Re: Weird problems with 'pf' (on both 5.x and 6.x)

Garance A Drosihn Thu, 27 Jul 2006 18:18:41 -0700

At 9:07 PM -0400 7/27/06, Garance A Drosihn wrote:


But if I restart pf after adding these lines to pf.conf:

    #   Allow all outgoing tcp and udp connections and keep state
    pass out quick proto { tcp, udp } all keep state

then I have the problem where the second 'lpq' from a remote
host will hang, if it is done right after the first one.


The client-machine which is doing the lpq is a solaris
machine, so here is the 'snoop' output from that side
of things.  Disclaimer:  I'm not a networking expert,
so I'm hoping someone else will find this a lot more
obvious than I do.

Here's the packets from the first 'lpq', with various
names changed to protect the innocent (and to reduce
the wrapping a little bit...):

________________________________
  1   0.00000 lpq-client -> print-serv ETHER Type=0800 (IP), size = 62 bytes

1 0.00000 lpq-client -> print-serv IP D=128.113.000.001S=128.113.002.002 LEN=48, ID=132671 0.00000 lpq-client -> print-serv TCP D=515 S=1023 SynSeq=1503722122 Len=0 Win=24820 Options=<nop,nop,sackOK,mss 1460>

  1   0.00000 lpq-client -> print-serv PRINTER C port=1023
________________________________
  2   0.00068 print-serv -> lpq-client ETHER Type=0800 (IP), size = 62 bytes

2 0.00068 print-serv -> lpq-client IP D=128.113.002.002S=128.113.000.001 LEN=48, ID=40072 0.00068 print-serv -> lpq-client TCP D=1023 S=515 SynAck=1503722123 Seq=1874442309 Len=0 Win=65535 Options=<mss1460,sackOK,eol>

  2   0.00068 print-serv -> lpq-client PRINTER R port=1023
________________________________
  3   0.00072 lpq-client -> print-serv ETHER Type=0800 (IP), size = 54 bytes

3 0.00072 lpq-client -> print-serv IP D=128.113.000.001S=128.113.002.002 LEN=40, ID=132683 0.00072 lpq-client -> print-serv TCP D=515 S=1023Ack=1874442310 Seq=1503722123 Len=0 Win=24820

  3   0.00072 lpq-client -> print-serv PRINTER C port=1023
________________________________
  4   0.00088 lpq-client -> print-serv ETHER Type=0800 (IP), size = 63 bytes

4 0.00088 lpq-client -> print-serv IP D=128.113.000.001S=128.113.002.002 LEN=49, ID=132694 0.00088 lpq-client -> print-serv TCP D=515 S=1023Ack=1874442310 Seq=1503722123 Len=9 Win=24820

  4   0.00088 lpq-client -> print-serv PRINTER C port=1023 \3bill\n
________________________________
  5   0.03003 print-serv -> lpq-client ETHER Type=0800 (IP), size = 132 bytes

5 0.03003 print-serv -> lpq-client IP D=128.113.002.002S=128.113.000.001 LEN=118, ID=40455 0.03003 print-serv -> lpq-client TCP D=1023 S=515Ack=1503722132 Seq=1874442310 Len=78 Win=65535

  5   0.03003 print-serv -> lpq-client PRINTER R port=1023 Warning: bill is
________________________________
  6   0.03014 print-serv -> lpq-client ETHER Type=0800 (IP), size = 60 bytes

6 0.03014 print-serv -> lpq-client IP D=128.113.002.002S=128.113.000.001 LEN=40, ID=40466 0.03014 print-serv -> lpq-client TCP D=1023 S=515 FinAck=1503722132 Seq=1874442388 Len=0 Win=65535

  6   0.03014 print-serv -> lpq-client PRINTER R port=1023
________________________________
  7   0.03020 lpq-client -> print-serv ETHER Type=0800 (IP), size = 54 bytes

7 0.03020 lpq-client -> print-serv IP D=128.113.000.001S=128.113.002.002 LEN=40, ID=132707 0.03020 lpq-client -> print-serv TCP D=515 S=1023Ack=1874442388 Seq=1503722132 Len=0 Win=24820

  7   0.03020 lpq-client -> print-serv PRINTER C port=1023
________________________________
  8   0.03022 lpq-client -> print-serv ETHER Type=0800 (IP), size = 54 bytes

8 0.03022 lpq-client -> print-serv IP D=128.113.000.001S=128.113.002.002 LEN=40, ID=132718 0.03022 lpq-client -> print-serv TCP D=515 S=1023Ack=1874442389 Seq=1503722132 Len=0 Win=24820

  8   0.03022 lpq-client -> print-serv PRINTER C port=1023
________________________________
  9   0.03074 lpq-client -> print-serv ETHER Type=0800 (IP), size = 54 bytes

9 0.03074 lpq-client -> print-serv IP D=128.113.000.001S=128.113.002.002 LEN=40, ID=132729 0.03074 lpq-client -> print-serv TCP D=515 S=1023 FinAck=1874442389 Seq=1503722132 Len=0 Win=24820

  9   0.03074 lpq-client -> print-serv PRINTER C port=1023
________________________________
 10   0.03132 print-serv -> lpq-client ETHER Type=0800 (IP), size = 60 bytes

10 0.03132 print-serv -> lpq-client IP D=128.113.002.002S=128.113.000.001 LEN=40, ID=404710 0.03132 print-serv -> lpq-client TCP D=1023 S=515Ack=1503722133 Seq=1874442389 Len=0 Win=65534

 10   0.03132 print-serv -> lpq-client PRINTER R port=1023
________________________________


and then here is the packets from the second 'lpq', done
right after the first one.  It looks like the problem is
in the initial handshaking to get the connection started:

________________________________
 11   7.19194 lpq-client -> print-serv ETHER Type=0800 (IP), size = 62 bytes

11 7.19194 lpq-client -> print-serv IP D=128.113.000.001S=128.113.002.002 LEN=48, ID=1327311 7.19194 lpq-client -> print-serv TCP D=515 S=1023 SynSeq=1505511645 Len=0 Win=24820 Options=<nop,nop,sackOK,mss 1460>

 11   7.19194 lpq-client -> print-serv PRINTER C port=1023
________________________________
 12  10.55769 lpq-client -> print-serv ETHER Type=0800 (IP), size = 62 bytes

12 10.55769 lpq-client -> print-serv IP D=128.113.000.001S=128.113.002.002 LEN=48, ID=1327412 10.55769 lpq-client -> print-serv TCP D=515 S=1023 SynSeq=1505511645 Len=0 Win=24820 Options=<nop,nop,sackOK,mss 1460>

 12  10.55769 lpq-client -> print-serv PRINTER C port=1023
________________________________
 13  17.30771 lpq-client -> print-serv ETHER Type=0800 (IP), size = 62 bytes

13 17.30771 lpq-client -> print-serv IP D=128.113.000.001S=128.113.002.002 LEN=48, ID=1327513 17.30771 lpq-client -> print-serv TCP D=515 S=1023 SynSeq=1505511645 Len=0 Win=24820 Options=<nop,nop,sackOK,mss 1460>

 13  17.30771 lpq-client -> print-serv PRINTER C port=1023
________________________________
 14  30.80785 lpq-client -> print-serv ETHER Type=0800 (IP), size = 62 bytes

14 30.80785 lpq-client -> print-serv IP D=128.113.000.001S=128.113.002.002 LEN=48, ID=5601314 30.80785 lpq-client -> print-serv TCP D=515 S=1023 SynSeq=1505511645 Len=0 Win=24820 Options=<nop,nop,sackOK,mss 1460>

 14  30.80785 lpq-client -> print-serv PRINTER C port=1023
________________________________
 15  57.80771 lpq-client -> print-serv ETHER Type=0800 (IP), size = 62 bytes

15 57.80771 lpq-client -> print-serv IP D=128.113.000.001S=128.113.002.002 LEN=48, ID=5601415 57.80771 lpq-client -> print-serv TCP D=515 S=1023 SynSeq=1505511645 Len=0 Win=24820 Options=<nop,nop,sackOK,mss 1460>

 15  57.80771 lpq-client -> print-serv PRINTER C port=1023
________________________________
 16 111.80771 lpq-client -> print-serv ETHER Type=0800 (IP), size = 62 bytes

16 111.80771 lpq-client -> print-serv IP D=128.113.000.001S=128.113.002.002 LEN=48, ID=5601516 111.80771 lpq-client -> print-serv TCP D=515 S=1023 SynSeq=1505511645 Len=0 Win=24820 Options=<nop,nop,sackOK,mss 1460>

 16 111.80771 lpq-client -> print-serv PRINTER C port=1023
________________________________
 17 111.80842 print-serv -> lpq-client ETHER Type=0800 (IP), size = 62 bytes

17 111.80842 print-serv -> lpq-client IP D=128.113.002.002S=128.113.000.001 LEN=48, ID=405017 111.80842 print-serv -> lpq-client TCP D=1023 S=515 SynAck=1505511646 Seq=3101688498 Len=0 Win=65535 Options=<mss1460,sackOK,eol>

 17 111.80842 print-serv -> lpq-client PRINTER R port=1023
________________________________
 18 111.80845 lpq-client -> print-serv ETHER Type=0800 (IP), size = 54 bytes

18 111.80845 lpq-client -> print-serv IP D=128.113.000.001S=128.113.002.002 LEN=40, ID=5601618 111.80845 lpq-client -> print-serv TCP D=515 S=1023Ack=3101688499 Seq=1505511646 Len=0 Win=24820

 18 111.80845 lpq-client -> print-serv PRINTER C port=1023
________________________________
 19 111.80868 lpq-client -> print-serv ETHER Type=0800 (IP), size = 63 bytes

19 111.80868 lpq-client -> print-serv IP D=128.113.000.001S=128.113.002.002 LEN=49, ID=5601719 111.80868 lpq-client -> print-serv TCP D=515 S=1023Ack=3101688499 Seq=1505511646 Len=9 Win=24820

 19 111.80868 lpq-client -> print-serv PRINTER C port=1023 \3bill\n
________________________________
 20 111.83771 print-serv -> lpq-client ETHER Type=0800 (IP), size = 132 bytes

20 111.83771 print-serv -> lpq-client IP D=128.113.002.002S=128.113.000.001 LEN=118, ID=408820 111.83771 print-serv -> lpq-client TCP D=1023 S=515Ack=1505511655 Seq=3101688499 Len=78 Win=65535

 20 111.83771 print-serv -> lpq-client PRINTER R port=1023 Warning: bill is
________________________________
 21 111.83782 print-serv -> lpq-client ETHER Type=0800 (IP), size = 60 bytes

21 111.83782 print-serv -> lpq-client IP D=128.113.002.002S=128.113.000.001 LEN=40, ID=408921 111.83782 print-serv -> lpq-client TCP D=1023 S=515 FinAck=1505511655 Seq=3101688577 Len=0 Win=65535

 21 111.83782 print-serv -> lpq-client PRINTER R port=1023
________________________________
 22 111.83786 lpq-client -> print-serv ETHER Type=0800 (IP), size = 54 bytes

22 111.83786 lpq-client -> print-serv IP D=128.113.000.001S=128.113.002.002 LEN=40, ID=5601822 111.83786 lpq-client -> print-serv TCP D=515 S=1023Ack=3101688577 Seq=1505511655 Len=0 Win=24820

 22 111.83786 lpq-client -> print-serv PRINTER C port=1023
________________________________
 23 111.83787 lpq-client -> print-serv ETHER Type=0800 (IP), size = 54 bytes

23 111.83787 lpq-client -> print-serv IP D=128.113.000.001S=128.113.002.002 LEN=40, ID=5601923 111.83787 lpq-client -> print-serv TCP D=515 S=1023Ack=3101688578 Seq=1505511655 Len=0 Win=24820

 23 111.83787 lpq-client -> print-serv PRINTER C port=1023
________________________________
 24 111.83851 lpq-client -> print-serv ETHER Type=0800 (IP), size = 54 bytes

24 111.83851 lpq-client -> print-serv IP D=128.113.000.001S=128.113.002.002 LEN=40, ID=5602024 111.83851 lpq-client -> print-serv TCP D=515 S=1023 FinAck=3101688578 Seq=1505511655 Len=0 Win=24820

 24 111.83851 lpq-client -> print-serv PRINTER C port=1023
________________________________
 25 111.83911 print-serv -> lpq-client ETHER Type=0800 (IP), size = 60 bytes

25 111.83911 print-serv -> lpq-client IP D=128.113.002.002S=128.113.000.001 LEN=40, ID=409025 111.83911 print-serv -> lpq-client TCP D=1023 S=515Ack=1505511656 Seq=3101688578 Len=0 Win=65534

 25 111.83911 print-serv -> lpq-client PRINTER R port=1023
________________________________

All I have to do is '/etc/rc.d/pf stop' on the print-server
machine, and immediately these long delays will go away.

--
Garance Alistair Drosehn            =   [EMAIL PROTECTED]
Senior Systems Programmer           or  [EMAIL PROTECTED]
Rensselaer Polytechnic Institute    or  [EMAIL PROTECTED]
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Weird problems with 'pf' (on both 5.x and 6.x)

Reply via email to