[Dovecot] imap-login hanging when firewall blocks ssl handshaking

[Erik A Johnson]

At 10AM -0800 on 1/12/12 Erik A Johnson wrote:
>> Should the "#ifdef __APPLE__" remain? or would any of these tests be
>> appropriate for other platforms as well?


On 12/1/2012 at 11:07:36am PST, Ben Morrow <ben at morrow.me.uk> wrote:
> I had a go at reproducing this on FreeBSD and failed, but I don't believe we've seen a packet trace yet so I wasn't entirely sure what might provoke it. There is definitely a bug in the OS here somewhere, unless the socket never gets as far as SYN-SYN/ACK-ACK, since ENOTCONN should only be returned *before* the socket has connected successfully. An ordinary disconnected socket should simply return EOF from read, and a socket that got RST should return ECONNRESET.
> 
> Are you able to reproduce this and get a tcpdump packet trace (on the dovecot side of any firewalls)?

Attached is the output of "sudo tcpdump -i en0 -vv -A host CLIENT" run on the SERVER.

I know enough about tcpdump to be dangerous; if there is additional output that would be helpful, please let me know what options to use for tcpdump (the OS X tcpdump man page is at http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man1/tcpdump.1.html).

> Also, when this happens, does it happen straight away or is there a delay until the connection times out?

It happens straight away.

> (I don't suppose you know if the source for the OSX network stack is online anywhere? I'd be interested to see how different it is from FreeBSD's.)

Would it be somewhere at http://opensource.apple.com/release/mac-os-x-1082/ ?


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: tcpdump_output.txt
URL: <http://dovecot.org/pipermail/dovecot/attachments/20121203/8da51d0c/attachment-0004.txt>