hi Paul,
do you see just log entries for blocked packet?
or were you able to identify a particular host having problem to reconnect?
what I see in log are just single instances of blocked SYN packet,
which does not render a problem to host to connect to server.
the SYN packet will be retransmitted and connection will be made
on second attempt.
such samples indicate the fix for:
6531894 IPF blocks TCP SYN packets for connections in TIME_WAIT state
-> some clients can't reconnect
works.
http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/inet/ipf/ip_state.c#1638
check sources:
http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/inet/ipf/ip_state.c#fr_tcpstate
you can use d-script below to check if condition at line 1662 is being met.
the fix for 6531894 works as follows:
if SYN packet matches state entry, which is beyond established state,
the entry will be moved to delete queue and packet will be dropped.
the delete queue will destroy state entry within 1 sec.
assuming the SYN packet will be dropped silently (without sending RST),
the host will retransmit new SYN packet, which won't match state entry,
new state entry will be created and SYN packet will be forwarded.
what remains there is a log entry saying the first SYN packet was dropped.
regards
sasha
-------- cut port_reuse.d d-script here -------------
#!/usr/sbin/dtrace -Cs
#define TH_SYN 0x02
#define TH_OPENING 0x10|0x02 /* ACK|SYN */
#define IPF_TCPS_ESTABLISHED 4
#define is_state is_sti.tqe_state
fbt::fr_tcpstate:entry
/((tcphdr_t *)arg1)->th_flags & TH_OPENING == TH_SYN &&
((ipstate_t *)arg2)->is_state[0] > IPF_TCPS_ESTABLISHED &&
((ipstate_t *)arg2)->is_state[1] > IPF_TCPS_ESTABLISHED/
{
printf("Reusing port!!!\n");
}
--------------------------------------------------------------
2010/4/17 Paul B. Henson <[email protected]>:
> On Fri, 16 Apr 2010, Darren Reed wrote:
>
>> Please don't hassle the support folks about this, it's not their fault
>> and there's nothing they can do about it.
>>
>> If you want to bash someone's ear, the person you bought it from would
>> be appropriate.
>
> I'm not going to hassle them :), just a polite request to escalate it up
> through management. Routed top down or bottom up, it's likely going to just
> get round filed anyway 8-/.
>
> --
> Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/
> Operating Systems and Network Analyst | [email protected]
> California State Polytechnic University | Pomona CA 91768
>
