (tos 0x0, ttl 128, id 35967, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.50.02.2923 > 193.99.144.85.80: S, cksum 0x3f22 (correct), 1489020152:1489020152(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,sackOK> > 13:55:33.325734 IP (tos 0x0, ttl 249, id 7928, offset 0, flags [DF], proto: TCP (6), length: 52) 193.99.144.85.80 > 192.168.50.02.2923: S, cksum 0xc2b3 (correct), 3368657865:3368657865(0) ack 1489020153 win 4320 <mss 1440,nop,wscale 0,sackOK,eol> > 13:55:33.325857 IP (tos 0x0, ttl 128, id 35968, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.50.02.2923 > 193.99.144.85.80: ., cksum 0x6b49 (correct), ack 1 win 43008 > 13:55:33.326854 IP (tos 0x0, ttl 128, id 35969, offset 0, flags [DF], proto: TCP (6), length: 137) 192.168.50.02.2923 > 193.99.144.85.80: P 1:98(97) ack 1 win 43008 > > then the traffic is normal, without any anomaly. > > On outgoing interface tun2 I see: > 13:55:33.266603 IP (tos 0x0, ttl 127, id 35967, offset 0, flags [DF], proto: TCP (6), length: 52) 84.182.234.162.58104 > 193.99.144.85.80: S, cksum 0xfd03 (correct), 1489020152:148902015 2(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,sackOK> > 13:55:33.325695 IP (tos 0x0, ttl 250, id 7928, offset 0, flags [DF], proto: TCP (6), length: 52) 193.99.144.85.80 > 84.182.234.162.58104: S, cksum 0x8095 (correct), 3368657865:3368657865 (0) ack 1489020153 win 4320 <mss 1440,nop,wscale 0,sackOK,eol> > 13:55:33.325880 IP (tos 0x0, ttl 127, id 35968, offset 0, flags [DF], proto: TCP (6), length: 40) 84.182.234.162.58104 > 193.99.144.85.80: ., cksum 0x292b (correct), ack 1 win 43008 > 13:55:33.326872 IP (tos 0x0, ttl 127, id 35969, offset 0, flags [DF], proto: TCP (6), length: 137) 84.182.234.162.58104 > 193.99.144.85.80: P 1:98(97) ack 1 win 43008 > > > So the 1st SYN packet seems to disappear, that creates an additional delay on every > connection. Daniel Hartmeier <daniel@benzedrine.cx> wrote on 2 Aug 2007 8:24 in another thread: > Enable pf debug logging (pfctl -xm), note output of pfctl -si, reproduce > the problem. Then run pfctl -si again. See /var/log/messages for lines > from pf. Post all three outputs ;) Thanks for this hint! I got: Aug 2 13:17:26 <kern.crit> moon kernel: pf: state insert failed: tree_ext_gwy lan: 84.182.237.27:50517 gwy: 84.182.237.27:50517 ext: 193.99.144.85:80 When the traffic on LAN interface was: 13:17:26.808052 IP (tos 0x0, ttl 128, id 50604, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.50.02.3130 > 193.99.144.85.80: S, cksum 0x30c1 (correct), 2327609486:2327609486(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,sackOK> 13:17:29.732017 IP (tos 0x0, ttl 128, id 50616, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.50.02.3130 > 193.99.144.85.80: S, cksum 0x30c1 (correct), 2327609486:2327609486(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,sackOK> 13:17:29.792689 IP (tos 0x0, ttl 249, id 4758, offset 0, flags [DF], proto: TCP (6), length: 52) 193.99.144.85.80 > 192.168.50.02.3130: S, cksum 0x815c (correct), 435389846:435389846(0) ack 2327609487 win 4320 <mss 1440,nop,wscale 0,sackOK,eol> So a possible reason is detected. Does anybody know, why the state insert failed? Otherwise I believe it's time to create a PR. Regards, Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708021129.l72BTcSQ007351>