Packet marked wrongly as INVALID?

Marco Innocenti <m.innocenti@xxxxxxxxx> · Thu, 1 Jul 2010 11:12:42 +0200 (MEST)

Hi,
    on a couple of production server I get routinely some packet which 
should be marked as NEW are marked as INVALID and I'm unable to 
understand why or to reproduce the problem in a testing environment.
I use distribution kernel (SUSE 2.6.16.60-0.58.1-smp and Debian 
2.6.26-2-amd64) on intel (64 bit) but I could try a recent kernel if 
need arise.

Jul  1 09:14:44 miur10 kernel: INPUT-INVALIDIN=bond0 OUT= 
MAC=00:22:19:bb:85:7b:00:0b:fc:fe:1b:01:08:00 SRC=130.186.5.204 
DST=10.253.0.11 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47760 DF PROTO=TCP 
SPT=53816 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jul  1 09:16:18 miur10 kernel: INPUT-INVALIDIN=bond0 OUT= 
MAC=00:22:19:bb:85:7b:00:0b:fc:fe:1b:01:08:00 SRC=130.186.5.204 
DST=10.253.0.11 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=13606 DF PROTO=TCP 
SPT=54446 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jul  1 09:16:34 miur10 kernel: INPUT-INVALIDIN=bond0 OUT= 
MAC=00:22:19:bb:85:7b:00:0b:fc:fe:1b:01:08:00 SRC=130.186.5.204 
DST=10.253.0.11 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=15917 DF PROTO=TCP 
SPT=54694 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jul  1 09:16:55 miur10 kernel: INPUT-INVALIDIN=bond0 OUT= 
MAC=00:22:19:bb:85:7b:00:0b:fc:fe:1b:01:08:00 SRC=130.186.5.204 
DST=10.253.0.11 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=22772 DF PROTO=TCP 
SPT=54863 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0

miur10:/ # iptables -L -n -v | head -n 4
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source 
destination
  33M   21G ACCEPT     all  --  bond1  *       0.0.0.0/0 
0.0.0.0/0
 245K   11M LOG        all  --  *      *       0.0.0.0/0 
0.0.0.0/0           state INVALID LOG flags 0 level 4 prefix 
`INPUT-INVALID'

In the attached file INVALID packets are only logged (no DROP). If I 
DROP the packet they are retrasmitted and marked again as INVALID:

Jul  1 11:03:12 miur10 kernel: INPUT-INVALIDIN=bond0 OUT= 
MAC=00:22:19:bb:85:7b:00:0b:fc:fe:1b:01:08:00 SRC=130.186.5.204 
DST=10.253.0.11 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=5926 DF PROTO=TCP 
SPT=53260 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jul  1 11:03:15 miur10 kernel: INPUT-INVALIDIN=bond0 OUT= 
MAC=00:22:19:bb:85:7b:00:0b:fc:fe:1b:01:08:00 SRC=130.186.5.204 
DST=10.253.0.11 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=5927 DF PROTO=TCP 
SPT=53260 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0

--
**********************************************************************
Marco Innocenti              Dipartimento Sistemi E Tecnologie
CINECA                       phone:+39 0516171553 / fax:+39 0516132198
Via Magnanelli 6/3           e-mail: innocenti@xxxxxxxxx
40033 Casalecchio di Reno    Bologna (Italia)
**********************************************************************
Attachment:
tcpdump.pcap.bz2

Description: application/bzip