Re: TCP RESET after SACK in Kernel 2.6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

There seems to be a problem with tcp-sack and linux nat. I see the same 
behavior as Christian Schwarz (Oct16 2008). Perhaps somebody can help
to find this bug. :-)

The configuration is as follows:

A mailclient behind the firewall 
A debian based linux firewall (Linux version 2.6.18-6-686 (Debian 2.6.18.dfsg.1-22))
A mailserver outside the firewall

Both client and server support tcp sack (sackOK). When the server sends the first
packet with sack set. The firewall blocks the packet and responds with TCP-RESET.

Here is the tcpdump from the outside interface of the firewall:

13:12:12.775905 IP (tos 0x0, ttl 126, id 16499, offset 0, flags [DF], proto: TCP (6), length: 48) 193.154.214.98.13732 > 83.65.185.102.25: S, cksum 0xbb41 (correct), 62122440:62122440(0) win 65535 <mss 1460,nop,nop,sackOK>
13:12:12.802806 IP (tos 0x0, ttl  54, id 0, offset 0, flags [DF], proto: TCP (6), length: 48) 83.65.185.102.25 > 193.154.214.98.13732: S, cksum 0x27d0 (correct), 3179921238:3179921238(0) ack 62122441 win 5840 <mss 1380,nop,nop,sackOK>

Client SNATed to 193.154.214.98 connects to server 83.65.185.102.25 (with sackOK).

13:12:12.808034 IP (tos 0x0, ttl 126, id 16592, offset 0, flags [DF], proto: TCP (6), length: 40) 193.154.214.98.13732 > 83.65.185.102.25: ., cksum 0x6b14 (correct), 62122441:62122441(0) ack 3179921239 win 65535
13:12:12.842172 IP (tos 0x0, ttl  54, id 10793, offset 0, flags [DF], proto: TCP (6), length: 72) 83.65.185.102.25 > 193.154.214.98.13732: P, cksum 0x7d1c (correct), 3179921239:3179921271(32) ack 62122441 win 5840
13:12:12.843341 IP (tos 0x0, ttl 126, id 16632, offset 0, flags [DF], proto: TCP (6), length: 66) 193.154.214.98.13732 > 83.65.185.102.25: P, cksum 0xfd97 (correct), 62122441:62122467(26) ack 3179921271 win 65503
13:12:12.881607 IP (tos 0x0, ttl  54, id 10794, offset 0, flags [DF], proto: TCP (6), length: 40) 83.65.185.102.25 > 193.154.214.98.13732: ., cksum 0x540a (correct), 3179921271:3179921271(0) ack 62122467 win 5840
[...cut...]
13:12:13.120861 IP (tos 0x0, ttl  54, id 10811, offset 0, flags [DF], proto: TCP (6), length: 40) 83.65.185.102.25 > 193.154.214.98.13732: ., cksum 0x5d9a (correct), 3179921459:3179921459(0) ack 62158439 win 32767
13:12:13.120965 IP (tos 0x0, ttl  54, id 10812, offset 0, flags [DF], proto: TCP (6), length: 40) 83.65.185.102.25 > 193.154.214.98.13732: ., cksum 0x52d2 (correct), 3179921459:3179921459(0) ack 62161199 win 32767
13:12:13.120980 IP (tos 0x0, ttl 126, id 17275, offset 0, flags [DF], proto: TCP (6), length: 1420) 193.154.214.98.13732 > 83.65.185.102.25: . 62173619:62174999(1380) ack 3179921459 win 65315
13:12:13.121112 IP (tos 0x0, ttl  54, id 10813, offset 0, flags [DF], proto: TCP (6), length: 52) 83.65.185.102.25 > 193.154.214.98.13732: ., cksum 0x96a5 (correct), 3179921459:3179921459(0) ack 62162579 win 32767 <nop,nop,sack 1 {343255345:343256725}>
13:12:13.121143 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) 193.154.214.98.13732 > 83.65.185.102.25: R, cksum 0x4b37 (correct), 62162579:62162579(0) win 0

After the first packet from the outside server with "sack" set, the firewall sends a RESET packet.
This packet is sent by the firewall and not the server behind.

13:12:13.121505 IP (tos 0x0, ttl 126, id 17276, offset 0, flags [DF], proto: TCP (6), length: 1420) 193.154.214.98.13732 > 83.65.185.102.25: . 62174999:62176379(1380) ack 3179921459 win 65315
13:12:13.122908 IP (tos 0x0, ttl 126, id 17277, offset 0, flags [DF], proto: TCP (6), length: 1420) 193.154.214.98.13732 > 83.65.185.102.25: . 62176379:62177759(1380) ack 3179921459 win 65315

The client behind the firewall still tries to send its data.

13:12:13.123457 IP (tos 0x0, ttl  54, id 10814, offset 0, flags [DF], proto: TCP (6), length: 52) 83.65.185.102.25 > 193.154.214.98.13732: ., cksum 0x9141 (correct), 3179921459:3179921459(0) ack 62162579 win 32767 <nop,nop,sack 1 {343255345:343258105}>
13:12:13.123481 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) 193.154.214.98.13732 > 83.65.185.102.25: R, cksum 0x4b37 (correct), 62162579:62162579(0) win 0

Every following packet from the server includes this sock-options and the firewall responds with RESET
The connection tracking table of the firewall still includes this connection. The server seems to ignore the RESET.

13:12:13.123805 IP (tos 0x0, ttl 126, id 17278, offset 0, flags [DF], proto: TCP (6), length: 1420) 193.154.214.98.13732 > 83.65.185.102.25: . 62177759:62179139(1380) ack 3179921459 win 65315
13:12:13.124456 IP (tos 0x0, ttl 126, id 17279, offset 0, flags [DF], proto: TCP (6), length: 1420) 193.154.214.98.13732 > 83.65.185.102.25: . 62179139:62180519(1380) ack 3179921459 win 65315
13:12:13.124981 IP (tos 0x0, ttl 126, id 17280, offset 0, flags [DF], proto: TCP (6), length: 1420) 193.154.214.98.13732 > 83.65.185.102.25: . 62180519:62181899(1380) ack 3179921459 win 65315
13:12:13.125510 IP (tos 0x0, ttl 126, id 17281, offset 0, flags [DF], proto: TCP (6), length: 1420) 193.154.214.98.13732 > 83.65.185.102.25: . 62181899:62183279(1380) ack 3179921459 win 65315
13:12:13.125968 IP (tos 0x0, ttl 126, id 17282, offset 0, flags [DF], proto: TCP (6), length: 1420) 193.154.214.98.13732 > 83.65.185.102.25: . 62183279:62184659(1380) ack 3179921459 win 65315
13:12:13.126041 IP (tos 0x0, ttl  54, id 10815, offset 0, flags [DF], proto: TCP (6), length: 52) 83.65.185.102.25 > 193.154.214.98.13732: ., cksum 0x8bdd (correct), 3179921459:3179921459(0) ack 62162579 win 32767 <nop,nop,sack 1 {343255345:343259485}>
13:12:13.126058 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) 193.154.214.98.13732 > 83.65.185.102.25: R, cksum 0x4b37 (correct), 62162579:62162579(0) win 0
13:12:13.126438 IP (tos 0x0, ttl 126, id 17283, offset 0, flags [DF], proto: TCP (6), length: 1420) 193.154.214.98.13732 > 83.65.185.102.25: . 62184659:62186039(1380) ack 3179921459 win 65315
13:12:13.127802 IP (tos 0x0, ttl  54, id 10816, offset 0, flags [DF], proto: TCP (6), length: 52) 83.65.185.102.25 > 193.154.214.98.13732: ., cksum 0x8679 (correct), 3179921459:3179921459(0) ack 62162579 win 32767 <nop,nop,sack 1 {343255345:343260865}>
13:12:13.127820 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) 193.154.214.98.13732 > 83.65.185.102.25: R, cksum 0x4b37 (correct), 62162579:62162579(0) win 0
13:12:13.129372 IP (tos 0x0, ttl  54, id 10817, offset 0, flags [DF], proto: TCP (6), length: 52) 83.65.185.102.25 > 193.154.214.98.13732: ., cksum 0x8115 (correct), 3179921459:3179921459(0) ack 62162579 win 32767 <nop,nop,sack 1 {343255345:343262245}>
13:12:13.129395 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) 193.154.214.98.13732 > 83.65.185.102.25: R, cksum 0x4b37 (correct), 62162579:62162579(0) win 0
13:12:13.131483 IP (tos 0x0, ttl  54, id 10818, offset 0, flags [DF], proto: TCP (6), length: 52) 83.65.185.102.25 > 193.154.214.98.13732: ., cksum 0x7bb1 (correct), 3179921459:3179921459(0) ack 62162579 win 32767 <nop,nop,sack 1 {343255345:343263625}>
13:12:13.131509 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) 193.154.214.98.13732 > 83.65.185.102.25: R, cksum 0x4b37 (correct), 62162579:62162579(0) win 0
13:12:13.134945 IP (tos 0x0, ttl  54, id 10819, offset 0, flags [DF], proto: TCP (6), length: 52) 83.65.185.102.25 > 193.154.214.98.13732: ., cksum 0x764d (correct), 3179921459:3179921459(0) ack 62162579 win 32767 <nop,nop,sack 1 {343255345:343265005}>
13:12:13.134959 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) 193.154.214.98.13732 > 83.65.185.102.25: R, cksum 0x4b37 (correct), 62162579:62162579(0) win 0
13:12:13.817059 IP (tos 0x0, ttl 126, id 18161, offset 0, flags [DF], proto: TCP (6), length: 1420) 193.154.214.98.13732 > 83.65.185.102.25: . 62161199:62162579(1380) ack 3179921459 win 65315
13:12:15.239982 IP (tos 0x0, ttl 126, id 18919, offset 0, flags [DF], proto: TCP (6), length: 1420) 193.154.214.98.13732 > 83.65.185.102.25: . 62161199:62162579(1380) ack 3179921459 win 65315
13:12:18.082799 IP (tos 0x0, ttl 126, id 19071, offset 0, flags [DF], proto: TCP (6), length: 1420) 193.154.214.98.13732 > 83.65.185.102.25: . 62161199:62162579(1380) ack 3179921459 win 65315
[...]

thanks for reading
AlexT

--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux