Odd TCP RFC1323 Behavior

Chip Marshall chip at 2bithacker.net
Fri Aug 12 21:43:11 UTC 2011

I've been digging into an issue with SSH throughput and
discovered that one of the servers involved isn't using RFC1323
window scaling and timestamps.

The server is running 7.3-RELEASE-p3, and has
net.inet.tcp.rfc1323 set to 1.

When connecting out from the server, it sets both Window Scale
and TimeStamp options in the SYN packet and everything is fine.

When a connection comes into the server with WS and TS set in
the SYN, the response varies. For port 53 (named) the SYN/ACK
has WS/TS options. For port 22 (sshd) the SYN/ACK does not have
WS/TS options, unless the connection is via lo0.

ssh is OpenSSH_5.2p1, compiled from ports with default options.

I'm really at a loss to explain this.

Why does named use RFC1323 on bce0 when sshd doesn't?
Why does sshd use RFC1323 on lo0 but not on bce0?

I can provide PCAPs of the SYN, SYN/ACK exchanges if that
will help.

Chip Marshall <chip at 2bithacker.net>
http://weblog.2bithacker.net/          KB1QYW        PGP key ID 43C4819E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20110812/c900fdb0/attachment.pgp

More information about the freebsd-net mailing list