Krassimir Slavchev wrote: > Peter Jeremy wrote: > >> On 2007-Apr-19 11:43:05 +0300, Krassimir Slavchev <krassi_at_bulinfo.net> >> wrote: >> >> >>> The problem is when I try to access ftp servers, the connection >>> stalls randomly. Also I can't do cvsup and fetch. >>> This happens only with machines running -current and when the traffic >>> is passed through router based on FreeBSD 4.4. One of the test >>> machines is my notebook which have installed 7.0-CURRENT (from today) >>> and 5.4-STABLE and I see this problem only with -current. >>> >> >> >> The default TCP send and receive spaces were increased just after >> RELENG4 was branched. The new receive space requires window scaling >> to be used. I know that some versions of IPfilter have bugs in their >> window scaling code and incorrectly block packets as "out of window". >> >> You could try reducing net.inet.tcp.recvspace or disabling >> net.inet.tcp.rfc1323 and see if that helps. (Though RELENG5 should >> also be affected if this is the problem). >> > > Disabling net.inet.tcp.rfc1323 solves the problem. Decreasing > net.inet.tcp.recvspace (16384 on 4.x) increases stallages. > >> Are you in a position to run tcpdump on your router? If so, can you >> tcpdump both the internal and external interfaces and find packets >> that don't make it thru? >> > > Yes. I can do this when the traffic is minimal. > > It is very strange that both 6.2 and 5.4 have the same settings as 7.0: > > net.inet.tcp.recvspace: 65536 > net.inet.tcp.rfc1323: 1 > > but the problem is with 7.0 only. 7-current uses larger receive windows with a higher scaling factor. If your firewall doesn't correctly track that you get the problem you are describing. In pf based firewalls it is a common thing to misplace the keep-state rule. -- AndreReceived on Fri Apr 20 2007 - 09:40:18 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:09 UTC