Access Problems with 7.0

Bjoern A. Zeeb bzeeb-lists at lists.zabbadoz.net
Thu Apr 3 18:45:07 UTC 2008 

On Mon, 31 Mar 2008, Doug Hardie wrote:

Hi,

>> I recently upgraded 3 of my 5 servers to 7.0.  Two of them are on new 
>> hardware and one is on hardware that used to run 6.2.  Since then, 2 of my 
>> thousands of users are unable to access the servers running 7.0.  They can 
>> access the server running 6.2 just fine.  What happens is the server 
>> receives the SYN packet from the client properly and then responds with the 
>> SYN packet.  Nothing more is heard from the client.  The server sends a few 
>> duplicates of the SYN and then drops the connection.
>> 
>> At this point I am not able to verify that the client receives the SYN. 
>> Neither of them has a clue about tcpdump.  The packets look fine on this 
>> end (included later).  Both are using Windows, including XP and Vista.  I 
>> suspect they are receiving it and not accepting it for some reason. 
>> However, I don't really see anything that would cause that behavior in the 
>> packets.  I can't reproduce the problem here.  Every computer I can try 
>> works just fine.
>> 
>> Here is one of the packet traces:
>> 
>> 11:59:00.630414 00:00:0c:38:6f:e1 (oui Cisco) > 00:a0:cc:3e:87:9e (oui 
>> Unknown), ethertype IPv4 (0x0800), length 66: 
>> cpe-76-169-78-119.socal.res.rr.com.59025 > zool.lafn.org.8000: S 
>> 2779920420:2779920420(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
>> 
>> 11:59:00.630634 00:a0:cc:3e:87:9e (oui Unknown) > 00:00:0c:38:6f:e1 (oui 
>> Cisco), ethertype IPv4 (0x0800), length 66: zool.lafn.org.8000 > 
>> cpe-76-169-78-119.socal.res.rr.com.59025: S
>> 2480373222:2480373222(0) ack 2779920421 win 65535 <mss 1460,nop,wscale 
>> 3,sackOK,eol>
>> 
>> 11:59:03.613011 00:00:0c:38:6f:e1 (oui Cisco) > 00:a0:cc:3e:87:9e (oui 
>> Unknown), ethertype IPv4 (0x0800), length 66: 
>> cpe-76-169-78-119.socal.res.rr.com.59025 > zool.lafn.org.8000: S 
>> 2779920420:2779920420(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
>> 
>> 11:59:03.613194 00:a0:cc:3e:87:9e (oui Unknown) > 00:00:0c:38:6f:e1 (oui 
>> Cisco), ethertype IPv4 (0x0800), length 66: zool.lafn.org.8000 > 
>> cpe-76-169-78-119.socal.res.rr.com.59025: S 2480373222:2480373222(0) ack 
>> 2779920421 win 65535 <mss 1460,nop,wscale 3,sackOK,eol>
>> 
>
> Checking with the 6.2 server I see there are some differences in the TCP 
> options.  7.0 includes wscale 3 where 6.2 does not.  Is there a way to 
> disable that feature using sysctl to see if thats the issue?

You want to update to 7-STABLE which has the TCP fixes or you want to
apply the following changes:

  1.141.2.4  +10 -2 src/sys/netinet/tcp_output.c
  1.157.2.2  +5 -2 src/sys/netinet/tcp_var.h

In case you are not using MD5 that should be enough. Else see
freebsd-net from the last 3 days for another patch.

/bz

-- 
Bjoern A. Zeeb                                 bzeeb at Zabbadoz dot NeT
Software is harder than hardware  so better get it right the first time.

More information about the freebsd-stable mailing list