Subj. TCP_CLOSING states lasting for 20 minutes :-(

torben fjerdingstad (unitfj-lk@tfj.rnd.uni-c.dk)
Sat, 5 Dec 1998 00:55:08 +0100

I have trouble using Linux through a Cisco PIX firewall.
This is Linux specific!

With secure shell I get random "Read failed, connection
closed". That is now fixed by disabling random tcp
sequence numbers on the cisco.

The Cisco PIX only allows connections initiated from "inside".

Now to the other problem.

Most of the time tcp connections from Linux do not close
properly.
netstat shows usually CLOSING for 20 minutes, while the
Linux box at "inside" retransmits a FIN every two minutes.

With some sessions netstat has shown LAST_ACK instead.

I have made simultateous tcpdumps at both ends. It seems
they have opposite idea of who sent a FIN first. Until
then, they completely agree. I have cut out the domain
names to make the lines shorter.:

View from sslug at "outside":
23:40:28.542802 olivia.4718 > sslug.nntp: P 402:408(6) ack 675 win 16060 (DF)
23:40:28.542802 sslug.nntp > olivia.4718: P 675:682(7) ack 408 win 32736 (DF)
23:40:28.542802 sslug.nntp > olivia.4718: F 682:682(0) ack 408 win 32736
23:40:28.682802 olivia.4718 > sslug.nntp: F 408:408(0) ack 682 win 16060
23:40:28.682802 sslug.nntp > olivia.4718: . ack 409 win 32735 (DF)
23:40:28.682802 olivia.4718 > sslug.nntp: . ack 683 win 16060 (DF)

View from olivia at "inside":
23:40:29.205469 olivia.4718 > sslug.nntp: P 402:408(6) ack 675 win 16060 (DF)
23:40:29.345469 sslug.nntp > olivia.4718: P 675:682(7) ack 408 win 32736 (DF)
23:40:29.345469 olivia.4718 > sslug.nntp: F 408:408(0) ack 682 win 16060
23:40:29.355469 sslug.nntp > olivia.4718: F 682:682(0) ack 408 win 32736
23:40:29.355469 olivia.4718 > sslug.nntp: . ack 683 win 16060 (DF)
23:40:29.595469 olivia.4718 > sslug.nntp: F 408:408(0) ack 683 win 16060
23:40:30.095469 olivia.4718 > sslug.nntp: F 408:408(0) ack 683 win 16060
23:40:31.095469 olivia.4718 > sslug.nntp: F 408:408(0) ack 683 win 16060
23:40:33.095469 olivia.4718 > sslug.nntp: F 408:408(0) ack 683 win 16060
23:40:37.095469 olivia.4718 > sslug.nntp: F 408:408(0) ack 683 win 16060
23:40:45.095469 olivia.4718 > sslug.nntp: F 408:408(0) ack 683 win 16060
23:41:01.095469 olivia.4718 > sslug.nntp: F 408:408(0) ack 683 win 16060
23:41:33.095469 olivia.4718 > sslug.nntp: F 408:408(0) ack 683 win 16060
23:42:37.095469 olivia.4718 > sslug.nntp: F 408:408(0) ack 683 win 16060
23:44:37.095469 olivia.4718 > sslug.nntp: F 408:408(0) ack 683 win 16060

The state on olivia during retransmit of the FIN(408) was CLOSING

More details:

olivia is running linux-2.0.35. Changing to other versions did not
solve the tcp close problem. I tried 2.0.24, 2.1.105 and 2.1.125 too.
I tried many times with a Window(do)s95 box at "inside". No problem.

sslug is running redhat-5.x (I don't remember what x is). The result
is the same with our AIX news server. A remote server that almost
always gives the problem is http://www.theregister.co.uk

The problem loads the phone bill because some of the
"inside" hosts are in private homes, connected by ISDN.

I don't know the details of tcp or C programming, I'm just
a unix system manager.

-- 
Med venlig hilsen / Regards 
Netdriftgruppen / Network Management Group
UNI-C          


Tlf./Phone   +45 35 87 89 41        Mail:  UNI-C                                
Fax.         +45 35 87 89 90               Bygning 304
E-mail: torben.fjerdingstad@uni-c.dk       DK-2800 Lyngby




-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/