On Tue, 9 Oct 2007, Jozsef Kadlecsik wrote:
On Mon, 8 Oct 2007, Krzysztof Oledzki wrote:
What is the exact kernel version of this machine?
It is 2.6.22.6 exactly. AFAIK there is a new "tcp source port randomization"
code included in 2.6.21 or 2.6.22. Maybe it is somehow related? Or maybe it
only make the problem easier to trigger?
I have downloaded and installed 2.6.22.6 and couldn't reproduce it. Have
you got any non-default networking setting (like tcp_tw_reuse enabled)?
No:
net.ipv4.tcp_tw_reuse = 0
Or, maybe, some special networking kernel option (TCP MD5 sigs, for
example)?
No:
zcat /proc/config.gz |grep MD5S
# CONFIG_TCP_MD5SIG is not set
Could you please instruct me what to do exactly to reproduce
the problem?
--- cut here ---
sysctl net.ipv4.ip_local_port_range="50000 50003"
sysctl net.netfilter.nf_conntrack_log_invalid=255
while true ; do echo -ne "HEAD / HTTP/1.0\r\nHost: www.wp.pl\r\n\r\n"|nc wp.pl 80 ; sleep 1 ; done
--- cut here ---
It takes a few seconds to generate a lot of "SEQ is under the lower bound"
and "ACK is under the lower bound" and finally "invalid SYNIN=".
In my original configuration ip_local_port_range is much, much bigger but
there are >> 100 new connections per second initiated.
Thank you.
Best regards,
Krzysztof Olędzki
