[Openswan Users] KLIPS 2.4.x set tcp window to 0
Marco Berizzi
pupilla at hotmail.com
Mon Nov 28 11:32:21 CET 2005
Paul Wouters wrote:
>On Thu, 24 Nov 2005, Marco Berizzi wrote:
>
> > I'm try to establish a TCP socket from my windows NT wks 4.0sp6 machine
>to the
> > windows NT 4.0 terminal server but it doesn't work. Ping packet flow:
>any size
> > (I tried with 32 and 1300 bytes.)
> > I see only SYN SENT. This is a tcpdump capture on the ipsec0 device on
>the
> > KLIPS 2.4.4 system:
>
> > As you can see tcp window is set to 0. This happens with KLIPS 2.4.4
> > This problem does not happen with KLIPS 2.3.1. This is the tcpdump
>caputure
> > (KLIPS 2.3.1):
>
>What happens if you toggle /proc/sys/net/ipv4/tcp_window_scaling or change
>the settings in /proc/sys/net/ipv4/tcp_adv_win_scale ?
>
>We will add those to the ipsec barf output in the next release.
>
> > Running Windows XPsp2 instead of windows NT 4.0sp6 "resolve" the problem
>(with
> > KLIPS 2.4.4)
>
>So that leads me to believe that NT4 might just have a broken stack that
>does
>not implement TCP window scaling, and instead of ignoring unknown tcp
>options,
>does weird things. Try setting /proc/sys/net/ipv4/tcp_window_scaling to 0
>and
>see if that fixes your issues with NT4.
Hi Paul. Good news: setting fragicmp=no resolves the problem. This post was
incomplete because I didn't do the tcpdump capture on the internal
interface. My apologies.
Here is the tcpdump on internal (eth1) and ipsec0 interface with KLIPS 2.4.4
and NT 4.0 with fragicmp=yes (default).
dump on eth1:
11:28:15.439082 IP (tos 0x0, ttl 128, id 56832, offset 0, flags [DF], proto:
TCP (6), length: 44) 10.1.3.1.1035 > 172.18.1.13.3389: S, cksum 0xd6f6
(correct), 54726:54726(0) win 8192 <mss 1460>
11:28:15.439294 IP (tos 0xc0, ttl 64, id 44546, offset 0, flags [none],
proto: ICMP (1), length: 72) 10.1.3.10 > 10.1.3.1: ICMP 172.18.1.13
unreachable - need to frag, length 52
IP (tos 0x0, ttl 127, id 56832, offset 0, flags [DF], proto: TCP (6),
length: 44) 10.1.3.1.1035 > 172.18.1.13.3389: S, cksum 0xd6f6 (correct),
54726:54726(0) win 8192 <mss 1460>
11:28:15.492639 IP (tos 0x0, ttl 126, id 1572, offset 0, flags [DF], proto:
TCP (6), length: 44) 172.18.1.13.3389 > 10.1.3.1.1035: S, cksum 0x5e25
(correct), 3155409524:3155409524(0) ack 54727 win 8760 <mss 1460>
11:28:15.492802 IP (tos 0x0, ttl 128, id 57088, offset 0, flags [none],
proto: TCP (6), length: 40) 10.1.3.1.1035 > 172.18.1.13.3389: R, cksum
0x38e8 (correct), 54727:54727(0) win 0
dump on ipsec0:
11:28:15.439188 IP (tos 0x0, ttl 127, id 56832, offset 0, flags [DF], proto:
TCP (6), length: 44) 10.1.3.1.1035 > 172.18.1.13.3389: S, cksum 0xd6f6
(correct), 54726:54726(0) win 8192 <mss 1460>
11:28:15.492430 IP (tos 0x0, ttl 127, id 1572, offset 0, flags [DF], proto:
TCP (6), length: 44) 172.18.1.13.3389 > 10.1.3.1.1035: S, cksum 0x5e25
(correct), 3155409524:3155409524(0) ack 54727 win 8760 <mss 1460>
11:28:15.492839 IP (tos 0x0, ttl 127, id 57088, offset 0, flags [none],
proto: TCP (6), length: 40) 10.1.3.1.1035 > 172.18.1.13.3389: R, cksum
0x38e8 (correct), 54727:54727(0) win 0
Here is the tcpdump on internal (eth1) and ipsec0 interface with KLIPS 2.4.4
and NT 4.0 with fragicmp=no.
