ipv4 connection problems

Peter Avalos pavalos at theshell.com
Thu Mar 10 06:29:12 PST 2005 

On Sat, Mar 05, 2005 at 10:16:06PM -0700, Peter Avalos wrote:
> On Sat, Mar 05, 2005 at 06:37:48PM -0800, Matthew Dillon wrote:
> > 
> > :Over the past few weeks I've been having a problem with Apache not
> > :responding to port it's listening on.  After some investigation, I
> > :was able to determine that it was only happening on ipv4.  IPv6 was
> > :working just fine.  If I restarted the server, everything would be fine
> > :for about an hour or so (depending on traffic), and then it would
> > :start up again.  I figured this was an Apache problem, since it was
> > :only happening with my web server.
> > :
> > :Today, I was stressing out my ftp server (the vanilla base version),
> > :and I saw that it was doing the same thing my web server was doing:
> > :
> > :box:~% telnet -4 theshell.com 21
> > :Trying 209.200.146.2...
> > :telnet: connect to address 209.200.146.2: Operation timed out
> > :telnet: Unable to connect to remote host
> > :
> > :And without doing anything...
> > :
> > :box:~% telnet -4 theshell.com 21
> > :Trying 209.200.146.2...
> > :Connected to theshell.com.
> > :Escape character is '^]'.
> > :220 box.theshell.com FTP server (Version 6.00LS) ready.
> > :quit
> > :221 Goodbye.
> > :Connection closed by foreign host.
> > :
> > :Note:  This is not a network connectivity issue since those telnets
> > :are on the same box (box is 209.200.146.2).
> > :
> > :Again, ipv6 seems to work just fine.  Other than this, I don't really
> > :know what other information I can provide that can help in finding
> > :where the problem is.  Any thoughts?
> > :
> > :Peter
> > 
> >     You need to do a bit more investigation.  Use tcpdump on the server
> >     to see if the machine is even *receiving* the connection attempt that
> >     is timing out on you, and check that your Apache has not hit its 
> >     programmed simultanious connection limit, controlled by its config
> >     file (there's an apachectl command that will do that).
> > 
> 
> In the above test I was connecting to the ftp port on the machine.  I'm
> confident this has nothing to do with Apache now.  I'll have to see
> about running tcpdump and see what's going on.  I was assuming that since
> I was running telnet directly from the box that the server is running,
> it's not a network connectivity problem.  I have a feeling that the socket
> is not getting the connection attempts for some reason.  I'm curious if
> anyone else is seeing this behavior.
> 
> Peter

Here's a tcpdump output of a 'telnet 0 80':

07:21:41.872244 IP (tos 0x10, ttl  64, id 43935, offset 0, flags [none], length: 64) 209.200.146.2.3828 > 209.200.146.2.80: S [tcp sum ok] 4209775517:4209775517(0) win 57344 <mss 16344,nop,wscale 0,nop,nop,sackOK,nop,nop,timestamp 251468000 0>
07:21:44.868076 IP (tos 0x10, ttl  64, id 45093, offset 0, flags [none], length: 64) 209.200.146.2.3828 > 209.200.146.2.80: S [tcp sum ok] 4209775517:4209775517(0) win 57344 <mss 16344,nop,wscale 0,nop,nop,sackOK,nop,nop,timestamp 251468300 0>
07:21:48.068122 IP (tos 0x10, ttl  64, id 46299, offset 0, flags [none], length: 64) 209.200.146.2.3828 > 209.200.146.2.80: S [tcp sum ok] 4209775517:4209775517(0) win 57344 <mss 16344,nop,wscale 0,nop,nop,sackOK,nop,nop,timestamp 251468620 0>
07:21:51.268172 IP (tos 0x10, ttl  64, id 47481, offset 0, flags [none], length: 48) 209.200.146.2.3828 > 209.200.146.2.80: S [tcp sum ok] 4209775517:4209775517(0) win 57344 <mss 16344,nop,nop,sackOK>
07:21:54.468226 IP (tos 0x10, ttl  64, id 48667, offset 0, flags [none], length: 48) 209.200.146.2.3828 > 209.200.146.2.80: S [tcp sum ok] 4209775517:4209775517(0) win 57344 <mss 16344,nop,nop,sackOK>
07:21:57.668273 IP (tos 0x10, ttl  64, id 49811, offset 0, flags [none], length: 48) 209.200.146.2.3828 > 209.200.146.2.80: S [tcp sum ok] 4209775517:4209775517(0) win 57344 <mss 16344,nop,nop,sackOK>
07:22:03.868365 IP (tos 0x10, ttl  64, id 52138, offset 0, flags [none], length: 48) 209.200.146.2.3828 > 209.200.146.2.80: S [tcp sum ok] 4209775517:4209775517(0) win 57344 <mss 16344,nop,nop,sackOK>
07:22:16.068553 IP (tos 0x10, ttl  64, id 56963, offset 0, flags [none], length: 48) 209.200.146.2.3828 > 209.200.146.2.80: S [tcp sum ok] 4209775517:4209775517(0) win 57344 <mss 16344,nop,nop,sackOK>
07:22:40.268914 IP (tos 0x10, ttl  64, id 64387, offset 0, flags [none], length: 48) 209.200.146.2.3828 > 209.200.146.2.80: S [tcp sum ok] 4209775517:4209775517(0) win 57344 <mss 16344,nop,nop,sackOK>

Hopefully that means something.

sockstat | grep httpd:

www      httpd      91658 3  tcp4   209.200.146.2:80      *:*
www      httpd      91658 4  tcp6   2001:4830:2130::1:80  *:*
www      httpd      91640 3  tcp4   209.200.146.2:80      *:*
www      httpd      91640 4  tcp6   2001:4830:2130::1:80  *:*
www      httpd      91563 3  tcp4   209.200.146.2:80      *:*
www      httpd      91563 4  tcp6   2001:4830:2130::1:80  *:*
www      httpd      91477 3  tcp4   209.200.146.2:80      *:*
www      httpd      91477 4  tcp6   2001:4830:2130::1:80  *:*
www      httpd      91477 47 tcp4   209.200.146.2:80      67.173.210.133:1504
www      httpd      91474 3  tcp4   209.200.146.2:80      *:*
www      httpd      91474 4  tcp6   2001:4830:2130::1:80  *:*
www      httpd      91398 3  tcp4   209.200.146.2:80      *:*
www      httpd      91398 4  tcp6   2001:4830:2130::1:80  *:*
www      httpd      91388 3  tcp4   209.200.146.2:80      *:*
www      httpd      91388 4  tcp6   2001:4830:2130::1:80  *:*
www      httpd      91370 3  tcp4   209.200.146.2:80      *:*
www      httpd      91370 4  tcp6   2001:4830:2130::1:80  *:*
www      httpd      91370 47 tcp4   209.200.146.2:80      65.247.90.59:35332
www      httpd      91369 3  tcp4   209.200.146.2:80      *:*
www      httpd      91369 4  tcp6   2001:4830:2130::1:80  *:*
www      httpd      91365 3  tcp4   209.200.146.2:80      *:*
www      httpd      91365 4  tcp6   2001:4830:2130::1:80  *:*
www      httpd      91126 3  tcp4   209.200.146.2:80      *:*
www      httpd      91126 4  tcp6   2001:4830:2130::1:80  *:*
www      httpd      91126 47 tcp4   209.200.146.2:80      202.134.244.220:3589
www      httpd      91116 3  tcp4   209.200.146.2:80      *:*
www      httpd      91116 4  tcp6   2001:4830:2130::1:80  *:*
www      httpd      90808 3  tcp4   209.200.146.2:80      *:*
www      httpd      90808 4  tcp6   2001:4830:2130::1:80  *:*
www      httpd      90808 47 tcp4   209.200.146.2:80      212.117.224.50:31728
root     httpd      43531 3  tcp4   209.200.146.2:80      *:*
root     httpd      43531 4  tcp6   2001:4830:2130::1:80  *:*

And immediately after the first telnet that failed:

07:27:26.690268 IP (tos 0x10, ttl  64, id 39344, offset 0, flags [none], length: 64) 209.200.146.2.3837 > 209.200.146.2.80: S [tcp sum ok] 3035751191:3035751191(0) win 57344 <mss 16344,nop,wscale 0,nop,nop,sackOK,nop,nop,timestamp 251502468 0>
07:27:26.690313 IP (tos 0x0, ttl  64, id 39345, offset 0, flags [none], length: 64) 209.200.146.2.80 > 209.200.146.2.3837: S [tcp sum ok] 3527180342:3527180342(0) ack 3035751192 win 57344 <mss 16344,nop,wscale 0,nop,nop,timestamp 251502468 251502468,nop,nop,sackOK>
07:27:26.690340 IP (tos 0x10, ttl  64, id 39346, offset 0, flags [none], length: 52) 209.200.146.2.3837 > 209.200.146.2.80: . [tcp sum ok] 1:1(0) ack 1 win 57344 <nop,nop,timestamp 251502468 251502468>
07:27:28.526883 IP (tos 0x10, ttl  64, id 40180, offset 0, flags [none], length: 58) 209.200.146.2.3837 > 209.200.146.2.80: P [tcp sum ok] 1:7(6) ack 1 win 57344 <nop,nop,timestamp 251502652 251502468>
07:27:28.527404 IP (tos 0x0, ttl  64, id 40181, offset 0, flags [none], length: 268) 209.200.146.2.80 > 209.200.146.2.3837: P 1:217(216) ack 7 win 57344 <nop,nop,timestamp 251502652 251502652>
07:27:28.527531 IP (tos 0x0, ttl  64, id 40182, offset 0, flags [none], length: 52) 209.200.146.2.80 > 209.200.146.2.3837: F [tcp sum ok] 217:217(0) ack 7 win 57344 <nop,nop,timestamp 251502652 251502652>
07:27:28.527539 IP (tos 0x10, ttl  64, id 40183, offset 0, flags [none], length: 52) 209.200.146.2.3837 > 209.200.146.2.80: . [tcp sum ok] 7:7(0) ack 218 win 57344 <nop,nop,timestamp 251502652 251502652>
07:27:28.527711 IP (tos 0x10, ttl  64, id 40184, offset 0, flags [none], length: 52) 209.200.146.2.3837 > 209.200.146.2.80: F [tcp sum ok] 7:7(0) ack 218 win 57344 <nop,nop,timestamp 251502652 251502652>
07:27:28.527721 IP (tos 0x0, ttl  64, id 40185, offset 0, flags [none], length: 52) 209.200.146.2.80 > 209.200.146.2.3837: . [tcp sum ok] 218:218(0) ack 8 win 57344 <nop,nop,timestamp 251502652 251502652>

Obviously that one went through.

Any ideas?

Peter
Attachment:
pgp00002.pgp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00002.pgp
Type: application/octet-stream
Size: 187 bytes
Desc: "Description: PGP signature"
URL: <http://lists.dragonflybsd.org/pipermail/bugs/attachments/20050310/456a4884/attachment-0022.obj>

More information about the Bugs mailing list