Re: dtrace to trace incoming connection not suceeding ?

Reply: Kurt Jaeger : "Re: dtrace to trace incoming connection not suceeding ?"
In reply to: Kurt Jaeger : "Re: dtrace to trace incoming connection not suceeding ?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <tuexen_at_freebsd.org>
Date: Fri, 12 Nov 2021 16:56:08 UTC

> On 12. Nov 2021, at 16:29, Kurt Jaeger <pi@FreeBSD.org> wrote:
> 
> Hi!
> 
>>>>> The basic ipfw firewall is active, but
>>>> Does it work, if you disable ipfw?
> 
>>> No, unfortunatly not.
> 
>> OK. Can you provide the output of
>> netstat -sptcp
>> after some packets were dropped.
> 
> https://people.freebsd.org/~pi/logs/netstat-t1.txt
> https://people.freebsd.org/~pi/logs/netstat-t2.txt
Not sure why you provide two outputs. Does 'the discarded for bad checksums'
counter increase incoming SYN segments are not responded to.

If you capture the incoming traffic with Wireshark, does it report that
the checksum is wrong?
> 
> 4 connection attempts in that time.
> 
> On the same 10g ix0 interface we have three VLANs:
> - one (vlan551) of them uses tcp-md5 for another bgp session
> - one (vlan500) does not use tcp-md5, and has the problem
> - one (vlan724) does not use tcp-md5 for bgp, and works fine
Possibly the usage of vlans is relevant for this issue. Not sure.

Best regards
Michael
> 
> -- 
> pi@FreeBSD.org         +49 171 3101372                  Now what ?
>