andre at freebsd.org
Fri Apr 20 11:40:19 UTC 2007
Krassimir Slavchev wrote:
> Peter Jeremy wrote:
>> On 2007-Apr-19 11:43:05 +0300, Krassimir Slavchev <krassi at bulinfo.net>
>>> The problem is when I try to access ftp servers, the connection
>>> stalls randomly. Also I can't do cvsup and fetch.
>>> This happens only with machines running -current and when the traffic
>>> is passed through router based on FreeBSD 4.4. One of the test
>>> machines is my notebook which have installed 7.0-CURRENT (from today)
>>> and 5.4-STABLE and I see this problem only with -current.
>> The default TCP send and receive spaces were increased just after
>> RELENG4 was branched. The new receive space requires window scaling
>> to be used. I know that some versions of IPfilter have bugs in their
>> window scaling code and incorrectly block packets as "out of window".
>> You could try reducing net.inet.tcp.recvspace or disabling
>> net.inet.tcp.rfc1323 and see if that helps. (Though RELENG5 should
>> also be affected if this is the problem).
> Disabling net.inet.tcp.rfc1323 solves the problem. Decreasing
> net.inet.tcp.recvspace (16384 on 4.x) increases stallages.
>> Are you in a position to run tcpdump on your router? If so, can you
>> tcpdump both the internal and external interfaces and find packets
>> that don't make it thru?
> Yes. I can do this when the traffic is minimal.
> It is very strange that both 6.2 and 5.4 have the same settings as 7.0:
> net.inet.tcp.recvspace: 65536
> net.inet.tcp.rfc1323: 1
> but the problem is with 7.0 only.
7-current uses larger receive windows with a higher scaling factor.
If your firewall doesn't correctly track that you get the problem
you are describing. In pf based firewalls it is a common thing to
misplace the keep-state rule.
More information about the freebsd-current