[OmniOS-discuss] strangeness ssh into omnios from oi_151a9
Lauri Tirkkonen
lotheac at iki.fi
Mon Sep 28 14:42:00 UTC 2015
On Mon, Sep 28 2015 16:20:03 +0200, Richard PALO wrote:
> Le 28/09/15 15:46, Lauri Tirkkonen a écrit :
> > On Mon, Sep 28 2015 08:21:46 -0400, Dan McDonald wrote:
> >>
> >>> On Sep 28, 2015, at 8:15 AM, Dan McDonald <danmcd at omniti.com> wrote:
> >>>
> >>> If 5850 is indeed the problem, you need to report this to the
> >>> illumos developers list, including a deterministic way of
> >>> reproducing it.
> >>
> >> I see you filed bug 6264, which is a good first step. Please make
> >> sure you summarize the how-to-reproduce in it.
> >>
> >> I also wonder if you patch your oi_151a9 box with 5850, AND keep 5850
> >> on your OmniOS machine, whether or not this problem ALSO goes away.
> >> After all, this fix specifically targets machines that drop
> >> timestamps...
> >
> > If my analysis is correct (see the mail I sent to this thread
> > previously), then applying 5850 to the oi_151a9 box will cause the issue
> > to disappear -- both peers will then ignore the injected window change
> > segment because it has no timestamps. Of course, it's possible that the
> > middlebox won't like being ignored and might cause other failures (it
> > could still inject RSTs, for example, since those are not required to
> > have timestamps).
> >
>
> If I experienced the issue, chances a great anybody else with oi_151a9 have it
> as well in France as the OI machine is connected to an Orange (previously known
> as France Télécom) Business Services SDSL router and the Omnios box to a Freebox (Free Télécom).
>
> Any hint on how to determine which box is doing it (or both)?
> If not, if I can ssh into someplace that is able to check...
> perhaps even an ftp session?
Well, seeing how we only know that neither peer is actually sending the
non-timestamped segment, it could be any box along the path - I'd start
with examining your routers. It's hard to say what exactly will trigger
a repro without knowing what the middlebox is trying to accomplish by
injecting this segment, but it might be beneficial to try to get a repro
with a simple echo server or something like that, and then try to
isolate the issue by trying different connection paths. You could also
talk to your providers.
It's unfortunate that this manifests in a regression like this, but it's
a product of the previous incorrect behavior, an obnoxious middlebox
doing unsanitary things, and us (illumos-gate) trying to do the right
thing by following the RFC.
--
Lauri Tirkkonen | lotheac @ IRCnet
More information about the OmniOS-discuss
mailing list