dump on eth1:
11:31:24.426597 IP (tos 0x0, ttl 128, id 60160, offset 0, flags [DF], proto:
TCP (6), length: 44) 10.1.3.1.1037 > 172.18.1.13.3389: S, cksum 0xd6e2
(correct), 54744:54744(0) win 8192 <mss 1460>
11:31:24.448271 arp who-has 10.1.3.1 tell 10.1.3.10
11:31:24.448402 arp reply 10.1.3.1 is-at 00:10:5a:df:27:09
11:31:24.448424 IP (tos 0x0, ttl 126, id 55344, offset 0, flags [DF], proto:
TCP (6), length: 44) 172.18.1.13.3389 > 10.1.3.1.1037: S, cksum 0x1166
(correct), 3205235751:3205235751(0) ack 54745 win 8760 <mss 1460>
11:31:24.448573 IP (tos 0x0, ttl 128, id 60416, offset 0, flags [DF], proto:
TCP (6), length: 40) 10.1.3.1.1037 > 172.18.1.13.3389: ., cksum 0x2923
(correct), 1:1(0) ack 1 win 8760
11:31:24.449342 IP (tos 0x0, ttl 128, id 60672, offset 0, flags [DF], proto:
TCP (6), length: 51) 10.1.3.1.1037 > 172.18.1.13.3389: P, cksum 0x1f25
(correct), 1:12(11) ack 1 win 8760
11:31:24.567336 IP (tos 0x0, ttl 126, id 56368, offset 0, flags [DF], proto:
TCP (6), length: 51) 172.18.1.13.3389 > 10.1.3.1.1037: P, cksum 0x0d01
(correct), 1:12(11) ack 12 win 8749
11:31:24.567869 IP (tos 0x0, ttl 128, id 60928, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 12:60(48) ack 12
win 8749
11:31:24.567892 IP (tos 0x0, ttl 128, id 61184, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 60:108(48) ack 12
win 8749
11:31:24.567928 IP (tos 0x0, ttl 128, id 61440, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 108:156(48) ack 12
win 8749
11:31:24.592940 IP (tos 0x0, ttl 126, id 57648, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1037: ., cksum 0x2918
(correct), 12:12(0) ack 108 win 8653
11:31:24.593051 IP (tos 0x0, ttl 128, id 61696, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 156:204(48) ack 12
win 8749
11:31:24.593055 IP (tos 0x0, ttl 128, id 61952, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 204:252(48) ack 12
win 8749
11:31:24.593066 IP (tos 0x0, ttl 128, id 62208, offset 0, flags [DF], proto:
TCP (6), length: 76) 10.1.3.1.1037 > 172.18.1.13.3389: P, cksum 0x1872
(correct), 252:288(36) ack 12 win 8749
11:31:24.627256 IP (tos 0x0, ttl 126, id 58160, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1037: ., cksum 0x2918
(correct), 12:12(0) ack 204 win 8557
11:31:24.639782 IP (tos 0x0, ttl 126, id 58416, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1037: ., cksum 0x2918
(correct), 12:12(0) ack 288 win 8473
11:31:24.791038 IP (tos 0x0, ttl 126, id 59184, offset 0, flags [DF], proto:
TCP (6), length: 365) 172.18.1.13.3389 > 10.1.3.1.1037: P 12:337(325) ack
288 win 8473
11:31:24.791466 IP (tos 0x0, ttl 128, id 62464, offset 0, flags [DF], proto:
TCP (6), length: 52) 10.1.3.1.1037 > 172.18.1.13.3389: P, cksum 0x9e9f
(correct), 288:300(12) ack 337 win 8760
11:31:24.791599 IP (tos 0x0, ttl 128, id 62720, offset 0, flags [DF], proto:
TCP (6), length: 48) 10.1.3.1.1037 > 172.18.1.13.3389: P, cksum 0xa077
(correct), 300:308(8) ack 337 win 8760
11:31:24.814813 IP (tos 0x0, ttl 126, id 59952, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1037: ., cksum 0x27d3
(correct), 337:337(0) ack 308 win 8453
11:31:24.815410 IP (tos 0x0, ttl 126, id 60208, offset 0, flags [DF], proto:
TCP (6), length: 51) 172.18.1.13.3389 > 10.1.3.1.1037: P, cksum 0x9e96
(correct), 337:348(11) ack 308 win 8453
11:31:24.815776 IP (tos 0x0, ttl 128, id 62976, offset 0, flags [DF], proto:
TCP (6), length: 52) 10.1.3.1.1037 > 172.18.1.13.3389: P, cksum 0x9c68
(correct), 308:320(12) ack 348 win 8749
11:31:24.848979 IP (tos 0x0, ttl 126, id 60464, offset 0, flags [DF], proto:
TCP (6), length: 55) 172.18.1.13.3389 > 10.1.3.1.1037: P, cksum 0xc66b
(correct), 348:363(15) ack 320 win 8441
11:31:24.849423 IP (tos 0x0, ttl 128, id 63232, offset 0, flags [DF], proto:
TCP (6), length: 52) 10.1.3.1.1037 > 172.18.1.13.3389: P, cksum 0x9c5d
(correct), 320:332(12) ack 363 win 8734
11:31:24.873670 IP (tos 0x0, ttl 126, id 60720, offset 0, flags [DF], proto:
TCP (6), length: 55) 172.18.1.13.3389 > 10.1.3.1.1037: P, cksum 0xc85c
(correct), 363:378(15) ack 332 win 8429
11:31:24.877394 IP (tos 0x0, ttl 128, id 63488, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 332:380(48) ack 378
win 8719
11:31:24.877423 IP (tos 0x0, ttl 128, id 63744, offset 0, flags [DF], proto:
TCP (6), length: 86) 10.1.3.1.1037 > 172.18.1.13.3389: P 380:426(46) ack 378
win 8719
11:31:24.877521 IP (tos 0x0, ttl 128, id 64000, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 426:474(48) ack 378
win 8719
11:31:24.877525 IP (tos 0x0, ttl 128, id 64256, offset 0, flags [DF], proto:
TCP (6), length: 78) 10.1.3.1.1037 > 172.18.1.13.3389: P, cksum 0x7c19
(correct), 474:512(38) ack 378 win 8719
11:31:24.918358 IP (tos 0x0, ttl 126, id 60976, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1037: ., cksum 0x27aa
(correct), 378:378(0) ack 426 win 8335
11:31:24.918930 IP (tos 0x0, ttl 126, id 61232, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1037: ., cksum 0x27aa
(correct), 378:378(0) ack 512 win 8249
11:31:24.986194 IP (tos 0x0, ttl 126, id 61744, offset 0, flags [DF], proto:
TCP (6), length: 377) 172.18.1.13.3389 > 10.1.3.1.1037: P 378:715(337) ack
512 win 8249
11:31:25.000359 IP (tos 0x0, ttl 128, id 64512, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 512:560(48) ack 715
win 8760
11:31:25.000389 IP (tos 0x0, ttl 128, id 64768, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 560:608(48) ack 715
win 8760
11:31:25.000417 IP (tos 0x0, ttl 128, id 65024, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 608:656(48) ack 715
win 8760
.....
dump on ipsec0:
11:31:24.426717 IP (tos 0x0, ttl 127, id 60160, offset 0, flags [DF], proto:
TCP (6), length: 44) 10.1.3.1.1037 > 172.18.1.13.3389: S, cksum 0xd6e2
(correct), 54744:54744(0) win 8192 <mss 1460>
11:31:24.448031 IP (tos 0x0, ttl 127, id 55344, offset 0, flags [DF], proto:
TCP (6), length: 44) 172.18.1.13.3389 > 10.1.3.1.1037: S, cksum 0x1166
(correct), 3205235751:3205235751(0) ack 54745 win 8760 <mss 1460>
11:31:24.448610 IP (tos 0x0, ttl 127, id 60416, offset 0, flags [DF], proto:
TCP (6), length: 40) 10.1.3.1.1037 > 172.18.1.13.3389: ., cksum 0x2923
(correct), 1:1(0) ack 1 win 8760
11:31:24.449381 IP (tos 0x0, ttl 127, id 60672, offset 0, flags [DF], proto:
TCP (6), length: 51) 10.1.3.1.1037 > 172.18.1.13.3389: P, cksum 0x1f25
(correct), 1:12(11) ack 1 win 8760
11:31:24.567169 IP (tos 0x0, ttl 127, id 56368, offset 0, flags [DF], proto:
TCP (6), length: 51) 172.18.1.13.3389 > 10.1.3.1.1037: P, cksum 0x0d01
(correct), 1:12(11) ack 12 win 8749
11:31:24.567918 IP (tos 0x0, ttl 127, id 60928, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 12:60(48) ack 12
win 8749
11:31:24.568129 IP (tos 0x0, ttl 127, id 61184, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 60:108(48) ack 12
win 8749
11:31:24.568316 IP (tos 0x0, ttl 127, id 61440, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 108:156(48) ack 12
win 8749
11:31:24.592775 IP (tos 0x0, ttl 127, id 57648, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1037: ., cksum 0x2918
(correct), 12:12(0) ack 108 win 8653
11:31:24.593097 IP (tos 0x0, ttl 127, id 61696, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 156:204(48) ack 12
win 8749
11:31:24.593294 IP (tos 0x0, ttl 127, id 61952, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 204:252(48) ack 12
win 8749
11:31:24.593480 IP (tos 0x0, ttl 127, id 62208, offset 0, flags [DF], proto:
TCP (6), length: 76) 10.1.3.1.1037 > 172.18.1.13.3389: P, cksum 0x1872
(correct), 252:288(36) ack 12 win 8749
11:31:24.627092 IP (tos 0x0, ttl 127, id 58160, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1037: ., cksum 0x2918
(correct), 12:12(0) ack 204 win 8557
11:31:24.639622 IP (tos 0x0, ttl 127, id 58416, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1037: ., cksum 0x2918
(correct), 12:12(0) ack 288 win 8473
11:31:24.790741 IP (tos 0x0, ttl 127, id 59184, offset 0, flags [DF], proto:
TCP (6), length: 365) 172.18.1.13.3389 > 10.1.3.1.1037: P 12:337(325) ack
288 win 8473
11:31:24.791502 IP (tos 0x0, ttl 127, id 62464, offset 0, flags [DF], proto:
TCP (6), length: 52) 10.1.3.1.1037 > 172.18.1.13.3389: P, cksum 0x9e9f
(correct), 288:300(12) ack 337 win 8760
11:31:24.791710 IP (tos 0x0, ttl 127, id 62720, offset 0, flags [DF], proto:
TCP (6), length: 48) 10.1.3.1.1037 > 172.18.1.13.3389: P, cksum 0xa077
(correct), 300:308(8) ack 337 win 8760
11:31:24.814649 IP (tos 0x0, ttl 127, id 59952, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1037: ., cksum 0x27d3
(correct), 337:337(0) ack 308 win 8453
11:31:24.815248 IP (tos 0x0, ttl 127, id 60208, offset 0, flags [DF], proto:
TCP (6), length: 51) 172.18.1.13.3389 > 10.1.3.1.1037: P, cksum 0x9e96
(correct), 337:348(11) ack 308 win 8453
11:31:24.815810 IP (tos 0x0, ttl 127, id 62976, offset 0, flags [DF], proto:
TCP (6), length: 52) 10.1.3.1.1037 > 172.18.1.13.3389: P, cksum 0x9c68
(correct), 308:320(12) ack 348 win 8749
11:31:24.848814 IP (tos 0x0, ttl 127, id 60464, offset 0, flags [DF], proto:
TCP (6), length: 55) 172.18.1.13.3389 > 10.1.3.1.1037: P, cksum 0xc66b
(correct), 348:363(15) ack 320 win 8441
11:31:24.849460 IP (tos 0x0, ttl 127, id 63232, offset 0, flags [DF], proto:
TCP (6), length: 52) 10.1.3.1.1037 > 172.18.1.13.3389: P, cksum 0x9c5d
(correct), 320:332(12) ack 363 win 8734
11:31:24.873506 IP (tos 0x0, ttl 127, id 60720, offset 0, flags [DF], proto:
TCP (6), length: 55) 172.18.1.13.3389 > 10.1.3.1.1037: P, cksum 0xc85c
(correct), 363:378(15) ack 332 win 8429
11:31:24.877446 IP (tos 0x0, ttl 127, id 63488, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 332:380(48) ack 378
win 8719
11:31:24.877673 IP (tos 0x0, ttl 127, id 63744, offset 0, flags [DF], proto:
TCP (6), length: 86) 10.1.3.1.1037 > 172.18.1.13.3389: P 380:426(46) ack 378
win 8719
11:31:24.877857 IP (tos 0x0, ttl 127, id 64000, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 426:474(48) ack 378
win 8719
11:31:24.878041 IP (tos 0x0, ttl 127, id 64256, offset 0, flags [DF], proto:
TCP (6), length: 78) 10.1.3.1.1037 > 172.18.1.13.3389: P, cksum 0x7c19
(correct), 474:512(38) ack 378 win 8719
11:31:24.918191 IP (tos 0x0, ttl 127, id 60976, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1037: ., cksum 0x27aa
(correct), 378:378(0) ack 426 win 8335
11:31:24.918770 IP (tos 0x0, ttl 127, id 61232, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1037: ., cksum 0x27aa
(correct), 378:378(0) ack 512 win 8249
11:31:24.985900 IP (tos 0x0, ttl 127, id 61744, offset 0, flags [DF], proto:
TCP (6), length: 377) 172.18.1.13.3389 > 10.1.3.1.1037: P 378:715(337) ack
512 win 8249
11:31:25.000427 IP (tos 0x0, ttl 127, id 64512, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 512:560(48) ack 715
win 8760
11:31:25.000624 IP (tos 0x0, ttl 127, id 64768, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 560:608(48) ack 715
win 8760
11:31:25.000810 IP (tos 0x0, ttl 127, id 65024, offset 0, flags [DF], proto:
TCP (6), length: 88) 10.1.3.1.1037 > 172.18.1.13.3389: . 608:656(48) ack 715
win 8760
I have taken a look at dev mailing list and
http://lists.openswan.org/pipermail/dev/2005-November/001130.html is
reporting same issue. Hopefully for me this behaviour is always the same
with NT 4.0
I was forgotting...
Here is the tcpdump on eth1 and ipsec0 with KLIPS 2.4.4 fragicmp=default
with windows XPsp2:
tcpdump on eth1:
12:21:14.743417 IP (tos 0x0, ttl 128, id 227, offset 0, flags [none], proto:
TCP (6), length: 48) 10.1.3.1.1038 > 172.18.1.13.3389: S, cksum 0x9395
(correct), 3395639936:3395639936(0) win 65535 <mss 1260,nop,nop,sackOK>
12:21:14.766024 IP (tos 0x0, ttl 126, id 64127, offset 0, flags [DF], proto:
TCP (6), length: 44) 172.18.1.13.3389 > 10.1.3.1.1038: S, cksum 0xa68b
(correct), 3984716097:3984716097(0) ack 3395639937 win 8820 <mss 1460>
12:21:14.766452 IP (tos 0x0, ttl 128, id 228, offset 0, flags [none], proto:
TCP (6), length: 40) 10.1.3.1.1038 > 172.18.1.13.3389: ., cksum 0xe0bc
(correct), 1:1(0) ack 1 win 65535
12:21:14.766833 IP (tos 0x0, ttl 128, id 229, offset 0, flags [none], proto:
TCP (6), length: 79) 10.1.3.1.1038 > 172.18.1.13.3389: P, cksum 0x9c7c
(correct), 1:40(39) ack 1 win 65535
12:21:14.897719 IP (tos 0x0, ttl 126, id 64383, offset 0, flags [DF], proto:
TCP (6), length: 51) 172.18.1.13.3389 > 10.1.3.1.1038: P, cksum 0xa226
(correct), 1:12(11) ack 40 win 8781
12:21:14.898361 IP (tos 0x0, ttl 128, id 230, offset 0, flags [+], proto:
TCP (6), length: 84) 10.1.3.1.1038 > 172.18.1.13.3389: . 40:84(44) ack 12
win 65524
12:21:14.898427 IP (tos 0x0, ttl 128, id 230, offset 64, flags [none],
proto: TCP (6), length: 64) 10.1.3.1 > 172.18.1.13: tcp
12:21:14.898503 IP (tos 0x0, ttl 128, id 231, offset 0, flags [+], proto:
TCP (6), length: 84) 10.1.3.1.1038 > 172.18.1.13.3389: . 128:172(44) ack 12
win 65524
12:21:14.898560 IP (tos 0x0, ttl 128, id 231, offset 64, flags [none],
proto: TCP (6), length: 64) 10.1.3.1 > 172.18.1.13: tcp
12:21:14.898636 IP (tos 0x0, ttl 128, id 232, offset 0, flags [+], proto:
TCP (6), length: 84) 10.1.3.1.1038 > 172.18.1.13.3389: . 216:260(44) ack 12
win 65524
12:21:14.898690 IP (tos 0x0, ttl 128, id 232, offset 64, flags [none],
proto: TCP (6), length: 64) 10.1.3.1 > 172.18.1.13: tcp
12:21:14.922620 IP (tos 0x0, ttl 126, id 64895, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1038: ., cksum 0xbe3d
(correct), 12:12(0) ack 216 win 8605
12:21:14.922987 IP (tos 0x0, ttl 128, id 233, offset 0, flags [+], proto:
TCP (6), length: 84) 10.1.3.1.1038 > 172.18.1.13.3389: . 304:348(44) ack 12
win 65524
12:21:14.922991 IP (tos 0x0, ttl 128, id 233, offset 64, flags [none],
proto: TCP (6), length: 64) 10.1.3.1 > 172.18.1.13: tcp
12:21:14.922998 IP (tos 0x0, ttl 128, id 234, offset 0, flags [+], proto:
TCP (6), length: 84) 10.1.3.1.1038 > 172.18.1.13.3389: P 392:436(44) ack 12
win 65524
12:21:14.923024 IP (tos 0x0, ttl 128, id 234, offset 64, flags [none],
proto: TCP (6), length: 36) 10.1.3.1 > 172.18.1.13: tcp
12:21:14.946961 IP (tos 0x0, ttl 126, id 65151, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1038: ., cksum 0xbe3d
(correct), 12:12(0) ack 392 win 8429
12:21:14.967145 IP (tos 0x0, ttl 126, id 65407, offset 0, flags [DF], proto:
TCP (6), length: 365) 172.18.1.13.3389 > 10.1.3.1.1038: P 12:337(325) ack
452 win 8369
12:21:14.967423 IP (tos 0x0, ttl 128, id 235, offset 0, flags [none], proto:
TCP (6), length: 52) 10.1.3.1.1038 > 172.18.1.13.3389: P, cksum 0x5595
(correct), 452:464(12) ack 337 win 65535
12:21:14.967524 IP (tos 0x0, ttl 128, id 236, offset 0, flags [none], proto:
TCP (6), length: 48) 10.1.3.1.1038 > 172.18.1.13.3389: P, cksum 0x576d
(correct), 464:472(8) ack 337 win 65535
12:21:14.991503 IP (tos 0x0, ttl 126, id 128, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1038: ., cksum 0xbcf8
(correct), 337:337(0) ack 472 win 8349
12:21:14.992085 IP (tos 0x0, ttl 126, id 384, offset 0, flags [DF], proto:
TCP (6), length: 51) 172.18.1.13.3389 > 10.1.3.1.1038: P, cksum 0x33bc
(correct), 337:348(11) ack 472 win 8349
12:21:14.992311 IP (tos 0x0, ttl 128, id 237, offset 0, flags [none], proto:
TCP (6), length: 52) 10.1.3.1.1038 > 172.18.1.13.3389: P, cksum 0x535e
(correct), 472:484(12) ack 348 win 65524
12:21:15.016276 IP (tos 0x0, ttl 126, id 640, offset 0, flags [DF], proto:
TCP (6), length: 55) 172.18.1.13.3389 > 10.1.3.1.1038: P, cksum 0x5b91
(correct), 348:363(15) ack 484 win 8337
12:21:15.016491 IP (tos 0x0, ttl 128, id 238, offset 0, flags [none], proto:
TCP (6), length: 52) 10.1.3.1.1038 > 172.18.1.13.3389: P, cksum 0x5353
(correct), 484:496(12) ack 363 win 65509
12:21:15.046106 IP (tos 0x0, ttl 126, id 896, offset 0, flags [DF], proto:
TCP (6), length: 55) 172.18.1.13.3389 > 10.1.3.1.1038: P, cksum 0x5d82
(correct), 363:378(15) ack 496 win 8325
12:21:15.046892 IP (tos 0x0, ttl 128, id 239, offset 0, flags [+], proto:
TCP (6), length: 84) 10.1.3.1.1038 > 172.18.1.13.3389: . 496:540(44) ack 378
win 65494
12:21:15.046950 IP (tos 0x0, ttl 128, id 239, offset 64, flags [none],
proto: TCP (6), length: 64) 10.1.3.1 > 172.18.1.13: tcp
tcpdump on ipsec0:
12:21:14.743523 IP (tos 0x0, ttl 127, id 227, offset 0, flags [none], proto:
TCP (6), length: 48) 10.1.3.1.1038 > 172.18.1.13.3389: S, cksum 0x9395
(correct), 3395639936:3395639936(0) win 65535 <mss 1260,nop,nop,sackOK>
12:21:14.765821 IP (tos 0x0, ttl 127, id 64127, offset 0, flags [DF], proto:
TCP (6), length: 44) 172.18.1.13.3389 > 10.1.3.1.1038: S, cksum 0xa68b
(correct), 3984716097:3984716097(0) ack 3395639937 win 8820 <mss 1460>
12:21:14.766490 IP (tos 0x0, ttl 127, id 228, offset 0, flags [none], proto:
TCP (6), length: 40) 10.1.3.1.1038 > 172.18.1.13.3389: ., cksum 0xe0bc
(correct), 1:1(0) ack 1 win 65535
12:21:14.766867 IP (tos 0x0, ttl 127, id 229, offset 0, flags [none], proto:
TCP (6), length: 79) 10.1.3.1.1038 > 172.18.1.13.3389: P, cksum 0x9c7c
(correct), 1:40(39) ack 1 win 65535
12:21:14.897553 IP (tos 0x0, ttl 127, id 64383, offset 0, flags [DF], proto:
TCP (6), length: 51) 172.18.1.13.3389 > 10.1.3.1.1038: P, cksum 0xa226
(correct), 1:12(11) ack 40 win 8781
12:21:14.898470 IP (tos 0x0, ttl 127, id 230, offset 0, flags [none], proto:
TCP (6), length: 128) 10.1.3.1.1038 > 172.18.1.13.3389: . 40:128(88) ack 12
win 65524
12:21:14.899252 IP (tos 0x0, ttl 127, id 231, offset 0, flags [none], proto:
TCP (6), length: 128) 10.1.3.1.1038 > 172.18.1.13.3389: . 128:216(88) ack 12
win 65524
12:21:14.899496 IP (tos 0x0, ttl 127, id 232, offset 0, flags [none], proto:
TCP (6), length: 128) 10.1.3.1.1038 > 172.18.1.13.3389: . 216:304(88) ack 12
win 65524
12:21:14.922422 IP (tos 0x0, ttl 127, id 64895, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1038: ., cksum 0xbe3d
(correct), 12:12(0) ack 216 win 8605
12:21:14.923064 IP (tos 0x0, ttl 127, id 233, offset 0, flags [none], proto:
TCP (6), length: 128) 10.1.3.1.1038 > 172.18.1.13.3389: . 304:392(88) ack 12
win 65524
12:21:14.923307 IP (tos 0x0, ttl 127, id 234, offset 0, flags [none], proto:
TCP (6), length: 100) 10.1.3.1.1038 > 172.18.1.13.3389: P 392:452(60) ack 12
win 65524
12:21:14.946790 IP (tos 0x0, ttl 127, id 65151, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1038: ., cksum 0xbe3d
(correct), 12:12(0) ack 392 win 8429
12:21:14.966853 IP (tos 0x0, ttl 127, id 65407, offset 0, flags [DF], proto:
TCP (6), length: 365) 172.18.1.13.3389 > 10.1.3.1.1038: P 12:337(325) ack
452 win 8369
12:21:14.967458 IP (tos 0x0, ttl 127, id 235, offset 0, flags [none], proto:
TCP (6), length: 52) 10.1.3.1.1038 > 172.18.1.13.3389: P, cksum 0x5595
(correct), 452:464(12) ack 337 win 65535
12:21:14.967665 IP (tos 0x0, ttl 127, id 236, offset 0, flags [none], proto:
TCP (6), length: 48) 10.1.3.1.1038 > 172.18.1.13.3389: P, cksum 0x576d
(correct), 464:472(8) ack 337 win 65535
12:21:14.991339 IP (tos 0x0, ttl 127, id 128, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1038: ., cksum 0xbcf8
(correct), 337:337(0) ack 472 win 8349
12:21:14.991923 IP (tos 0x0, ttl 127, id 384, offset 0, flags [DF], proto:
TCP (6), length: 51) 172.18.1.13.3389 > 10.1.3.1.1038: P, cksum 0x33bc
(correct), 337:348(11) ack 472 win 8349
12:21:14.992346 IP (tos 0x0, ttl 127, id 237, offset 0, flags [none], proto:
TCP (6), length: 52) 10.1.3.1.1038 > 172.18.1.13.3389: P, cksum 0x535e
(correct), 472:484(12) ack 348 win 65524
12:21:15.016111 IP (tos 0x0, ttl 127, id 640, offset 0, flags [DF], proto:
TCP (6), length: 55) 172.18.1.13.3389 > 10.1.3.1.1038: P, cksum 0x5b91
(correct), 348:363(15) ack 484 win 8337
12:21:15.016526 IP (tos 0x0, ttl 127, id 238, offset 0, flags [none], proto:
TCP (6), length: 52) 10.1.3.1.1038 > 172.18.1.13.3389: P, cksum 0x5353
(correct), 484:496(12) ack 363 win 65509
12:21:15.045933 IP (tos 0x0, ttl 127, id 896, offset 0, flags [DF], proto:
TCP (6), length: 55) 172.18.1.13.3389 > 10.1.3.1.1038: P, cksum 0x5d82
(correct), 363:378(15) ack 496 win 8325
12:21:15.046989 IP (tos 0x0, ttl 127, id 239, offset 0, flags [none], proto:
TCP (6), length: 128) 10.1.3.1.1038 > 172.18.1.13.3389: . 496:584(88) ack
378 win 65494
12:21:15.047226 IP (tos 0x0, ttl 127, id 240, offset 0, flags [none], proto:
TCP (6), length: 46) 10.1.3.1.1038 > 172.18.1.13.3389: P, cksum 0xdd17
(correct), 584:590(6) ack 378 win 65494
12:21:15.047451 IP (tos 0x0, ttl 127, id 241, offset 0, flags [none], proto:
TCP (6), length: 128) 10.1.3.1.1038 > 172.18.1.13.3389: . 590:678(88) ack
378 win 65494
12:21:15.047751 IP (tos 0x0, ttl 127, id 242, offset 0, flags [none], proto:
TCP (6), length: 128) 10.1.3.1.1038 > 172.18.1.13.3389: . 678:766(88) ack
378 win 65494
12:21:15.048007 IP (tos 0x0, ttl 127, id 243, offset 0, flags [none], proto:
TCP (6), length: 128) 10.1.3.1.1038 > 172.18.1.13.3389: . 766:854(88) ack
378 win 65494
12:21:15.048232 IP (tos 0x0, ttl 127, id 244, offset 0, flags [none], proto:
TCP (6), length: 128) 10.1.3.1.1038 > 172.18.1.13.3389: . 854:942(88) ack
378 win 65494
12:21:15.048917 IP (tos 0x0, ttl 127, id 245, offset 0, flags [none], proto:
TCP (6), length: 47) 10.1.3.1.1038 > 172.18.1.13.3389: P, cksum 0x6c9f
(correct), 942:949(7) ack 378 win 65494
12:21:15.071114 IP (tos 0x0, ttl 127, id 1152, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1038: ., cksum 0xbccf
(correct), 378:378(0) ack 590 win 8231
12:21:15.071974 IP (tos 0x0, ttl 127, id 1408, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1038: ., cksum 0xbccf
(correct), 378:378(0) ack 766 win 8055
12:21:15.074959 IP (tos 0x0, ttl 127, id 1664, offset 0, flags [DF], proto:
TCP (6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1038: ., cksum 0xbccf
(correct), 378:378(0) ack 942 win 7879
12:21:15.093924 IP (tos 0x0, ttl 127, id 1920, offset 0, flags [DF], proto:
TCP (6), length: 377) 172.18.1.13.3389 > 10.1.3.1.1038: P 378:715(337) ack
949 win 7872
12:21:15.095545 IP (tos 0x0, ttl 127, id 246, offset 0, flags [none], proto:
TCP (6), length: 128) 10.1.3.1.1038 > 172.18.1.13.3389: . 949:1037(88) ack
715 win 65535
12:21:15.096261 IP (tos 0x0, ttl 127, id 247, offset 0, flags [none], proto:
TCP (6), length: 120) 10.1.3.1.1038 > 172.18.1.13.3389: P 1037:1117(80) ack
715 win 65535
PS: This month I posted some messages complaining that linux box was
extremely slow and sending out lot of packets. I wrongly thought that
behaviour was related to "klips_error:ipsec_sa_put: null pointer passed
in!". I'm thinking that behavior is related to this problem. I will try
ASAP. This are the URL messages:
http://lists.openswan.org/pipermail/users/2005-November/007315.html
http://lists.openswan.org/pipermail/users/2005-November/007367.html
http://lists.openswan.org/pipermail/dev/2005-November/001136.html
Sorry for the pollution.
PPS: I'm CC also dev because you have forwarded my initial message.
More information about the Users
mailing list