|
On my Mandrake 9.0 box (2.4.19-38 kernel), a few
times an hour I see TCP packets after the end of a TCP session, which
result in log/drops in iptables. I ran ethereal to capture one such
session, and found that in this instance I seem to be the party at fault - but I
have no idea why or what to do...
66.35.250.206, a sourceforge.net box, connects
to my mail server to deliver an e-mail, as follows:
sourceforge: [SYN]
me: [SYN, ACK]
sourceforge: [ACK]
[SMTP conversation ensues, switches to TLS, sends
me an e-mail. at the end..]
me: [RST]
sourceforge: [FIN, ACK]
me: [RST]
me: [RST]
Since I'd already RST the connection, the [FIN,
ACK] was of course treated as un-ESTABLISHED, and so was logged and
dropped.
But what could cause me to be sending three RSTs at
the end of a conversation instead of a FIN? Could that be a sendmail
problem (I'm running 8.12.10), a kernel problem, something else? The whole
conversation took 5 seconds, so there are no timeouts occurring...
Jay Levitt
|
