Re: Pathological TCP behavior running ls(1) over SSH

To: dyoung%NetBSD.org@localhost
Subject: Re: Pathological TCP behavior running ls(1) over SSH
From: gson%gson.org@localhost (Andreas Gustafsson)
Date: Mon, 28 Jan 2008 14:57:22 +0200

David Young wrote:
> Does the server run a packet filter of any kind?  I was astonished to
> find that PF was filtering duplicate ACKs unless I told it otherwise with,
> e.g., the 'flags A/A' rule, below:
> 
> # pfctl -a gateway -s rules
> No ALTQ support in kernel
> ALTQ related functions disabled
> pass out log-all quick on ath0 route-to gre2 from <cuwin> to ! <cuwin> flags 
> A/A
> pass out log-all quick on ath0 route-to gre2 from <cuwin> to ! <cuwin> keep 
> state (if-bound)

I'm running ipf (not pf) and ipnat, but I doubt that's the problem;
the number of duplicate acks reported by "netstat -p tcp" on the
server increased by 48 during a single "ls" command, so it would
appear that the duplicate acks are in fact reaching the TCP stack.
-- 
Andreas Gustafsson, gson%gson.org@localhost

Prev by Date: Re: Pathological TCP behavior running ls(1) over SSH
Next by Date: Re: Pathological TCP behavior running ls(1) over SSH
Previous by Thread: Re: Pathological TCP behavior running ls(1) over SSH
Next by Thread: Patch: accept filters for NetBSD
Indexes:

Home | Main Index | Thread Index | Old Index