problems caused by net.inet.tcp.blackhole=2

Joerg Pernfuss elessar at galgenberg.net
Sun Nov 9 22:24:49 PST 2003 

On Sat, 8 Nov 2003 15:25:18 -0800 (PST)
Don Lewis <truckman at freebsd.org> wrote:

> On  8 Nov, Michal wrote:
> > Hello,
> > maybe someone will be able to help me with the problem. Namely setting 
> > net.inet.tcp.blackhole=2 make samba to start very slow (90sec). Also 
> > smbclient is slow. After samba starts there is no delay to connect from 
> > the another machine with persistant local problems (smbclient). 
> > Additionally the sysctl setting has veird impact on mozilla: trying to 
> > write to web forms causes freezing of mozilla. Now setting 
> > net.inet.tcp.blackhole=0 reverts all the problemsr: samba starts fast 
> > and no problems with writing to the web forms.
> > my system:
> > FreeBSD 5.1-CURRENT #0: Thu Oct 30 17:49:13 EST 2003
> > ports updated 11-08-03
> > 
> > I appreciate any suggestions
> 
> I looked at a similar problem that someone was having a while back.  It
> appears that the problem is that this sysctl setting is suppressing the
> sending of TCP RST packets which are needed to tear down dead
> connections, and if one end of the connection thinks the connection is
> still established, it is not possible to create a new connection between
> the hosts that reuses the same addresses and ports as the old
> connection.
> 
> Since the whole point of net.inet.tcp.blackhole=2 is to block the RST
> packets that could allow the host to be scanned, I suspect you are
> stuck.

That's not a bug, that is the only feature :)

First of all, check on which ports the connections that time out occur.
One possibility would be `tcpdump', the other is to set the sysctl
net.inet.tcp.log_in_vain to 1. Then start samba and look in the logs to
which closed ports connection attempts were made.
Maybe there is a decent solution to provide these packets the answer they
desire so hard.

Joerg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20031110/dd397825/attachment.bin

More information about the freebsd-net mailing list