Re: PATCH: "invalid SYNIN=" - a patch and a question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 4 Oct 2007, Jozsef Kadlecsik wrote:


On Thu, 4 Oct 2007, Patrick McHardy wrote:


Right, I didn't express myself correctly. What I meant to say is that
skb_network_offset is always 0 while we're inside the IP(v6) layer.


Then what I sent is a NOOP, I'm sorry for the noise.

Krzysztof, could you send us tcpdump recording as Patrick suggested?


Si.

--- example #1 begin ---
Connections from 192.168.150.12:38485

21:44:59.822546 IP (tos 0x0, ttl 1, id 42330, offset 0, flags [DF], proto TCP (6), length 60) 192.168.150.12.38485 > 192.168.50.21.80: S, cksum 0x4a98 (correct), 3235584816:3235584816(0) win 5840 <mss 1460,sackOK,timestamp 1812577898 0,nop,wscale 7>
21:44:59.822643 IP (tos 0x0, ttl 128, id 13168, offset 0, flags [none], proto TCP (6), length 64) 192.168.50.21.80 > 192.168.150.12.38485: S, cksum 0x272e (correct), 2584049816:2584049816(0) ack 3235584817 win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
21:44:59.822677 IP (tos 0x0, ttl 1, id 42331, offset 0, flags [DF], proto TCP (6), length 52) 192.168.150.12.38485 > 192.168.50.21.80: ., cksum 0x7d57 (correct), ack 2584049817 win 46 <nop,nop,timestamp 1812577898 0>
21:44:59.822703 IP (tos 0x0, ttl 1, id 42332, offset 0, flags [DF], proto TCP (6), length 935) 192.168.150.12.38485 > 192.168.50.21.80: P 3235584817:3235585700(883) ack 2584049817 win 46 <nop,nop,timestamp 1812577898 0>
21:44:59.822992 IP (tos 0x0, ttl 128, id 13169, offset 0, flags [DF], proto TCP (6), length 308) 192.168.50.21.80 > 192.168.150.12.38485: FP 2584049817:2584050073(256) ack 3235585700 win 64652 <nop,nop,timestamp 32205200 1812577898>
21:44:59.862142 IP (tos 0x0, ttl 1, id 42333, offset 0, flags [DF], proto TCP (6), length 52) 192.168.150.12.38485 > 192.168.50.21.80: ., cksum 0x0d38 (correct), ack 2584050074 win 54 <nop,nop,timestamp 1812577938 32205200>
21:44:59.870913 IP (tos 0x0, ttl 1, id 42334, offset 0, flags [DF], proto TCP (6), length 52) 192.168.150.12.38485 > 192.168.50.21.80: F, cksum 0x0d2f (correct), 3235585700:3235585700(0) ack 2584050074 win 54 <nop,nop,timestamp 1812577946 32205200>
21:44:59.870998 IP (tos 0x0, ttl 128, id 13216, offset 0, flags [DF], proto TCP (6), length 52) 192.168.50.21.80 > 192.168.150.12.38485: ., cksum 0x10d7 (correct), ack 3235585701 win 64652 <nop,nop,timestamp 32205201 1812577946>

21:45:03.379006 IP (tos 0x0, ttl 1, id 63436, offset 0, flags [DF], proto TCP (6), length 60) 192.168.150.12.38485 > 192.168.50.21.80: S, cksum 0x4896 (correct), 2494249856:2494249856(0) win 5840 <mss 1460,sackOK,timestamp 1812581452 0,nop,wscale 7>
21:45:06.380974 IP (tos 0x0, ttl 1, id 63437, offset 0, flags [DF], proto TCP (6), length 60) 192.168.150.12.38485 > 192.168.50.21.80: S, cksum 0x3cdc (correct), 2494249856:2494249856(0) win 5840 <mss 1460,sackOK,timestamp 1812584454 0,nop,wscale 7>

Oct  5 21:45:03 fw1 kernel: nf_ct_tcp: invalid SYNIN= OUT= SRC=192.168.150.12 DST=192.168.50.21 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63436 DF PROTO=TCP SPT=38485 DPT=80 SEQ=2494249856 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A6C09CC4C0000000001030307) UID=451
Oct  5 21:45:06 fw1 kernel: nf_ct_tcp: invalid SYNIN= OUT= SRC=192.168.150.12 DST=192.168.50.21 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63437 DF PROTO=TCP SPT=38485 DPT=80 SEQ=2494249856 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A6C09D8060000000001030307) UID=451
--- example #1 end ---

--- example #1 begin ---
Connections from 192.168.150.13:60522

21:39:44.134429 IP (tos 0x0, ttl 1, id 49813, offset 0, flags [DF], proto TCP (6), length 60) 192.168.150.13.60522 > 192.168.50.51.80: S, cksum 0x3234 (correct), 1066479575:1066479575(0) win 5840 <mss 1460,sackOK,timestamp 1812262210 0,nop,wscale 7>
21:39:44.134526 IP (tos 0x0, ttl 128, id 29436, offset 0, flags [none], proto TCP (6), length 64) 192.168.50.51.80 > 192.168.150.13.60522: S, cksum 0xda9c (correct), 2447238080:2447238080(0) ack 1066479576 win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
21:39:44.134559 IP (tos 0x0, ttl 1, id 49814, offset 0, flags [DF], proto TCP (6), length 52) 192.168.150.13.60522 > 192.168.50.51.80: ., cksum 0x01f3 (correct), ack 2447238081 win 46 <nop,nop,timestamp 1812262210 0>
21:39:44.134585 IP (tos 0x0, ttl 1, id 49815, offset 0, flags [DF], proto TCP (6), length 475) 192.168.150.13.60522 > 192.168.50.51.80: P 1066479576:1066479999(423) ack 2447238081 win 46 <nop,nop,timestamp 1812262210 0>
21:39:44.134826 IP (tos 0x0, ttl 128, id 29437, offset 0, flags [DF], proto TCP (6), length 164) 192.168.50.51.80 > 192.168.150.13.60522: FP 2447238081:2447238193(112) ack 1066479999 win 65112 <nop,nop,timestamp 12462265 1812262210>
21:39:44.152045 IP (tos 0x0, ttl 1, id 49816, offset 0, flags [DF], proto TCP (6), length 52) 192.168.150.13.60522 > 192.168.50.51.80: F, cksum 0xd651 (correct), 1066479999:1066479999(0) ack 2447238194 win 46 <nop,nop,timestamp 1812262227 12462265>
21:39:44.152247 IP (tos 0x0, ttl 128, id 29444, offset 0, flags [DF], proto TCP (6), length 52) 192.168.50.51.80 > 192.168.150.13.60522: ., cksum 0xd826 (correct), ack 1066480000 win 65112 <nop,nop,timestamp 12462265 1812262227>

21:44:12.884700 IP (tos 0x0, ttl 1, id 34935, offset 0, flags [DF], proto TCP (6), length 60) 192.168.150.13.60522 > 192.168.50.61.80: S, cksum 0x258d (correct), 3536555879:3536555879(0) win 5840 <mss 1460,sackOK,timestamp 1812530960 0,nop,wscale 7>
21:44:12.884856 IP (tos 0x0, ttl 128, id 7132, offset 0, flags [none], proto TCP (6), length 64) 192.168.50.61.80 > 192.168.150.13.60522: S, cksum 0x93b0 (correct), 2820415897:2820415897(0) ack 3536555880 win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
21:44:12.884889 IP (tos 0x0, ttl 1, id 34936, offset 0, flags [DF], proto TCP (6), length 52) 192.168.150.13.60522 > 192.168.50.61.80: ., cksum 0xa134 (correct), ack 2820415898 win 46 <nop,nop,timestamp 1812530960 0>
21:44:12.884914 IP (tos 0x0, ttl 1, id 34937, offset 0, flags [DF], proto TCP (6), length 354) 192.168.150.13.60522 > 192.168.50.61.80: P 3536555880:3536556182(302) ack 2820415898 win 46 <nop,nop,timestamp 1812530960 0>
21:44:12.885855 IP (tos 0x0, ttl 128, id 32768, offset 0, flags [none], proto TCP (6), length 430) 192.168.50.61.80 > 192.168.150.13.60522: P 2820415898:2820416276(378) ack 3536556182 win 65535 <nop,nop,timestamp 32197611 1812530960>
21:44:12.885880 IP (tos 0x0, ttl 1, id 34938, offset 0, flags [DF], proto TCP (6), length 52) 192.168.150.13.60522 > 192.168.50.61.80: ., cksum 0x50ad (correct), ack 2820416276 win 54 <nop,nop,timestamp 1812530961 32197611>
21:44:12.885888 IP (tos 0x0, ttl 128, id 32769, offset 0, flags [none], proto TCP (6), length 52) 192.168.50.61.80 > 192.168.150.13.60522: F, cksum 0x50e3 (correct), 2820416276:2820416276(0) ack 3536556182 win 65535 <nop,nop,timestamp 32197611 1812530960>
21:44:12.925141 IP (tos 0x0, ttl 1, id 34939, offset 0, flags [DF], proto TCP (6), length 52) 192.168.150.13.60522 > 192.168.50.61.80: ., cksum 0x5084 (correct), ack 2820416277 win 54 <nop,nop,timestamp 1812531001 32197611>
21:44:12.943021 IP (tos 0x0, ttl 1, id 34940, offset 0, flags [DF], proto TCP (6), length 52) 192.168.150.13.60522 > 192.168.50.61.80: F, cksum 0x5072 (correct), 3536556182:3536556182(0) ack 2820416277 win 54 <nop,nop,timestamp 1812531018 32197611>
21:44:12.943142 IP (tos 0x0, ttl 128, id 32770, offset 0, flags [none], proto TCP (6), length 52) 192.168.50.61.80 > 192.168.150.13.60522: ., cksum 0x5037 (correct), ack 3536556183 win 65534 <nop,nop,timestamp 32197725 1812531018>

21:44:21.462090 IP (tos 0x0, ttl 1, id 60902, offset 0, flags [DF], proto TCP (6), length 60) 192.168.150.13.60522 > 192.168.50.61.80: S, cksum 0xcef7 (correct), 3521103209:3521103209(0) win 5840 <mss 1460,sackOK,timestamp 1812539535 0,nop,wscale 7>
21:44:24.461155 IP (tos 0x0, ttl 1, id 60903, offset 0, flags [DF], proto TCP (6), length 60) 192.168.150.13.60522 > 192.168.50.61.80: S, cksum 0xc33d (correct), 3521103209:3521103209(0) win 5840 <mss 1460,sackOK,timestamp 1812542537 0,nop,wscale 7>

Oct  5 21:44:21 fw1 kernel: nf_ct_tcp: invalid SYNIN= OUT= SRC=192.168.150.13 DST=192.168.50.61 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=60902 DF PROTO=TCP SPT=60522 DPT=80 SEQ=3521103209 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A6C09288F0000000001030307) UID=451
--- example #2 end---
Please let me know if you need more tcpdumps, etc. If that may help I can also provide "conntrack -E" output. 


Adding '#define DEBUG' to the front of nf_conntrack_proto_tcp.c could help
a lot too, as we could see what conntrack thinks about the packets.
This has to wait one week - I do not want to do it remotely. I will do it ASAP when I come back from Greece. 

Thank you.

Best regards,

				Krzysztof Olędzki
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux