Re: PATCH: "invalid SYNIN=" - a patch and a question

[Krzysztof Oledzki <ole@xxxxxx>]

On Mon, 8 Oct 2007, Jozsef Kadlecsik wrote:

> Hi Krzysztof,
>
> On Fri, 5 Oct 2007, Krzysztof Oledzki wrote:
>
> > --- example #1 begin ---
> [...]
> > 21:44:59.870913 IP (tos 0x0, ttl 1, id 42334, offset 0, flags [DF], proto TCP
> > (6), length 52) 192.168.150.12.38485 > 192.168.50.21.80: F, cksum 0x0d2f
> > (correct), 3235585700:3235585700(0) ack 2584050074 win 54 <nop,nop,timestamp
> > 1812577946 32205200>
> > 21:44:59.870998 IP (tos 0x0, ttl 128, id 13216, offset 0, flags [DF], proto
> > TCP (6), length 52) 192.168.50.21.80 > 192.168.150.12.38485: ., cksum 0x10d7
> > (correct), ack 3235585701 win 64652 <nop,nop,timestamp 32205201 1812577946>
> >
> > 21:45:03.379006 IP (tos 0x0, ttl 1, id 63436, offset 0, flags [DF], proto TCP
> > (6), length 60) 192.168.150.12.38485 > 192.168.50.21.80: S, cksum 0x4896
> > (correct), 2494249856:2494249856(0) win 5840 <mss 1460,sackOK,timestamp
> > 1812581452 0,nop,wscale 7>
> >
> > Oct  5 21:45:03 fw1 kernel: nf_ct_tcp: invalid SYNIN= OUT= SRC=192.168.150.12
> > DST=192.168.50.21 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63436 DF PROTO=TCP
> > SPT=38485 DPT=80 SEQ=2494249856 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT
> > (020405B40402080A6C09CC4C0000000001030307) UID=451
>
> The last sequence number ACK-ed by the server is 3235585701. The ISN sent
> by the client at reopening is 2494249856, which is not after the largest
> sequence number used in the previous session.
>
> > --- example #1 begin ---
> [...]
> > 21:44:12.943021 IP (tos 0x0, ttl 1, id 34940, offset 0, flags [DF], proto TCP
> > (6), length 52) 192.168.150.13.60522 > 192.168.50.61.80: F, cksum 0x5072
> > (correct), 3536556182:3536556182(0) ack 2820416277 win 54 <nop,nop,timestamp
> > 1812531018 32197611>
> > 21:44:12.943142 IP (tos 0x0, ttl 128, id 32770, offset 0, flags [none], proto
> > TCP (6), length 52) 192.168.50.61.80 > 192.168.150.13.60522: ., cksum 0x5037
> > (correct), ack 3536556183 win 65534 <nop,nop,timestamp 32197725 1812531018>
> >
> > 21:44:21.462090 IP (tos 0x0, ttl 1, id 60902, offset 0, flags [DF], proto TCP
> > (6), length 60) 192.168.150.13.60522 > 192.168.50.61.80: S, cksum 0xcef7
> > (correct), 3521103209:3521103209(0) win 5840 <mss 1460,sackOK,timestamp
> > 1812539535 0,nop,wscale 7>
>
> And the same here: largest seq is 3536556183, but the ISN is 3521103209.
>
> It seems to me conntack is just right.

So? This bug is in Linux IP stack, as it should not reopen this port or 
reopen using a different SEQ, right? It seems I should go to a different 
ML. :|

Best regards,

					Krzysztof Olędzki