Network ACK loss problem
pierre.reveillon
pierre.reveillon at gmail.com
Fri Dec 18 15:40:20 UTC 2009
Hi,
I just upgraded a server to 8.0_RELEASE and I started having network
problems when pf is enabled (even with only "pass all" rules).
It seems that some ACK are loss (see tcpdump results at the end).
I still have some strange mail server problems when pf is disabled but
I'm not sure it's linked.
Thanks,
Pierre
Informations about my configuration :
[root at papaya ~]# uname -a
FreeBSD papaya.yyy.net 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21
15:48:17 UTC 2009
root at almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
[root at papaya ~]# dmesg | grep vge0
vge0: <VIA Networking Gigabit Ethernet> port 0xfc00-0xfcff mem
0xfdfff000-0xfdfff0ff irq 18 at device 14.0 on pci0
miibus0: <MII bus> on vge0
vge0: WARNING: using obsoleted if_watchdog interface
vge0: Ethernet address: 00:xx:xx:xx:xx:xx
vge0: [ITHREAD]
vge0: link state changed to UP
vge0: promiscuous mode enabled
vge0: promiscuous mode disabled
[root at papaya ~]# pfctl -sr
No ALTQ support in kernel
ALTQ related functions disabled
pass in all flags S/SA keep state
pass out all flags S/SA keep state
Tcpdump output:
********************
BAD ONE (pf enabled)
********************
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:29:26.847488 IP bagherra.local.42567 > papaya.yyy.net.www: Flags [S],
seq 4010981448, win 5840, options [mss 1460,sackOK,TS val 27823034 ecr
0,nop,wscale 7], length 0
15:29:26.891968 IP papaya.yyy.net.www > bagherra.local.42567: Flags
[S.], seq 3588656077, ack 4010981449, win 65535, options [mss
1412,nop,wscale 3,sackOK,TS val 1087266140 ecr 27823034], length 0
15:29:26.892034 IP bagherra.local.42567 > papaya.yyy.net.www: Flags [.],
ack 1, win 46, options [nop,nop,TS val 27823045 ecr 1087266140], length 0
15:29:26.892281 IP bagherra.local.42567 > papaya.yyy.net.www: Flags
[P.], seq 1:120, ack 1, win 46, options [nop,nop,TS val 27823045 ecr
1087266140], length 119
15:29:26.982496 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.],
seq 1:1401, ack 120, win 8225, options [nop,nop,TS val 1087266186 ecr
27823045], length 1400
15:29:26.982536 IP bagherra.local.42567 > papaya.yyy.net.www: Flags [.],
ack 1401, win 69, options [nop,nop,TS val 27823068 ecr 1087266186], length 0
15:29:27.027653 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.],
seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087266275 ecr
27823068], length 1400
15:29:27.028035 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.],
seq 2801:4201, ack 120, win 8225, options [nop,nop,TS val 1087266275 ecr
27823068], length 1400
15:29:27.446470 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.],
seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087266694 ecr
27823068], length 1400
15:29:28.082905 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.],
seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087267331 ecr
27823068], length 1400
15:29:29.156079 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.],
seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087268404 ecr
27823068], length 1400
15:29:31.100271 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.],
seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087270349 ecr
27823068], length 1400
15:29:34.788167 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.],
seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087274038 ecr
27823068], length 1400
15:29:40.266521 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.],
seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087279519 ecr
27823068], length 1400
15:29:51.023919 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.],
seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087290280 ecr
27823068], length 1400
15:30:12.336745 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.],
seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087311601 ecr
27823068], length 1400
15:30:54.762699 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.],
seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087354042 ecr
27823068], length 1400
15:31:58.740422 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.],
seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087418043 ecr
27823068], length 1400
15:33:02.718736 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.],
seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087482044 ecr
27823068], length 1400
