Re: PATCH: "invalid SYNIN=" - a patch and a question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Krzysztof,

On Fri, 5 Oct 2007, Krzysztof Oledzki wrote:

> --- example #1 begin ---
[...]
> 21:44:59.870913 IP (tos 0x0, ttl 1, id 42334, offset 0, flags [DF], proto TCP
> (6), length 52) 192.168.150.12.38485 > 192.168.50.21.80: F, cksum 0x0d2f
> (correct), 3235585700:3235585700(0) ack 2584050074 win 54 <nop,nop,timestamp
> 1812577946 32205200>
> 21:44:59.870998 IP (tos 0x0, ttl 128, id 13216, offset 0, flags [DF], proto
> TCP (6), length 52) 192.168.50.21.80 > 192.168.150.12.38485: ., cksum 0x10d7
> (correct), ack 3235585701 win 64652 <nop,nop,timestamp 32205201 1812577946>
> 
> 21:45:03.379006 IP (tos 0x0, ttl 1, id 63436, offset 0, flags [DF], proto TCP
> (6), length 60) 192.168.150.12.38485 > 192.168.50.21.80: S, cksum 0x4896
> (correct), 2494249856:2494249856(0) win 5840 <mss 1460,sackOK,timestamp
> 1812581452 0,nop,wscale 7>
> 
> Oct  5 21:45:03 fw1 kernel: nf_ct_tcp: invalid SYNIN= OUT= SRC=192.168.150.12
> DST=192.168.50.21 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63436 DF PROTO=TCP
> SPT=38485 DPT=80 SEQ=2494249856 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT
> (020405B40402080A6C09CC4C0000000001030307) UID=451

The last sequence number ACK-ed by the server is 3235585701. The ISN sent 
by the client at reopening is 2494249856, which is not after the largest
sequence number used in the previous session.

> --- example #1 begin ---
[...]
> 21:44:12.943021 IP (tos 0x0, ttl 1, id 34940, offset 0, flags [DF], proto TCP
> (6), length 52) 192.168.150.13.60522 > 192.168.50.61.80: F, cksum 0x5072
> (correct), 3536556182:3536556182(0) ack 2820416277 win 54 <nop,nop,timestamp
> 1812531018 32197611>
> 21:44:12.943142 IP (tos 0x0, ttl 128, id 32770, offset 0, flags [none], proto
> TCP (6), length 52) 192.168.50.61.80 > 192.168.150.13.60522: ., cksum 0x5037
> (correct), ack 3536556183 win 65534 <nop,nop,timestamp 32197725 1812531018>
> 
> 21:44:21.462090 IP (tos 0x0, ttl 1, id 60902, offset 0, flags [DF], proto TCP
> (6), length 60) 192.168.150.13.60522 > 192.168.50.61.80: S, cksum 0xcef7
> (correct), 3521103209:3521103209(0) win 5840 <mss 1460,sackOK,timestamp
> 1812539535 0,nop,wscale 7>

And the same here: largest seq is 3536556183, but the ISN is 3521103209.

It seems to me conntack is just right.

Best regards,
Jozsef
-
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux