From nobody@FreeBSD.org  Mon May 12 07:46:20 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D5F5B106566C
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 12 May 2008 07:46:20 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id C34D78FC14
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 12 May 2008 07:46:20 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m4C7jGd8048925
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 12 May 2008 07:45:16 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m4C7jGh7048924;
	Mon, 12 May 2008 07:45:16 GMT
	(envelope-from nobody)
Message-Id: <200805120745.m4C7jGh7048924@www.freebsd.org>
Date: Mon, 12 May 2008 07:45:16 GMT
From: John <yes298@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: tcp_do_segment and Received duplicate SYN
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         123603
>Category:       kern
>Synopsis:       [tcp] tcp_do_segment and Received duplicate SYN
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    andre
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 12 07:50:01 UTC 2008
>Closed-Date:    
>Last-Modified:  Tue Aug 24 08:30:52 UTC 2010
>Originator:     John
>Release:        FB7.0 (x64)
>Organization:
NULL
>Environment:
FreeBSD mail.mydomain.com 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Thu Mar  6 12:04:57 HKT 2008     root@mydomain.com:/usr/src/sys/amd64/compile/FB7NEW  amd64
>Description:
A FreeBSD 7.0 (x64) Lighttpd Web Server with most-updated ports and patchs.
when a client connect and view a static HTML file, At the first time (before web server idle time), it needs to wait a long time to establish a connection, OR when this server try to download file from Internet, there are lots of logs messages just like below:

May 12 11:57:54 mail kernel: TCP: [55.66.77.88]:41792 to [11.22.33.44]:80 tcpflags 0x2<SYN>; syncache_add: Received duplicate SYN, 
resetting timer and retransmitting SYN|ACK
May 12 15:17:53 mail kernel: TCP: [193.166.3.2]:45979 to [11.22.33.44]:63372 tcpflags 0x10<ACK>; tcp_do_segment: FIN_WAIT_1: Received 1448 bytes of data after socket was closed, sending RST and removing tcpcb
May 12 15:17:53 mail kernel: TCP: [193.166.3.2]:21 to [11.22.33.44]:55007 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 13 bytes of data after socket was closed, sending RST and removing tcpcb

>How-To-Repeat:
any type of  connection will generate above log messages.
>Fix:
no idea .

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-amd64->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon May 12 17:42:04 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123603 

From: John Baldwin <jhb@freebsd.org>
To: freebsd-amd64@freebsd.org
Cc: John <yes298@gmail.com>,
 freebsd-gnats-submit@freebsd.org,
 andre@FreeBSD.org
Subject: Re: amd64/123603: tcp_do_segment and Received duplicate SYN
Date: Mon, 19 May 2008 10:06:40 -0400

 > any type of  connection will generate above log messages.
 
 You can either comment out all the log(LOG_DEBUG, ...) calls 
 in /sys/netinet/tcp*.c or change your /etc/syslog.conf to not send kern.debug 
 messages to the console.
 
 I think these messages should probably be conditional on a kernel option FWIW.
 
 -- 
 John Baldwin

From: "yes298 yes298" <yes298@gmail.com>
To: "John Baldwin" <jhb@freebsd.org>
Cc: freebsd-gnats-submit@freebsd.org, andre@freebsd.org
Subject: Re: amd64/123603: tcp_do_segment and Received duplicate SYN
Date: Tue, 20 May 2008 11:24:32 +0800

 ------=_Part_19869_29339230.1211253872117
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 Dear Sir,
 
 Thank you so much for your reply.
 
 My FreeBSD 7.0(x64) Lighttpd web server connects to a 100M broadband line,
 after testing many times, I found that, when first time to view my website,
 it needed to take almost 5~8 seconds to completely open the homepage which
 is only a static HTML file with content "coming soon", and there are some
 error log about TCP connection found on our web server, it seems that my
 FreeBSD 7.0 web server has problem to establish TCP connection. Before the
 web server idle time (30s), there are no any delay to re-view the homepage
 (Press F5), but after 30 seconds, it needed to take another 5~8 seconds to
 re-view, and the log messages will be repeated.
 
 May 15 15:18:21 mail kernel: TCP: [203.186.95.8]:12728 to [58.177.222.113]:80
 tcpflags 0x2<SYN>; syncache_add: Received duplicate SYN, resetting timer and
 retransmitting SYN|ACK
 May 15 15:19:03 mail kernel: TCP: [221.127.88.188]:5128 to [58.177.222.113]:80
 tcpflags 0x2<SYN>; syncache_add: Received duplicate SYN, resetting timer and
 retransmitting SYN|ACK
 
 I know how to disable these log messages, but I would like to know that the
 delay is because
 of receiving duplicate SYN? is it normal message? Please help me to solve
 the problem, thanks !!!!
 Thank you so much!
 
 Best regards,
 Victor
 
 ------=_Part_19869_29339230.1211253872117--

From: Andre Oppermann <andre@freebsd.org>
To: yes298 yes298 <yes298@gmail.com>
Cc: John Baldwin <jhb@freebsd.org>,  freebsd-gnats-submit@freebsd.org
Subject: Re: amd64/123603: tcp_do_segment and Received duplicate SYN
Date: Tue, 20 May 2008 16:40:08 +0200

 Victor,
 
 Please try two things:
 
   1. Make sure that you don't have a problem with MTU sizes. Some ADSL
      customers with PPPoE have slightly smaller MTU sizes than normal
      ethernet. Make sure that ICMP unreach packets are not firewalled
      or filtered on your side.
 
   2. There was a bug in the TCP options in FreeBSD 7.0-RELEASE that was
      giving problems with a smaller number of CPE devices for ADSL and
      Cablemodem customers. The problem is fixed in 7-STABLE. Only upgrading
      the kernel is sufficient.
 
 I hope this helps.  If not, please provide some tcpdumps so we can see
 the packets that are exchanged.
 
 -- 
 Andre
 

From: "yes298 yes298" <yes298@gmail.com>
To: andre@freebsd.org
Cc: "John Baldwin" <jhb@freebsd.org>, freebsd-gnats-submit@freebsd.org
Subject: Re: amd64/123603: tcp_do_segment and Received duplicate SYN
Date: Thu, 22 May 2008 21:31:34 +0800

 ------=_Part_11255_10246163.1211463094510
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 Dear Sir,
 
 Thank you so much for your reply.
 
 My FreeBSD 7.0-Release-p1 (x64) Lighttpd web server *directly connects* to
 ISP's Cisco 3400 Switch with a 100M broadband line,
 After ISP technician creating a ARP static mapping rule on the switch to map
 the IP and MAC of My web server NIC,
 the problem of 5 seconds delay to view homepage has been solved, now , it is
 quit normal , no any delay.
 But, my web server sill has received repeatly below log messages,
 
 May 21 15:17:53 mail kernel: TCP: [55.66.77.88]:45979 to [11.22.33.44]:63372
 tcpflags 0x10<ACK>; tcp_do_segment: FIN_WAIT_1: Received 1448 bytes of data
 after socket was closed, sending RST and removing tcpcb
 May 21 15:17:53 mail kernel: TCP: [55.66.77.88]:21 to [11.22.33.44]:55007
 tcpflags 0x18<PUSH>; tcp_do_segment: FIN_WAIT_2: Received 13 bytes of data
 after socket was closed, sending RST and removing tcpcb
 May 21 22:26:16 mail kernel: TCP: [55.66.77.88]:23439 to [11.22.33.44]:80
 tcpflags 0x18<PUSH>; syncache_expand: SEQ 2071739782 != IRS+1 2071738353,
 segment rejected
 May 22 11:31:22 mail kernel: TCP: [55.66.77.88]:2988 to [11.22.33.44]:80
 tcpflags 0x10<ACK>; syncache_expand: ACK 1544143634 != ISS+1 4145431138,
 segment rejected
 May 22 11:31:22 mail kernel: TCP: [55.66.77.88]:2988 to [11.22.33.44]:80
 tcpflags 0x18<PUSH,ACK>; syncache_expand: Segment failed SYNCOOKIE
 authentication, segment rejected (probably spoofed)
 May 22 11:31:22 mail kernel: TCP: [55.66.77.88]:2988 to [11.22.33.44]:80
 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE
 authentication, segment rejected (probably spoofed)
 May 22 11:33:20 mail kernel: TCP: [55.66.77.88]:32345 to [11.22.33.44]:80
 tcpflags 0x2<SYN>; syncache_add: Received duplicate SYN, resetting timer and
 retransmitting SYN|ACK
 
 I sure to you that there no one to hack my server, because 55.66.77.88 is my
 client computer IP.
 I would like to know that the above messages will cause any problem? and how
 to solve this problem?
 
 Thank you so much!
 
 Best regards,
 Victor
 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 Victor,
 
 Please try two things:
 
  1. Make sure that you don't have a problem with MTU sizes. Some ADSL
    customers with PPPoE have slightly smaller MTU sizes than normal
    ethernet. Make sure that ICMP unreach packets are not firewalled
    or filtered on your side.
 
  2. There was a bug in the TCP options in FreeBSD 7.0-RELEASE that was
    giving problems with a smaller number of CPE devices for ADSL and
    Cablemodem customers. The problem is fixed in 7-STABLE. Only upgrading
    the kernel is sufficient.
 
 I hope this helps.  If not, please provide some tcpdumps so we can see
 the packets that are exchanged.
 
 -- 
 Andre
 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 Dear Sir,
 
 Thank you so much for your reply.
 
 My FreeBSD 7.0(x64) Lighttpd web server connects to a 100M broadband line,
 after testing many times, I found that, when first time to view my website,
 it needed to take almost 5~8 seconds to completely open the homepage which
 is only a static HTML file with content "coming soon", and there are some
 error log about TCP connection found on our web server, it seems that my
 FreeBSD 7.0 web server has problem to establish TCP connection. Before the
 web server idle time (30s), there are no any delay to re-view the homepage
 (Press F5), but after 30 seconds, it needed to take another 5~8 seconds to
 re-view, and the log messages will be repeated.
 
 May 15 15:18:21 mail kernel: TCP: [203.186.95.8]:12728 to [58.177.222.113]:80
 tcpflags 0x2<SYN>; syncache_add: Received duplicate SYN, resetting timer and
 retransmitting SYN|ACK
 May 15 15:19:03 mail kernel: TCP: [221.127.88.188]:5128 to [58.177.222.113]:80
 tcpflags 0x2<SYN>; syncache_add: Received duplicate SYN, resetting timer and
 retransmitting SYN|ACK
 
 I know how to disable these log messages, but I would like to know that the
 delay is because
 of receiving duplicate SYN? is it normal message? Please help me to solve
 the problem, thanks !!!!
 Thank you so much!
 
 Best regards,
 Victor
  
  ------=_Part_11255_10246163.1211463094510--
Responsible-Changed-From-To: freebsd-net->andre 
Responsible-Changed-By: andre 
Responsible-Changed-When: Tue Aug 24 08:30:34 UTC 2010 
Responsible-Changed-Why:  
Take over. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123603 
>Unformatted:
