The log I got is listed below and the corresponding pcap file is attached. Nov 1 21:14:54 ron kernel: ftp: Conntrackinfo = 2 Nov 1 21:14:54 ron kernel: ftp: Conntrackinfo = 2 Nov 1 21:14:54 ron kernel: ftp: dataoff(60) >= skblen(60) Nov 1 21:14:54 ron kernel: ftp: dataoff(60) >= skblen(60) Nov 1 21:14:54 ron kernel: ftp: dataoff(52) >= skblen(52) Nov 1 21:14:54 ron kernel: ftp: dataoff(52) >= skblen(52)Nov 1 21:14:54 ron kernel: nf_conntrack_ftp_help: wrong seq pos (UNSET)(0) or (UNSET)(0) Nov 1 21:14:54 ron kernel: nf_conntrack_ftp_help: wrong seq pos (3267319485) or (UNSET)(0)
Nov 1 21:14:54 ron kernel: ftp: dataoff(52) >= skblen(52) Nov 1 21:14:54 ron kernel: ftp: dataoff(52) >= skblen(52)Nov 1 21:14:59 ron kernel: nf_conntrack_ftp_help: wrong seq pos (UNSET)(0) or (UNSET)(0) Nov 1 21:14:59 ron kernel: nf_conntrack_ftp_help: wrong seq pos (3733317025) or (UNSET)(0)
Nov 1 21:14:59 ron kernel: ftp: dataoff(52) >= skblen(52) Nov 1 21:14:59 ron kernel: ftp: dataoff(52) >= skblen(52) Nov 1 21:14:59 ron kernel: find_pattern `227 ': dlen = 45 Nov 1 21:14:59 ron kernel: find_pattern `229 ': dlen = 45 Nov 1 21:14:59 ron kernel: find_pattern `227 ': dlen = 45 Nov 1 21:14:59 ron kernel: find_pattern `229 ': dlen = 45 Nov 1 21:14:59 ron kernel: ftp: dataoff(52) >= skblen(52) Nov 1 21:14:59 ron kernel: ftp: dataoff(52) >= skblen(52) Nov 1 21:15:15 ron kernel: find_pattern `PORT': dlen = 7 Nov 1 21:15:15 ron kernel: find_pattern `EPRT': dlen = 7 Nov 1 21:15:15 ron kernel: find_pattern `PORT': dlen = 7 Nov 1 21:15:15 ron kernel: find_pattern `EPRT': dlen = 7 Nov 1 21:15:15 ron kernel: find_pattern `227 ': dlen = 48 Nov 1 21:15:15 ron kernel: find_pattern `229 ': dlen = 48 Nov 1 21:15:15 ron kernel: find_pattern `227 ': dlen = 48 Nov 1 21:15:15 ron kernel: find_pattern `229 ': dlen = 48 Nov 1 21:15:15 ron kernel: ftp: dataoff(52) >= skblen(52) Nov 1 21:15:15 ron kernel: ftp: dataoff(52) >= skblen(52) Nov 1 21:15:15 ron kernel: find_pattern `PORT': dlen = 6 Nov 1 21:15:15 ron kernel: find_pattern `EPRT': dlen = 6 Nov 1 21:15:15 ron kernel: find_pattern `PORT': dlen = 6 Nov 1 21:15:15 ron kernel: find_pattern `EPRT': dlen = 6 Nov 1 21:15:15 ron kernel: find_pattern `227 ': dlen = 19 Nov 1 21:15:15 ron kernel: find_pattern `229 ': dlen = 19 Nov 1 21:15:15 ron kernel: find_pattern `227 ': dlen = 19 Nov 1 21:15:15 ron kernel: find_pattern `229 ': dlen = 19 Nov 1 21:15:15 ron kernel: ftp: dataoff(52) >= skblen(52) Nov 1 21:15:15 ron kernel: ftp: dataoff(52) >= skblen(52) Nov 1 21:15:19 ron kernel: find_pattern `PORT': dlen = 27 Nov 1 21:15:19 ron kernel: Pattern matches! Nov 1 21:15:19 ron kernel: Skipped up to ` '! Nov 1 21:15:19 ron kernel: Match succeeded!Nov 1 21:15:19 ron kernel: conntrack_ftp: match `172,16,119,91,128,61' (20 bytes at 3733317043)
Nov 1 21:15:19 ron kernel: FTP_NAT: type 0, off 5 len 20 Nov 1 21:15:19 ron kernel: calling nf_nat_mangle_tcp_packetNov 1 21:15:19 ron kernel: nf_nat_mangle_packet: Extending packet by 1 from 79 bytes Nov 1 21:15:19 ron kernel: nf_nat_resize_packet: Seq_offset before: offset_before=0, offset_after=0, correction_pos=0 Nov 1 21:15:19 ron kernel: nf_nat_resize_packet: Seq_offset after: offset_before=0, offset_after=1, correction_pos=3733317038 Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3733317038->3733317038, ack from 3267319597->3267319597
Nov 1 21:15:19 ron kernel: find_pattern `PORT': dlen = 28 Nov 1 21:15:19 ron kernel: Pattern matches! Nov 1 21:15:19 ron kernel: Skipped up to ` '! Nov 1 21:15:19 ron kernel: Match succeeded!Nov 1 21:15:19 ron kernel: conntrack_ftp: match `172,16,255,123,128,61' (21 bytes at 3733317043) Nov 1 21:15:19 ron kernel: conntrack_ftp: NOT RECORDING: 172.16.255.123 != 172.16.119.91 Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3733317038->3733317038, ack from 3267319597->3267319597
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 30 Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 30Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3267319597->3267319597, ack from 3733317066->3733317065
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 30 Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 30Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3267319597->3267319597, ack from 3733317065->3733317064
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3733317065->3733317066, ack from 3267319627->3267319627
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3733317066->3733317067, ack from 3267319627->3267319627 Nov 1 21:15:19 ron kernel: nf_conntrack_ftp_help: wrong seq pos (3733317066) or (3733317065) Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3733317064->3733317065, ack from 3267319627->3267319627
Nov 1 21:15:19 ron kernel: find_pattern `PORT': dlen = 1 Nov 1 21:15:19 ron kernel: find_pattern `EPRT': dlen = 1Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3733317065->3733317066, ack from 3267319627->3267319627
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 33 Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 33Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3267319627->3267319627, ack from 3733317067->3733317066
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 33 Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 33Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3267319627->3267319627, ack from 3733317066->3733317065
Nov 1 21:15:19 ron kernel: find_pattern `PORT': dlen = 6 Nov 1 21:15:19 ron kernel: find_pattern `EPRT': dlen = 6Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3733317065->3733317066, ack from 3267319660->3267319660
Nov 1 21:15:19 ron kernel: find_pattern `PORT': dlen = 6 Nov 1 21:15:19 ron kernel: find_pattern `EPRT': dlen = 6Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3733317066->3733317067, ack from 3267319660->3267319660
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 53 Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 53Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3267319660->3267319660, ack from 3733317073->3733317072
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 53 Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 53Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3267319660->3267319660, ack from 3733317072->3733317071
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3733317071->3733317072, ack from 3267319713->3267319713
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3733317072->3733317073, ack from 3267319713->3267319713
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 24 Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 24Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3267319713->3267319713, ack from 3733317073->3733317072
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 24 Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 24Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3267319713->3267319713, ack from 3733317072->3733317071
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3733317071->3733317072, ack from 3267319737->3267319737
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)Nov 1 21:15:19 ron kernel: Adjusting sequence number from 3733317072->3733317073, ack from 3267319737->3267319737
Nov 1 21:15:23 ron kernel: find_pattern `PORT': dlen = 6 Nov 1 21:15:23 ron kernel: find_pattern `EPRT': dlen = 6Nov 1 21:15:23 ron kernel: Adjusting sequence number from 3733317071->3733317072, ack from 3267319737->3267319737
Nov 1 21:15:23 ron kernel: find_pattern `PORT': dlen = 6 Nov 1 21:15:23 ron kernel: find_pattern `EPRT': dlen = 6Nov 1 21:15:23 ron kernel: Adjusting sequence number from 3733317072->3733317073, ack from 3267319737->3267319737
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)Nov 1 21:15:23 ron kernel: Adjusting sequence number from 3733317077->3733317078, ack from 3267319737->3267319737
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)Nov 1 21:15:23 ron kernel: Adjusting sequence number from 3733317078->3733317079, ack from 3267319737->3267319737
Nov 1 21:15:23 ron kernel: find_pattern `227 ': dlen = 14 Nov 1 21:15:23 ron kernel: find_pattern `229 ': dlen = 14Nov 1 21:15:23 ron kernel: Adjusting sequence number from 3267319737->3267319737, ack from 3733317079->3733317078
Nov 1 21:15:23 ron kernel: find_pattern `227 ': dlen = 14 Nov 1 21:15:23 ron kernel: find_pattern `229 ': dlen = 14Nov 1 21:15:23 ron kernel: Adjusting sequence number from 3267319737->3267319737, ack from 3733317078->3733317077
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)Nov 1 21:15:23 ron kernel: Adjusting sequence number from 3267319751->3267319751, ack from 3733317079->3733317078
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)Nov 1 21:15:23 ron kernel: Adjusting sequence number from 3267319751->3267319751, ack from 3733317078->3733317077
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)Nov 1 21:15:23 ron kernel: Adjusting sequence number from 3267319752->3267319752, ack from 3733317080->3733317079
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)Nov 1 21:15:23 ron kernel: Adjusting sequence number from 3267319752->3267319752, ack from 3733317079->3733317078
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)Nov 1 21:15:23 ron kernel: Adjusting sequence number from 3733317077->3733317078, ack from 0->0
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)Nov 1 21:15:23 ron kernel: Adjusting sequence number from 3733317078->3733317079, ack from 0->0
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)Nov 1 21:15:23 ron kernel: Adjusting sequence number from 3733317077->3733317078, ack from 0->0
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)Nov 1 21:15:23 ron kernel: Adjusting sequence number from 3733317078->3733317079, ack from 0->0
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)Nov 1 21:15:23 ron kernel: Adjusting sequence number from 3733317078->3733317079, ack from 0->0
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)Nov 1 21:15:23 ron kernel: Adjusting sequence number from 3733317079->3733317080, ack from 0->0
ron----- Original Message ----- From: "ron lai" <ronlai@xxxxxxxxxxxxxxx>
To: "ron lai" <ronlai@xxxxxxxxxxxxxxx> Sent: Wednesday, October 31, 2007 10:07 PM Subject: Fw: Problems with nf_nat_ftp.ko and nf_conntrack_ftp.ko in 2.6.22.6
----- Original Message ----- From: "Patrick McHardy" <kaber@xxxxxxxxx>To: "Ron Lai" <ronlai@xxxxxxxxxxxxxxx> Cc: <netfilter@xxxxxxxxxxxxxxx>; "Netfilter Development Mailinglist" <netfilter-devel@xxxxxxxxxxxxxxx> Sent: Monday, October 29, 2007 5:51 AM Subject: Re: Problems with nf_nat_ftp.ko and nf_conntrack_ftp.ko in 2.6.22.6Ron Lai wrote:The packet dump from the 2.6.22.6 box in the middle is attached. In the trace 172.16.119.91 is the original IP address of the FTP client and 172.16.255.123 is the NATted address. The FTP server's address is 172.16.118.1. The problem happens between packet 31 and packet 34. Packet 31 indicates that the client expects ACK number 0x64b4dda9 for the PORT command it sends. However, the ACK number it actually gets is 0x64b4dda8.Thats really odd. It properly adjusts the sequence number in the original direction by +1, but incorrectly adjusts the acknowledgement in the reply direction by -2. I don't see how this could happen with the vanilla 2.6.22 kernel, are you using any additional patches? Otherwise please edit net/ipv4/netfilter/nf_nat_helper.c and add a #define DEBUG at the first line, recompile and post the output of the failed session (ideally two failed sessions). Thanks. - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
Attachment:
ftp_test.pcap
Description: Binary data
