--pgp-sign-Multipart_Sun_Nov__6_20:00:29_2005-1
Content-Type: text/plain; charset=US-ASCII

>>>>> "dw" == Dan Williams <williams.dan@gmail.com> writes:

    dw> it takes a long time (around a minute) to prompt for username
    dw> and password.

if you say

$ ftp -4 some.site.org

does it get fast?

If -4 doesn't fix your symptom, please ignore the rest of my message,
because it definitely doesn't apply to you.

If it does, you have two choices:

 * remove the IPv6 addresses from all interfaces so ftp won't try that
   address family.  i think the link-local addresses can stay, but i'm
   not sure how the auto-no-IPv6feature works.

 * add in this patch that someone else posted to a list months ago for
   TCP to treat ICMP unreachables as RST during the SYN_SENT phase,
   like Linux and FreeBSD do.  I'm not sure the patch is correct,
   though.  It's important to completely ignore ICMP unreachable in
   states other than SYN_SENT, and I don't know whether or not it's
   doing that.

BIND can also be very slow when it thinks IPv6 is working for whatever
reason but there is no v6 default route.  Since BIND is using v6 in
its deep innards for recursive resolution the problem is hard to
diagnoes.  You should use named_flags="-4" to use v4 only if that's
your problem.  For older BIND, instead of -4 I think it will also work
to say:

     blackhole { 3ffe::/16; 2002::/16; 2001::/16; };

But I think you shouldn't run into a v6 problem with ftp nor with BIND
unless you tried to set up v6 long ago, and then your tunnel bitrotted
and quit working.

Index: tcp_subr.c
===================================================================
RCS file: /scratch/cvsroot/netbsd/src/sys/netinet/tcp_subr.c,v
retrieving revision 1.1.1.8
retrieving revision 1.4
diff -u -r1.1.1.8 -r1.4
--- tcp_subr.c	18 Jul 2005 14:10:20 -0000	1.1.1.8
+++ tcp_subr.c	20 Jul 2005 22:51:19 -0000	1.4
@@ -1304,17 +1304,18 @@
 
 	/*
 	 * Ignore some errors if we are hooked up.
-	 * If connection hasn't completed, has retransmitted several times,
-	 * and receives a second error, give up now.  This is better
-	 * than waiting a long time to establish a connection that
-	 * can never complete.
+	 * If connection hasn't completed, and either gets a "host/net
+	 * unreachable" or has retransmitted several times and receives a
+	 * second error, give up now.  This is better than waiting a long
+	 * time to establish a connection that can never complete.
 	 */
 	if (tp->t_state == TCPS_ESTABLISHED &&
 	     (error == EHOSTUNREACH || error == ENETUNREACH ||
 	      error == EHOSTDOWN)) {
 		return;
 	} else if (TCPS_HAVEESTABLISHED(tp->t_state) == 0 &&
-	    tp->t_rxtshift > 3 && tp->t_softerror)
+	    ((error == EHOSTUNREACH || error == ENETUNREACH) ||
+	     (tp->t_rxtshift > 3 && tp->t_softerror)))
 		so->so_error = error;
 	else
 		tp->t_softerror = error;
@@ -1332,17 +1333,18 @@
 
 	/*
 	 * Ignore some errors if we are hooked up.
-	 * If connection hasn't completed, has retransmitted several times,
-	 * and receives a second error, give up now.  This is better
-	 * than waiting a long time to establish a connection that
-	 * can never complete.
+	 * If connection hasn't completed, and either gets a "host/net
+	 * unreachable" or has retransmitted several times and receives a
+	 * second error, give up now.  This is better than waiting a long
+	 * time to establish a connection that can never complete.
 	 */
 	if (tp->t_state == TCPS_ESTABLISHED &&
 	     (error == EHOSTUNREACH || error == ENETUNREACH ||
 	      error == EHOSTDOWN)) {
 		return;
 	} else if (TCPS_HAVEESTABLISHED(tp->t_state) == 0 &&
-	    tp->t_rxtshift > 3 && tp->t_softerror)
+	    ((error == EHOSTUNREACH || error == ENETUNREACH) ||
+	     (tp->t_rxtshift > 3 && tp->t_softerror)))
 		so->so_error = error;
 	else
 		tp->t_softerror = error;

--pgp-sign-Multipart_Sun_Nov__6_20:00:29_2005-1
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)

iQCVAwUAQ26nOYnCBbTaW/4dAQJN8AP/R3q2NiqX4JAhCDizXu/yAxBWJdJKJOyb
4Bp9/tHf6FxNTRazjQ2OdGlU+bTh6rXmzuXgqc6iJ2wu9OSm3J/0R3GvJj+UShKK
gA7mGeUH52enbtNTdSHLUBl1gmrTJ4l7JqHtFs2f9CFucnBA0qx1GA0+3kXw00iy
roRvgF9hx5k=
=+Mok
-----END PGP SIGNATURE-----

--pgp-sign-Multipart_Sun_Nov__6_20:00:29_2005-1--