[Openswan Users] Re: [Openswan dev] KLIPS 2.4.x set tcp window to 0 (fwd)

Marco Berizzi pupilla at hotmail.com
Tue May 23 10:17:45 CEST 2006 

Michael Richardson wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>{cleaning out mailbox. Did this get resolved somehow?}

Yes, I have switched to linux 2.6/netkey
I didn't try klips 2.4.5
However I think that this bug was related to:
#518 Incorrect physical interface MTU detection

>     Marco> I'm try to establish a TCP socket from my windows NT wks
>     Marco> 4.0sp6 machine to the windows NT 4.0 terminal server but it
>     Marco> doesn't work. Ping packet flow: any size (I tried with 32 and
>
>     Marco> 11:09:32.551457 IP (tos 0x0, ttl 127, id 33025, offset 0,
>     Marco> flags [none], proto: TCP (6), length: 40) 10.1.3.1.1045 >
>     Marco> 172.18.1.13.3389: R, cksum 0x39a8 (correct), 54626:54626(0)
>     Marco> win 0
>
>     Marco> As you can see tcp window is set to 0. This happens with
>
>Well, the tcp window will slowly decrease if there are no ACKs in the
>opposite direction.

This problem didn't happen when the client was windows XP.

>11:09:29.546831 IP (tos 0x0, ttl 127, id 32257, offset 0, flags [DF], 
>proto: 6(TCP), length: 44) 10.1.3.1.1045 > 172.18.1.13.3389: S, cksum 
>0xd751 (correct),54625:54625(0) win 8192 <mss 1460>
>
>11:09:29.569664 IP (tos 0x0, ttl 127, id 28621, offset 0, flags [DF], 
>proto: TCP(6), length: 44) 172.18.1.13.3389 > 10.1.3.1.1045: S, cksum 
>0x7271 (correct),1815475809:1815475809(0) ack 54626 win 8760 <mss 1460>
>
>11:09:29.570137 IP (tos 0x0, ttl 127, id 32513, offset 0, flags [none], 
>proto:TCP (6), length: 40) 10.1.3.1.1045 > 172.18.1.13.3389: R, cksum 
>0x39a8(correct), 54626:54626(0) win 0
>
>Connection opened, and then closed. It was reset ("R").
>It isn't the window size that matters here. Something is resetting the
>connection.
>
>11:09:32.529402 IP (tos 0x0, ttl 127, id 32769, offset 0, flags [DF], 
>proto: TCP(6), length: 44) 10.1.3.1.1045 > 172.18.1.13.3389: S, cksum 
>0xd751 (correct),54625:54625(0) win 8192 <mss 1460>
>
>11:09:32.551083 IP (tos 0x0, ttl 127, id 34765, offset 0, flags [DF], 
>proto: TCP(6), length: 44) 172.18.1.13.3389 > 10.1.3.1.1045: S, cksum 
>0x8e07 (correct),1816320702:1816320702(0) ack 54626 win 8760 <mss 1460>
>
>11:09:32.551457 IP (tos 0x0, ttl 127, id 33025, offset 0, flags [none], 
>proto:TCP (6), length: 40) 10.1.3.1.1045 > 172.18.1.13.3389: R, cksum 
>0x39a8(correct), 54626:54626(0) win 0
>
>Ditto.
>
>     Marco> KLIPS 2.4.4 This problem does not happen with KLIPS
>     Marco> 2.3.1. This is the tcpdump caputure (KLIPS 2.3.1):
>
>So, this is not a window size issue. It looks like some kind of firewall
>issue to me.

No. It wasn't a firewall issue. There were no rules inserted by
iptables, also windows XP is working with the same environment.

>Where is the tcpdump being taken?

IIRC on eth1 (the nic connected to the NT wks client system)

>(Please make sure to avoid line wrap on tcpdump traces)

sorry about this.

More information about the Users mailing list