15:34:06.696421 IP papaya.yyy.net.www > bagherra.local.42567: Flags [.],
seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1087546045 ecr
27823068], length 1400
**********************
GOOD ONE (pf disabled)
**********************
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:35:20.857405 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [S],
seq 989268196, win 5840, options [mss 1460,sackOK,TS val 27911536 ecr
0,nop,wscale 7], length 0
15:35:20.901493 IP papaya.yyy.net.www > bagherra.local.52734: Flags
[S.], seq 2220327620, ack 989268197, win 65535, options [mss
1412,nop,wscale 3,sackOK,TS val 1324570413 ecr 27911536], length 0
15:35:20.901541 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.],
ack 1, win 46, options [nop,nop,TS val 27911548 ecr 1324570413], length 0
15:35:20.901682 IP bagherra.local.52734 > papaya.yyy.net.www: Flags
[P.], seq 1:120, ack 1, win 46, options [nop,nop,TS val 27911548 ecr
1324570413], length 119
15:35:20.949199 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.],
seq 1:1401, ack 120, win 8225, options [nop,nop,TS val 1324570459 ecr
27911548], length 1400
15:35:20.949243 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.],
ack 1401, win 69, options [nop,nop,TS val 27911559 ecr 1324570459], length 0
15:35:20.994274 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.],
seq 1401:2801, ack 120, win 8225, options [nop,nop,TS val 1324570504 ecr
27911559], length 1400
15:35:20.994310 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.],
ack 2801, win 91, options [nop,nop,TS val 27911571 ecr 1324570504], length 0
15:35:20.994758 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.],
seq 2801:4201, ack 120, win 8225, options [nop,nop,TS val 1324570504 ecr
27911559], length 1400
15:35:20.994772 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.],
ack 4201, win 114, options [nop,nop,TS val 27911571 ecr 1324570504],
length 0
15:35:21.038843 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.],
seq 4201:5601, ack 120, win 8225, options [nop,nop,TS val 1324570549 ecr
27911571], length 1400
15:35:21.038876 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.],
ack 5601, win 137, options [nop,nop,TS val 27911582 ecr 1324570549],
length 0
15:35:21.039366 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.],
seq 5601:7001, ack 120, win 8225, options [nop,nop,TS val 1324570549 ecr
27911571], length 1400
15:35:21.039383 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.],
ack 7001, win 159, options [nop,nop,TS val 27911582 ecr 1324570549],
length 0
15:35:21.040337 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.],
seq 7001:8401, ack 120, win 8225, options [nop,nop,TS val 1324570550 ecr
27911571], length 1400
15:35:21.040351 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.],
ack 8401, win 182, options [nop,nop,TS val 27911582 ecr 1324570550],
length 0
15:35:21.084159 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.],
seq 8401:9801, ack 120, win 8225, options [nop,nop,TS val 1324570594 ecr
27911582], length 1400
15:35:21.084201 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.],
ack 9801, win 204, options [nop,nop,TS val 27911593 ecr 1324570594],
length 0
15:35:21.085054 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.],
seq 9801:11201, ack 120, win 8225, options [nop,nop,TS val 1324570595
ecr 27911582], length 1400
15:35:21.085076 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.],
ack 11201, win 227, options [nop,nop,TS val 27911593 ecr 1324570595],
length 0
15:35:21.085088 IP papaya.yyy.net.www > bagherra.local.52734: Flags
[P.], seq 11201:11727, ack 120, win 8225, options [nop,nop,TS val
1324570595 ecr 27911582], length 526
15:35:21.085098 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.],
ack 11727, win 249, options [nop,nop,TS val 27911593 ecr 1324570595],
length 0
15:35:21.085950 IP bagherra.local.52734 > papaya.yyy.net.www: Flags
[F.], seq 120, ack 11727, win 249, options [nop,nop,TS val 27911594 ecr
1324570595], length 0
15:35:21.131345 IP papaya.yyy.net.www > bagherra.local.52734: Flags [.],
ack 121, win 8225, options [nop,nop,TS val 1324570642 ecr 27911594],
length 0
15:35:21.131563 IP papaya.yyy.net.www > bagherra.local.52734: Flags
[F.], seq 11727, ack 121, win 8225, options [nop,nop,TS val 1324570642
ecr 27911594], length 0
15:35:21.131596 IP bagherra.local.52734 > papaya.yyy.net.www: Flags [.],
ack 11728, win 249, options [nop,nop,TS val 27911605 ecr 1324570642],
length 0
More information about the freebsd-pf
mailing list