Bug 123603
| Summary: | [tcp] tcp_do_segment and Received duplicate SYN | ||
|---|---|---|---|
| Product: | Base System | Reporter: | Peter <yes298> |
| Component: | kern | Assignee: | Andre Oppermann <andre> |
| Status: | Closed Overcome By Events | ||
| Severity: | Affects Only Me | CC: | hiren |
| Priority: | Normal | ||
| Version: | Unspecified | ||
| Hardware: | Any | ||
| OS: | Any | ||
|
Description
Peter
2008-05-12 08:50:01 UTC
Responsible Changed From-To: freebsd-amd64->freebsd-net Over to maintainer(s). > any type of connection will generate above log messages.
You can either comment out all the log(LOG_DEBUG, ...) calls
in /sys/netinet/tcp*.c or change your /etc/syslog.conf to not send kern.debug
messages to the console.
I think these messages should probably be conditional on a kernel option FWIW.
--
John Baldwin
Dear Sir, Thank you so much for your reply. My FreeBSD 7.0(x64) Lighttpd web server connects to a 100M broadband line, after testing many times, I found that, when first time to view my website, it needed to take almost 5~8 seconds to completely open the homepage which is only a static HTML file with content "coming soon", and there are some error log about TCP connection found on our web server, it seems that my FreeBSD 7.0 web server has problem to establish TCP connection. Before the web server idle time (30s), there are no any delay to re-view the homepage (Press F5), but after 30 seconds, it needed to take another 5~8 seconds to re-view, and the log messages will be repeated. May 15 15:18:21 mail kernel: TCP: [203.186.95.8]:12728 to [58.177.222.113]:80 tcpflags 0x2<SYN>; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK May 15 15:19:03 mail kernel: TCP: [221.127.88.188]:5128 to [58.177.222.113]:80 tcpflags 0x2<SYN>; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK I know how to disable these log messages, but I would like to know that the delay is because of receiving duplicate SYN? is it normal message? Please help me to solve the problem, thanks !!!! Thank you so much! Best regards, Victor Victor,
Please try two things:
1. Make sure that you don't have a problem with MTU sizes. Some ADSL
customers with PPPoE have slightly smaller MTU sizes than normal
ethernet. Make sure that ICMP unreach packets are not firewalled
or filtered on your side.
2. There was a bug in the TCP options in FreeBSD 7.0-RELEASE that was
giving problems with a smaller number of CPE devices for ADSL and
Cablemodem customers. The problem is fixed in 7-STABLE. Only upgrading
the kernel is sufficient.
I hope this helps. If not, please provide some tcpdumps so we can see
the packets that are exchanged.
--
Andre
------=_Part_11255_10246163.1211463094510 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Dear Sir, Thank you so much for your reply. My FreeBSD 7.0-Release-p1 (x64) Lighttpd web server *directly connects* to ISP's Cisco 3400 Switch with a 100M broadband line, After ISP technician creating a ARP static mapping rule on the switch to map the IP and MAC of My web server NIC, the problem of 5 seconds delay to view homepage has been solved, now , it is quit normal , no any delay. But, my web server sill has received repeatly below log messages, May 21 15:17:53 mail kernel: TCP: [55.66.77.88]:45979 to [11.22.33.44]:63372 tcpflags 0x10<ACK>; tcp_do_segment: FIN_WAIT_1: Received 1448 bytes of data after socket was closed, sending RST and removing tcpcb May 21 15:17:53 mail kernel: TCP: [55.66.77.88]:21 to [11.22.33.44]:55007 tcpflags 0x18<PUSH>; tcp_do_segment: FIN_WAIT_2: Received 13 bytes of data after socket was closed, sending RST and removing tcpcb May 21 22:26:16 mail kernel: TCP: [55.66.77.88]:23439 to [11.22.33.44]:80 tcpflags 0x18<PUSH>; syncache_expand: SEQ 2071739782 != IRS+1 2071738353, segment rejected May 22 11:31:22 mail kernel: TCP: [55.66.77.88]:2988 to [11.22.33.44]:80 tcpflags 0x10<ACK>; syncache_expand: ACK 1544143634 != ISS+1 4145431138, segment rejected May 22 11:31:22 mail kernel: TCP: [55.66.77.88]:2988 to [11.22.33.44]:80 tcpflags 0x18<PUSH,ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) May 22 11:31:22 mail kernel: TCP: [55.66.77.88]:2988 to [11.22.33.44]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) May 22 11:33:20 mail kernel: TCP: [55.66.77.88]:32345 to [11.22.33.44]:80 tcpflags 0x2<SYN>; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK I sure to you that there no one to hack my server, because 55.66.77.88 is my client computer IP. I would like to know that the above messages will cause any problem? and how to solve this problem? Thank you so much! Best regards, Victor ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Victor, Please try two things: 1. Make sure that you don't have a problem with MTU sizes. Some ADSL customers with PPPoE have slightly smaller MTU sizes than normal ethernet. Make sure that ICMP unreach packets are not firewalled or filtered on your side. 2. There was a bug in the TCP options in FreeBSD 7.0-RELEASE that was giving problems with a smaller number of CPE devices for ADSL and Cablemodem customers. The problem is fixed in 7-STABLE. Only upgrading the kernel is sufficient. I hope this helps. If not, please provide some tcpdumps so we can see the packets that are exchanged. -- Andre ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Dear Sir, Thank you so much for your reply. My FreeBSD 7.0(x64) Lighttpd web server connects to a 100M broadband line, after testing many times, I found that, when first time to view my website, it needed to take almost 5~8 seconds to completely open the homepage which is only a static HTML file with content "coming soon", and there are some error log about TCP connection found on our web server, it seems that my FreeBSD 7.0 web server has problem to establish TCP connection. Before the web server idle time (30s), there are no any delay to re-view the homepage (Press F5), but after 30 seconds, it needed to take another 5~8 seconds to re-view, and the log messages will be repeated. May 15 15:18:21 mail kernel: TCP: [203.186.95.8]:12728 to [58.177.222.113]:80 tcpflags 0x2<SYN>; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK May 15 15:19:03 mail kernel: TCP: [221.127.88.188]:5128 to [58.177.222.113]:80 tcpflags 0x2<SYN>; syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK I know how to disable these log messages, but I would like to know that the delay is because of receiving duplicate SYN? is it normal message? Please help me to solve the problem, thanks !!!! Thank you so much! Best regards, Victor ------=_Part_11255_10246163.1211463094510-- Responsible Changed From-To: freebsd-net->andre Take over. WRT messages getting logged, this is now disabled by default and can be enabled by sysctl net.inet.tcp.log_debug=1. WRT actual problem, please reopen the PR if it is still a problem on -CURRENT or stable/10. |
