Is this a TFO where the endpoint is on cerowrt, or just a SYN+DATA for a non cerowrt destination? I was looking at the firewall rules, and they are pretty complicated. Perhaps the SYN+DATA triggers a strange firewall behavior (a loop?) SYN's are special to firewalls, as we know. -----Original Message----- From: "Maciej Soltysiak" Sent: Friday, January 4, 2013 3:43pm To: "Dave Taht" , "Ketan Kulkarni" Cc: "Jerry Chu" , "Eric Dumazet" , cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] TFO crashes cerowrt 3.7.1-1 Oops, apologies if email was formatted weirdly... On Fri, Jan 4, 2013 at 9:42 PM, Maciej Soltysiak <[mailto:maciej@soltysiak.com] maciej@soltysiak.com> wrote: I am seeing something strange here, with polipo related to TFO but also DNS. When I just took 3.7.1-1 and set my windows 7 laptop to use gw.home.lan:8123 as http proxy it didn't work. What I observed was: A) after quite a while polipo's response to browser was 504 Host [http://www.osnews.com] www.osnews.com lookup failed: Timeout b) this error in ssh console: Host [http://osnews.com] osnews.com lookup failed: Timeout (131072) c) Disabling TFO by adding option useTCPFastOpen 'false' to config 'polipo' 'general' works around the problem d) Alternatively, you can keep TFO enabled in polipo but change option 'dnsUseGethostbyname' from 'reluctantly' to 'true' (!) This is very weird, because TFO is TCP and the DNS queries fired off by polipo are UDP: [mailto:root@OpenWrt:/tmp/log#] root@OpenWrt:/tmp/log# tcpdump -n -v -vv -vvv -x -X -s 1500 -i lo 20:21:56.160245 IP (tos 0x0, ttl 64, id 50129, offset 0, flags [DF], proto UDP (17), length 60) 127.0.0.1.47304 > 127.0.0.1.53: [bad udp cksum 0xfe3b -> 0xd17f!] 55396+ A? [http://www.osnews.com/] www.osnews.com. (32) 0x0000: 4500 003c c3d1 4000 4011 78dd 7f00 0001 E..<[mailto:..@.@.x] ..@.@.x..... 0x0010: 7f00 0001 b8c8 0035 0028 fe3b d864 0100 .......5.(.;.d.. 0x0020: 0001 0000 0000 0000 0377 7777 066f 736e .........www.osn 0x0030: 6577 7303 636f 6d00 0001 0001 ews.com..... 20:21:56.160319 IP (tos 0x0, ttl 64, id 50130, offset 0, flags [DF], proto UDP (17), length 60) 127.0.0.1.47304 > 127.0.0.1.53: [bad udp cksum 0xfe3b -> 0xd164!] 55396+ AAAA? [http://www.osnews.com/] www.osnews.com. (32) 0x0000: 4500 003c c3d2 4000 4011 78dc 7f00 0001 E..<[mailto:..@.@.x] ..@.@.x..... 0x0010: 7f00 0001 b8c8 0035 0028 fe3b d864 0100 .......5.(.;.d.. 0x0020: 0001 0000 0000 0000 0377 7777 066f 736e .........www.osn 0x0030: 6577 7303 636f 6d00 001c 0001 ews.com..... 20:21:56.169942 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 123) 127.0.0.1.53 > 127.0.0.1.47304: [bad udp cksum 0xfe7a -> 0x5f73!] 55396 q: A? [http://www.osnews.com/] www.osnews.com. 1/2/0 [http://www.osnews.com/] www.osnews.com. [29m3s] A 74.86.31.159 ns: [http://osnews.com] osnews.com. [29m3s] NS [http://ns2.swelter.net] ns2.swelter.net., [http://osnews.com] osnews.com. [29m3s] NS [http://ns1.swelter.net] ns1.swelter.net. (95) 0x0000: 4500 007b 0000 4000 4011 3c70 7f00 0001 [mailto:E..%7B..@.@.%3Cp] E..{..@.@. 127.0.0.1.47304: [bad udp cksum 0xfe86 -> 0x8ecb!] 55396 q: AAAA? [http://www.osnews.com/] www.osnews.com. 1/2/0 [http://www.osnews.com/] www.osnews.com. [54m44s] AAAA 2607:f0d0:1002:62::3 ns: [http://osnews.com] osnews.com. [29m3s] NS [http://ns1.swelter.net] ns1.swelter.net., [http://osnews.com] osnews.com. [29m3s] NS [http://ns2.swelter.net] ns2.swelter.net. (107) 0x0000: 4500 0087 0000 4000 4011 3c64 7f00 0001 [mailto:E.....@.@.%3Cd] E.....@.@. wrote: On Fri, Jan 4, 2013 at 9:27 AM, Eric Dumazet <[mailto:edumazet@google.com] edumazet@google.com> wrote: > Sorry, could you give us a copy of the panic stack trace ? I will get a serial console up on a wndr3800 by sunday. (sorry, just landed in california, am in disarray) The latest dev build of cero for the wndr3800 and wndr3700v2 is at: [http://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/3.7.1-1/] http://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/3.7.1-1/ -- Dave Täht Fixing bufferbloat with cerowrt: [http://www.teklibre.com/cerowrt/subscribe.html] http://www.teklibre.com/cerowrt/subscribe.html _______________________________________________ Cerowrt-devel mailing list [mailto:Cerowrt-devel@lists.bufferbloat.net] Cerowrt-devel@lists.bufferbloat.net [https://lists.bufferbloat.net/listinfo/cerowrt-devel] https://lists.bufferbloat.net/listinfo/cerowrt-devel