Re: PATCH: "invalid SYNIN=" - a patch and a question

[Krzysztof Oledzki <ole@xxxxxx>]

On Mon, 8 Oct 2007, Patrick McHardy wrote:

> Jozsef Kadlecsik wrote:
> > Hi Krzysztof,
> >
> > > --- example #1 begin ---
> >
> > [...]
> >
> > The last sequence number ACK-ed by the server is 3235585701. The ISN sent
> > by the client at reopening is 2494249856, which is not after the largest
> > sequence number used in the previous session.
> >
> >
> > > --- example #1 begin ---
> >
> > [...]
> >
> >
> > And the same here: largest seq is 3536556183, but the ISN is 3521103209.
> >
> > It seems to me conntack is just right.
>
>
> thats true, but I'm wondering, is there any benefit in being
> strict about this? The chances of accidentally reopening an
> old connection are a lot smaller than breaking things as in
> this case. Or maybe we could add PAWS checks, although that
> would increase the conntrack size by another 8 bytes.
>
> Krzysztof, does the problem disappear if you use something
> like 30 s for the TIME_WAIT timeout?

No, as a delay between a new and an old happens to be <30s, for example:

* ~4s:
21:44:59.870913 IP (tos 0x0, ttl 1, id 42334, offset 0, flags [DF], proto TCP (6), length 52) 192.168.150.12.38485 > 192.168.50.21.80: F, cksum 0x0d2f (correct), 3235585700:3235585700(0) ack 2584050074 win 54 <nop,nop,timestamp 1812577946 32205200>
21:44:59.870998 IP (tos 0x0, ttl 128, id 13216, offset 0, flags [DF], proto TCP (6), length 52) 192.168.50.21.80 > 192.168.150.12.38485: ., cksum 0x10d7 (correct), ack 3235585701 win 64652 <nop,nop,timestamp 32205201 1812577946>

21:45:03.379006 IP (tos 0x0, ttl 1, id 63436, offset 0, flags [DF], proto TCP (6), length 60) 192.168.150.12.38485 > 192.168.50.21.80: S, cksum 0x4896 (correct), 2494249856:2494249856(0) win 5840 <mss 1460,sackOK,timestamp 1812581452 0,nop,wscale 7>

* ~28s:

21:39:44.152045 IP (tos 0x0, ttl 1, id 49816, offset 0, flags [DF], proto TCP (6), length 52) 192.168.150.13.60522 > 192.168.50.51.80: F, cksum 0xd651 (correct), 1066479999:1066479999(0) ack 2447238194 win 46 <nop,nop,timestamp 1812262227 12462265>
21:39:44.152247 IP (tos 0x0, ttl 128, id 29444, offset 0, flags [DF], proto TCP (6), length 52) 192.168.50.51.80 > 192.168.150.13.60522: ., cksum 0xd826 (correct), ack 1066480000 win 65112 <nop,nop,timestamp 12462265 1812262227>

21:44:12.884700 IP (tos 0x0, ttl 1, id 34935, offset 0, flags [DF], proto TCP (6), length 60) 192.168.150.13.60522 > 192.168.50.61.80: S, cksum 0x258d (correct), 3536555879:3536555879(0) win 5840 <mss 1460,sackOK,timestamp 1812530960 0,nop,wscale 7>


Best regards,


				Krzysztof Olędzki