|
I investigated a bit further and that's what I found:
Where did you tcpdump?
1. phone sends SYN packet to proxy;
Means (from previous email context):
Phone --> GRE tunnel --> netwap --> fwmark --> LVS --> proxy
How many devices are we talking about including Phone and proxy?
2. proxy responds with SYN,ACK;
3. phone sends ACK;
Beautiful, if this goes through LVS, it's already a big step towards a
correctly working LVS.
4. phone sends HTTP GET request;
5. proxy ACKs packet 4;
Only ACK? No data?
6. proxy sends HTTP data packet;
7. proxy sends another HTTP data packet;
8. proxy sends FIN packet;
weird things starts here
9. phone once more sends ACK packet acknowledging packet 2 (duplicate
of packet 3);
Does the proxy have SACK/FACK support enabled?
10. and one more dupe of packet 3;
11.-14. proxy repeats packet 6. 4 times.
It has to. Is ECN enabled?
The problem is that LVS does not pass packets 11. to 14. to phone. Why?
Because packet 8 was FIN and LVS is not stateful with regard to TCP
sessions and retransmits.
In case of DNAT packets 11.-14. are passed to phone which at the end
acknowledges packets 6. and 7. and then acknowledges packet 8. thus
closing TCP connection.
Here I don't follow your statements, sorry.
Regards,
Roberto Nibali, ratz
--
echo
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
| 