Group: comp.os.linux.networking
From: buck
Date: Wednesday, March 26, 2008 1:40 PM
Subject: Re: SMTP timeout after DATA from

On Sun, 23 Mar 2008 21:15:01 GMT, Jack Snodgrass
wrote:
> L R SMTP Response: 220 home.example.com ESMTP Postfix
> R L TCP 51499 > smtp [ACK] Seq=1 Ack=43 Win=33304 Len=0
>TSV=1776034838 TSER=2021657217
> R L SMTP Command: EHLO que03.charter.net
> L R TCP smtp > 51499 [ACK] Seq=43 Ack=25 Win=91 Len=0
>TSV=2021657480 TSER=1776034838
> L R SMTP Response: 250-home.example.com
> R L TCP 51499 > smtp [ACK] Seq=25 Ack=186 Win=33304 Len=0
>TSV=1776034849 TSER=2021657480
> R L SMTP Command: MAIL FROM: SIZE=3430
> L R SMTP Response: 250 2.1.0 Ok
> R L SMTP Command: RCPT TO:
> L R TCP smtp > 51499 [ACK] Seq=200 Ack=102 Win=91 Len=0
>TSV=2021657770 TSER=1776034866
> L R SMTP Response: 250 2.1.5 Ok
> R L SMTP Command: DATA
> L R TCP smtp > 51499 [ACK] Seq=214 Ack=108 Win=91 Len=0
>TSV=2021657872 TSER=1776034888
> L R SMTP Response: 354 End data with .
> R L SMTP DATA fragment, 1120 bytes
> R L SMTP [TCP Previous segment lost] DATA fragment, 862 bytes
> L R TCP smtp > 51499 [ACK] Seq=251 Ack=1228 Win=126 Len=0
>TSV=2021658042 TSER=1776034898 SLE=2676 SRE=3538

This sure looks like a dropped packet to me. But the real question
is, why was it not requested again? Of course, it could be that
wireshark simply could not keep up so that's why you see this. I've
never encountered "TCP Previous segment lost" so I'm no help here. But
I believe that if the TCP/IP protocol found that it had not received
an expected packet, it would ask for it again.

Notice that the SEQ jumps from 200 to 214 but the ACK only increments
from 102 to 108. What happened to those other 8?

> L R SMTP Response: 421 4.4.2 home.example.com Error: timeout exceeded

I consider this to be strange because I would expect to see retry
attempts to get the missing packet. Whether that is the one of 1120
bytes or the one of 862 bytes is unknown, but the missing fragment
appears to me to be the root of the problem. If the complete packet
cannot be reassembled, nothing good is going to happen.

Have you altered anything in /proc/sys? Is the MTU or a frag setting
involved?

Apparently nobody in this group (including me!) has any clues for you
because several days have elapsed with no other responses. Perhaps
you should post to linuxquestions or a different group, Etc.

Where's Moe Trin when ya need him?
--
buck

Safety Articles | Usenet Groups | Usenet News | Bluegrass