Home page logo
/

nanog logo nanog mailing list archives

Re: MySQL Madness
From: William Herrin <bill () herrin us>
Date: Fri, 29 Apr 2011 00:31:29 -0400

On Thu, Apr 28, 2011 at 11:40 PM, Joe Renwick <joe () gonetforward com> wrote:
 3: 21:49:13.462210 74.81.76.195.3306 > 8.25.42.100.32929: P
2601320300:2601320363(63) ack 4107544001 win 46 <nop,nop,timestamp
2581054349 2065216038>

Packet "1" is Syn from MySQL client to Server
Packet "2" is Syn/Ack from Server
Packet "3" is a TCP Push!  ??? HERE IS WHERE I AM CONFUSED
Packet "4" is the Ack from the client completing the 3-way hand shake.

My firewall is dropping packet "3" as it is not happy there is a push going
on before it sees the completed handshake.  Anybody run across this?  Is the
a MySQL option for a faster connection?


A) That push appears to be the first data packet containing MySQL's
connection banner.

B) This would be an OS TCP implementation issue. MySQL has a socket as
of when the syn/ack is queued. It has no control over when the OS
decides it can begin to transmit the data MySQL writes to that socket.


I'm guessing the OS is trying to optimize TCP performance by skipping
the syn-received state and going straight to established. I'm not sure
whether or not the RFCs allow that.


Specifically is the "tcp-3whs-failed" rule that is
being offended.  I cannot seem to figure out a way to turn this off?

If you figure it out, I'd be interested to learn what you found.

Regards,
Bill Herrin



-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault