Re: TCP LAST ACK incorrectly treated as invalid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 22 Oct 2014, vDev wrote:

> Thanks, Jozsef. Attached is the new packet capture and trace with patch 
> applied.

Thanks, now packets and conntrack states can be compared.

Up to packet 6 everything is normal. However, look at packet 7:

16:20:21.653783 IP (tos 0x0, ttl 52, id 24152, offset 0, flags [DF],
    proto TCP (6), length 40)
    Remote_Server.63001 > Linux_Router.1039: Flags [F.], cksum 0x567b 
    (correct), seq 3661860393, ack 2561327135, win 14600, length 0

This is the first FIN packet, and the kernel debug log says:

[  376.950000] tcp_packet: 
[  376.950000] dir=1, seq=3661860393 ack=2561327135 win=14600 end=3661860394
[  376.950000] tcp_conntracks: 
[  376.950000] syn=0 ack=1 fin=1 rst=0 old=3 new=4

The previous conntrack state is in "old=3", i.e. 
TCP_CONNTRACK_ESTABLISHED. The new=4 means TCP_CONNTRACK_FIN_WAIT. However 
between

[  376.950000] tcp_packet:
[  376.950000] dir=1, seq=3661860393 ack=2561327135 win=14600 end=3661860394

and

[  376.950000] tcp_conntracks:
[  376.950000] syn=0 ack=1 fin=1 rst=0 old=3 new=4

there is a missing the call to tcp_in_window()! Therefore the internal 
counters of conntrack is not updated and later packets won't match the 
wrong internal states.

Why the call to tcp_in_window() is missing? Looking at tcp_packet(), 
there's nothing which could cause skipping it: the big switch about the 
new_state does not divert the handling of TCP_CONNTRACK_FIN_WAIT.

So, what's your kernel version number? You have got the source:
please post net/netfilter/nf_conntrack_proto_tcp.c

Best regards,
Jozsef
-
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux