Re: blocked FIN packets

2010-12-25 Thread Jan Stary
On Dec 23 20:17:23, Jan Stary wrote: Speculation: this looks to me like an end of a valid http session: an internal clients reads a web page, and probably a few images, everything goes through, but the last FIN does not. The first SYN creates state that lets the subsequent packets through.

Re: blocked FIN packets

2010-12-25 Thread Jan Stary
All of these FINs go through, but never receive an ACK (why?). Because the other side sucks and decided to violate the TCP RFC by fast closing connections without waiting proper session shutdown to free sockets quickly and since that is not enough they even decided to not send a RST back

Re: blocked FIN packets

2010-12-23 Thread Jan Stary
On Dec 22 19:54:28, Forman, Jeffrey wrote: On Wed, Dec 22, 2010 at 5:41 PM, Jan Stary h...@stare.cz wrote: Speculation: this looks to me like an end of a valid http session: an internal clients reads a web page, and probably a few images, everything goes through, but the last FIN does

Re: blocked FIN packets

2010-12-23 Thread Daniel E. Hassler
Timing. State has probably timed out before the blocked packets are received. Log the whole conversation - both ways for both Firefox and lynx. On 12/23/10 12:47 AM, Jan Stary wrote: On Dec 22 19:54:28, Forman, Jeffrey wrote: On Wed, Dec 22, 2010 at 5:41 PM, Jan Staryh...@stare.cz wrote:

Re: blocked FIN packets

2010-12-23 Thread Brian Seklecki (Mobile)
set skip on lo set block-policy drop set timeout tcp.finwait 900 set timeout tcp.closing 900 (There also an adaptive setting based on load) Your client, if its really a mac, may have a sysctl like ...net.inet.tcp.finwait2_timeout: 6 ...

Re: blocked FIN packets

2010-12-23 Thread Jan Stary
Speculation: this looks to me like an end of a valid http session: an internal clients reads a web page, and probably a few images, everything goes through, but the last FIN does not. The first SYN creates state that lets the subsequent packets through. Doesn't the last FIN belong to the same

Re: blocked FIN packets

2010-12-23 Thread Claudio Jeker
On Thu, Dec 23, 2010 at 08:17:23PM +0100, Jan Stary wrote: Speculation: this looks to me like an end of a valid http session: an internal clients reads a web page, and probably a few images, everything goes through, but the last FIN does not. The first SYN creates state that lets the

Re: blocked FIN packets

2010-12-22 Thread Forman, Jeffrey
On Wed, Dec 22, 2010 at 5:41 PM, Jan Stary h...@stare.cz wrote: Speculation: this looks to me like an end of a valid http session: an internal clients reads a web page, and probably a few images, everything goes through, but the last FIN does not. The first SYN creates state that lets the