Wierd networking.
Julian Elischer
julian at ironport.com
Wed Jul 18 19:40:35 UTC 2007
Eygene Ryabinkin wrote:
> Chuck, Julian, good day.
>
> Tue, Jul 17, 2007 at 04:47:30PM -0700, Chuck Swiger wrote:
>
>> % tcpdump -nS -r IE7.pcap
>> reading from file IE7.pcap, link-type EN10MB (Ethernet)
>> 18:24:41.313890 IP 172.28.15.82.3128 > 10.251.22.29.1121: . ack 1573162290 win
>> 32120
>> 18:24:41.313995 IP 10.251.22.29.1121 > 172.28.15.82.3128: P
>> 1573162290:1573162378(88) ack 3799409121 win 65535
>> 18:24:41.314015 IP 172.28.15.82.3128 > 10.251.22.29.1121: . ack 1573162378 win
>> 33492
>> 18:24:41.314072 IP 172.28.15.82.3128 > 10.251.22.29.1121: .
>> 3799409121:3799410581(1460) ack 1573162378 win 33580
>> 18:24:41.314080 IP 172.28.15.82.3128 > 10.251.22.29.1121: P
>> 3799410581:3799410861(280) ack 1573162378 win 33580
>> 18:24:41.314118 IP 172.28.15.82.3128 > 10.251.22.29.1121: F
>> 3799410861:3799410861(0) ack 1573162378 win 33580
>>
>> ...at this point, the client should have received the above packets and ACK for
>> 3799410862 to include the FIN.
>>
>> 18:24:41.314744 IP 10.251.22.29.1121 > 172.28.15.82.3128: P
>> 1573162378:1573162380(2) ack 3799409121 win 65535
>>
>> ...instead it sends an ACK for earlier traffic. The Squid box should be in
>> FIN-WAIT-1 and simply ignore this as a dup ACK, rather than sending an RST:
>>
>
> Seems like it is the effect of the SS_NOFDREF check in the
> netinet/tcp_input.c, at least it is present in the rev. 1.281.2.5.
>
> See the post
> http://lists.freebsd.org/pipermail/freebsd-current/2007-July/074837.html
>
That makes perfect sense..
thankyou.
I will check this avenue of inquiry. possibly we should do a shutdown()
and let the
file descriptor exist for a few seconds.
> I believe it discuisses the same problem, but for -CURRENT. In
> short, Squid child closes the descriptor, so connection is present
> in the TCP/IP stack only. And SS_NOFDREF check provokes RST and
> invokes tcp_close().
>
More information about the freebsd-net
mailing list