Re: PATCH: "invalid SYNIN=" - a patch and a question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Mon, 8 Oct 2007, Patrick McHardy wrote:

Jozsef Kadlecsik wrote:
Hi Krzysztof,

--- example #1 begin ---

[...]

The last sequence number ACK-ed by the server is 3235585701. The ISN sent
by the client at reopening is 2494249856, which is not after the largest
sequence number used in the previous session.


--- example #1 begin ---

[...]


And the same here: largest seq is 3536556183, but the ISN is 3521103209.

It seems to me conntack is just right.


thats true, but I'm wondering, is there any benefit in being
strict about this? The chances of accidentally reopening an
old connection are a lot smaller than breaking things as in
this case. Or maybe we could add PAWS checks, although that
would increase the conntrack size by another 8 bytes.

Krzysztof, does the problem disappear if you use something
like 30 s for the TIME_WAIT timeout?

No, as a delay between a new and an old happens to be <30s, for example:

* ~4s:
21:44:59.870913 IP (tos 0x0, ttl 1, id 42334, offset 0, flags [DF], proto TCP (6), length 52) 192.168.150.12.38485 > 192.168.50.21.80: F, cksum 0x0d2f (correct), 3235585700:3235585700(0) ack 2584050074 win 54 <nop,nop,timestamp 1812577946 32205200>
21:44:59.870998 IP (tos 0x0, ttl 128, id 13216, offset 0, flags [DF], proto TCP (6), length 52) 192.168.50.21.80 > 192.168.150.12.38485: ., cksum 0x10d7 (correct), ack 3235585701 win 64652 <nop,nop,timestamp 32205201 1812577946>

21:45:03.379006 IP (tos 0x0, ttl 1, id 63436, offset 0, flags [DF], proto TCP (6), length 60) 192.168.150.12.38485 > 192.168.50.21.80: S, cksum 0x4896 (correct), 2494249856:2494249856(0) win 5840 <mss 1460,sackOK,timestamp 1812581452 0,nop,wscale 7>

* ~28s:

21:39:44.152045 IP (tos 0x0, ttl 1, id 49816, offset 0, flags [DF], proto TCP (6), length 52) 192.168.150.13.60522 > 192.168.50.51.80: F, cksum 0xd651 (correct), 1066479999:1066479999(0) ack 2447238194 win 46 <nop,nop,timestamp 1812262227 12462265>
21:39:44.152247 IP (tos 0x0, ttl 128, id 29444, offset 0, flags [DF], proto TCP (6), length 52) 192.168.50.51.80 > 192.168.150.13.60522: ., cksum 0xd826 (correct), ack 1066480000 win 65112 <nop,nop,timestamp 12462265 1812262227>

21:44:12.884700 IP (tos 0x0, ttl 1, id 34935, offset 0, flags [DF], proto TCP (6), length 60) 192.168.150.13.60522 > 192.168.50.61.80: S, cksum 0x258d (correct), 3536555879:3536555879(0) win 5840 <mss 1460,sackOK,timestamp 1812530960 0,nop,wscale 7>


Best regards,


				Krzysztof Olędzki

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux