From hsn@netmag.cz Tue Aug 29 18:14:22 2006 Return-Path: Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1958316A4DD for ; Tue, 29 Aug 2006 18:14:22 +0000 (UTC) (envelope-from hsn@netmag.cz) Received: from smtp-out4.iol.cz (smtp-out4.iol.cz [194.228.2.92]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6BE2243D49 for ; Tue, 29 Aug 2006 18:14:21 +0000 (GMT) (envelope-from hsn@netmag.cz) Received: from antivir4.iol.cz (avir4 [192.168.30.209]) by smtp-out4.iol.cz (Postfix) with ESMTP id 7A3361F909D for ; Tue, 29 Aug 2006 20:13:15 +0200 (CEST) Received: from localhost (antivir4.iol.cz [127.0.0.1]) by antivir4.iol.cz (Postfix) with ESMTP id 650DA240042 for ; Tue, 29 Aug 2006 20:13:15 +0200 (CEST) Received: from smtp-out4.iol.cz (smtp-out-4.iplanet.iol.cz [192.168.30.31]) by antivir4.iol.cz (Postfix) with ESMTP id 39CA0240043 for ; Tue, 29 Aug 2006 20:13:15 +0200 (CEST) Received: from sanatana.dharma (96.219.broadband3.iol.cz [85.70.219.96]) by smtp-out4.iol.cz (Postfix) with ESMTP id 1DD8822AEAA for ; Tue, 29 Aug 2006 20:13:13 +0200 (CEST) Received: from hsn@localhost by sanatana.dharma (Exim 4.63_0 FreeBSD) id 1GI85H-000FJg-5q ; Tue, 29 Aug 2006 20:13:11 +0200 Message-Id: Date: Tue, 29 Aug 2006 20:13:11 +0200 From: Radim Kolar Reply-To: Radim Kolar To: FreeBSD-gnats-submit@freebsd.org Cc: hsn@sd.iol.cz Subject: TCP stack sends infinite retries for connection in LAST_ACK state X-Send-Pr-Version: 3.113 X-GNATS-Notify: >Number: 102653 >Category: kern >Synopsis: [tcp] TCP stack sends infinite retries for connection in LAST_ACK state >Confidential: no >Severity: serious >Priority: medium >Responsible: andre >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Aug 29 18:20:19 GMT 2006 >Closed-Date: Tue Mar 01 10:14:54 EST 2011 >Last-Modified: Tue Mar 01 10:14:54 EST 2011 >Originator: Radim Kolar >Release: FreeBSD 6.1-STABLE i386 >Organization: >Environment: System: FreeBSD sanatana.dharma 6.1-STABLE FreeBSD 6.1-STABLE #3: Fri Aug 25 12:13:08 CEST 2006 root@sanatana.dharma:/usr/obj/usr/src/sys/UP i386 >Description: I discovered that my machine sends infinite retries for these 2 connections: tcp4 0 0 sanatana.61564 mail.xsec.it.http LAST_ACK tcp4 0 0 sanatana.59795 www.xiti.dk.http LAST_ACK it sends packets every 2 seconds or so and gets no reply from remote computer: 20:07:14.855393 IP sanatana.dharma.61564 > mail.xsec.it.http: . ack 1 win 0 20:07:14.855593 IP sanatana.dharma.61564 > mail.xsec.it.http: F 1:1(0) ack 1 win 32832 20:07:14.855662 IP sanatana.dharma.59795 > www.xiti.gr.http: . ack 1 win 0 20:07:14.855797 IP sanatana.dharma.59795 > www.xiti.gr.http: F 1:1(0) ack 1 win 32832 20:07:16.726973 IP sanatana.dharma.61564 > mail.xsec.it.http: F 1:1(0) ack 1 win 32832 20:07:17.214834 IP sanatana.dharma.59795 > www.xiti.gr.http: F 1:1(0) ack 1 win 32832 20:07:17.344771 IP sanatana.dharma.61564 > mail.xsec.it.http: F 1:1(0) ack 1 win 32832 20:07:17.954631 IP sanatana.dharma.59795 > www.xiti.gr.http: F 1:1(0) ack 1 win 32832 20:07:18.380573 IP sanatana.dharma.61564 > mail.xsec.it.http: F 1:1(0) ack 1 win 32832 20:07:19.234371 IP sanatana.dharma.59795 > www.xiti.gr.http: F 1:1(0) ack 1 win 32832 I watched this activity for about 15 minutes, so my guess is that bsd box never gives up. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: linimon Responsible-Changed-When: Tue Aug 29 22:39:55 UTC 2006 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=102653 State-Changed-From-To: open->feedback State-Changed-By: andre State-Changed-When: Wed Sep 6 17:17:10 UTC 2006 State-Changed-Why: Take over. Responsible-Changed-From-To: freebsd-net->andre Responsible-Changed-By: andre Responsible-Changed-When: Wed Sep 6 17:17:10 UTC 2006 Responsible-Changed-Why: Take over. http://www.freebsd.org/cgi/query-pr.cgi?pr=102653 From: Andre Oppermann To: Radim Kolar Cc: bug-followup@freebsd.org Subject: Re: kern/102653 : TCP stack sends infinite retries for connection in LAST_ACK state Date: Wed, 06 Sep 2006 19:21:51 +0200 Radim, do you have a firewall running on this machine with stateful inspection? -- Andre From: Andre Oppermann To: Radim Kolar Cc: bug-followup@freebsd.org Subject: Re: kern/102653 : TCP stack sends infinite retries for connection in LAST_ACK state Date: Wed, 06 Sep 2006 21:04:40 +0200 Andre Oppermann wrote: > Radim, > > do you have a firewall running on this machine with stateful inspection? Confirmed in private email that he indeed has. Please try the following patch and report if the problem is fixed or still there (it may apply with some fuzz as I've got some other changes in that file). -- Andre Index: tcp_output.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_output.c,v retrieving revision 1.115 diff -u -p -r1.115 tcp_output.c --- tcp_output.c 23 Feb 2006 21:14:34 -0000 1.115 +++ tcp_output.c 6 Sep 2006 18:49:59 -0000 @@ -1089,8 +1089,9 @@ timer: * We know that the packet was lost, so back out the * sequence number advance, if any. */ - if ((tp->t_flags & TF_FORCEDATA) == 0 || - !callout_active(tp->tt_persist)) { + if (error != EACCES && + ((tp->t_flags & TF_FORCEDATA) == 0 || + !tcp_timer_active(tp, TT_PERSIST)) ) { /* * No need to check for TH_FIN here because * the TF_SENTFIN flag handles that case. @@ -1127,7 +1127,7 @@ out: tcp_mtudisc(tp->t_inpcb, 0); return 0; } - if ((error == EHOSTUNREACH || error == ENETDOWN) + if ((error == EHOSTUNREACH || error == ENETDOWN || error == EACCES) && TCPS_HAVERCVDSYN(tp->t_state)) { tp->t_softerror = error; return (0); From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/102653: commit references a PR Date: Thu, 28 Sep 2006 18:02:53 +0000 (UTC) andre 2006-09-28 18:02:46 UTC FreeBSD src repository Modified files: sys/netinet tcp_output.c Log: When tcp_output() receives an error upon sending a packet it reverts parts of its internal state to ignore the failed send and try again a bit later. If the error is EPERM the packet got blocked by the local firewall and the revert may cause the session to get stuck and retry indefinitely. This way we treat it like a packet loss and let the retransmit timer and timeouts do their work over time. The correct behavior is to drop a connection that gets an EPERM error. However this _may_ introduce some POLA problems and a two commit approach was chosen. Discussed with: glebius PR: kern/25986 PR: kern/102653 Revision Changes Path 1.120 +15 -2 src/sys/netinet/tcp_output.c _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" State-Changed-From-To: feedback->closed State-Changed-By: linimon State-Changed-When: Tue Apr 24 03:35:32 UTC 2007 State-Changed-Why: Patch was committed by andre on 2006-09-28 18:02:46 UTC. http://www.freebsd.org/cgi/query-pr.cgi?pr=102653 State-Changed-From-To: closed->patched State-Changed-By: linimon State-Changed-When: Thu May 3 23:16:51 UTC 2007 State-Changed-Why: To andre: was this ever MFCed? http://www.freebsd.org/cgi/query-pr.cgi?pr=102653 State-Changed-From-To: patched->closed State-Changed-By: eadler State-Changed-When: Tue Mar 1 10:14:53 EST 2011 State-Changed-Why: This PR is fixed in head, 8.x and 7.x, but will not be merged to 6.x now that that branch is unsupported, sorry http://www.freebsd.org/cgi/query-pr.cgi?pr=102653 >Unformatted: