Re: TCP LAST ACK incorrectly treated as invalid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yes! I believe a piece of code that is machine dependent stole the
packet and thereby got things messed up in conntrack. A rebuild seems
to have taken care of the issue. Thanks for taking a look at this. The
kernel version is 2.6.35. Again, thanks!



On Thu, Oct 23, 2014 at 3:04 AM, Jozsef Kadlecsik
<kadlec@xxxxxxxxxxxxxxxxx> wrote:
> On Wed, 22 Oct 2014, vDev wrote:
>
>> Thanks, Jozsef. Attached is the new packet capture and trace with patch
>> applied.
>
> Thanks, now packets and conntrack states can be compared.
>
> Up to packet 6 everything is normal. However, look at packet 7:
>
> 16:20:21.653783 IP (tos 0x0, ttl 52, id 24152, offset 0, flags [DF],
>     proto TCP (6), length 40)
>     Remote_Server.63001 > Linux_Router.1039: Flags [F.], cksum 0x567b
>     (correct), seq 3661860393, ack 2561327135, win 14600, length 0
>
> This is the first FIN packet, and the kernel debug log says:
>
> [  376.950000] tcp_packet:
> [  376.950000] dir=1, seq=3661860393 ack=2561327135 win=14600 end=3661860394
> [  376.950000] tcp_conntracks:
> [  376.950000] syn=0 ack=1 fin=1 rst=0 old=3 new=4
>
> The previous conntrack state is in "old=3", i.e.
> TCP_CONNTRACK_ESTABLISHED. The new=4 means TCP_CONNTRACK_FIN_WAIT. However
> between
>
> [  376.950000] tcp_packet:
> [  376.950000] dir=1, seq=3661860393 ack=2561327135 win=14600 end=3661860394
>
> and
>
> [  376.950000] tcp_conntracks:
> [  376.950000] syn=0 ack=1 fin=1 rst=0 old=3 new=4
>
> there is a missing the call to tcp_in_window()! Therefore the internal
> counters of conntrack is not updated and later packets won't match the
> wrong internal states.
>
> Why the call to tcp_in_window() is missing? Looking at tcp_packet(),
> there's nothing which could cause skipping it: the big switch about the
> new_state does not divert the handling of TCP_CONNTRACK_FIN_WAIT.
>
> So, what's your kernel version number? You have got the source:
> please post net/netfilter/nf_conntrack_proto_tcp.c
>
> Best regards,
> Jozsef
> -
> E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
>           H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux