From: Willy Tarreau <w@1wt.eu>
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: David Woodhouse <dwmw2@infradead.org>,
netdev@vger.kernel.org, Martin Pohlack <mpohlack@amazon.de>
Subject: Re: TCP receive failure
Date: Tue, 10 Mar 2020 17:00:39 +0100 [thread overview]
Message-ID: <20200310160039.GA18520@1wt.eu> (raw)
In-Reply-To: <20200310082625.4d9d070a@hermes.lan>
On Tue, Mar 10, 2020 at 08:26:25AM -0700, Stephen Hemminger wrote:
> > Yeah, spot on. Thanks. Will stare accusingly at nf_conntrack, and
> > perhaps also at the server side which is sending the later sequence
> > numbers and presumably confusing it.
> >
>
> There were cases in the past of busted middle boxes that ignored TCP window scaling.
>
> These were boxes based on old (buggy) version of FreeBSD firewall code that did
> not remember the window scaling from the handshake and would then see packets as
> out of window.
I've seen quite a bunch of these for a long time, and using various
stacks. And even when this got fixed, many still had issues with PAWS,
and a number of others used to randomize sequence numbers "for your
safety" except that they would do this with random values which could
actually make your ISN go backwards from the previous connection if
they forgot it in the mean time, resulting in failures to establish new
connections from the same port. Bah, I hate products which break end to
end transparency.
> You could try turning TCP window scaling off to see if that changes it.
The thing is that it's different here as the trace was taken on the
receiving side so the packets were dropped between tcpdump and the
TCP stack, hence my suspicion that some packets were considered as
invalid for whatever reason. And apparently David found them in the
local logs, which does fuel the suspicion over conntrack. Note that
it might also be caused by too short a timeout on the client's
conntrack!
Willy
next prev parent reply other threads:[~2020-03-10 16:00 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-10 9:40 TCP receive failure David Woodhouse
2020-03-10 10:39 ` Willy Tarreau
2020-03-10 13:07 ` David Woodhouse
2020-03-10 15:26 ` Stephen Hemminger
2020-03-10 16:00 ` Willy Tarreau [this message]
2020-03-10 16:19 ` Eric Dumazet
[not found] ` <CADVnQyme9ydhetPZTKj-9-Cuig4CrEzuxWampv6+0tdm2Z-n9Q@mail.gmail.com>
2020-03-10 16:37 ` Fwd: " Neal Cardwell
2020-03-10 17:32 ` David Woodhouse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200310160039.GA18520@1wt.eu \
--to=w@1wt.eu \
--cc=dwmw2@infradead.org \
--cc=mpohlack@amazon.de \
--cc=netdev@vger.kernel.org \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.