From nobody Fri Nov 12 16:56:08 2021 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 692D2184703B for ; Fri, 12 Nov 2021 16:56:12 +0000 (UTC) (envelope-from tuexen@freebsd.org) Received: from drew.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.franken.de", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HrPqc24Z3z3mq2; Fri, 12 Nov 2021 16:56:12 +0000 (UTC) (envelope-from tuexen@freebsd.org) Received: from smtpclient.apple (unknown [IPv6:2a02:8109:1140:c3d:b164:f6f2:3509:e42e]) (Authenticated sender: macmic) by mail-n.franken.de (Postfix) with ESMTPSA id BF34F721E2825; Fri, 12 Nov 2021 17:56:08 +0100 (CET) Content-Type: text/plain; charset=us-ascii List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.20.0.1.32\)) Subject: Re: dtrace to trace incoming connection not suceeding ? From: tuexen@freebsd.org In-Reply-To: Date: Fri, 12 Nov 2021 17:56:08 +0100 Cc: freebsd-net@freebsd.org Content-Transfer-Encoding: 7bit Message-Id: <36CCF1D0-34EE-4E1C-B593-71CF936F4DE7@freebsd.org> References: <866D4765-25EF-4C5F-AA2E-D6BE8D5EBEEB@freebsd.org> <43FC040E-E5DE-4F4E-B91E-AAA807207D05@freebsd.org> To: Kurt Jaeger X-Mailer: Apple Mail (2.3693.20.0.1.32) X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=disabled version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-n.franken.de X-Rspamd-Queue-Id: 4HrPqc24Z3z3mq2 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-Spam: Yes X-ThisMailContainsUnwantedMimeParts: N > On 12. Nov 2021, at 16:29, Kurt Jaeger wrote: > > Hi! > >>>>> The basic ipfw firewall is active, but >>>> Does it work, if you disable ipfw? > >>> No, unfortunatly not. > >> OK. Can you provide the output of >> netstat -sptcp >> after some packets were dropped. > > https://people.freebsd.org/~pi/logs/netstat-t1.txt > https://people.freebsd.org/~pi/logs/netstat-t2.txt Not sure why you provide two outputs. Does 'the discarded for bad checksums' counter increase incoming SYN segments are not responded to. If you capture the incoming traffic with Wireshark, does it report that the checksum is wrong? > > 4 connection attempts in that time. > > On the same 10g ix0 interface we have three VLANs: > - one (vlan551) of them uses tcp-md5 for another bgp session > - one (vlan500) does not use tcp-md5, and has the problem > - one (vlan724) does not use tcp-md5 for bgp, and works fine Possibly the usage of vlans is relevant for this issue. Not sure. Best regards Michael > > -- > pi@FreeBSD.org +49 171 3101372 Now what ? >