On Wed, 22 Oct 2014, vDev wrote:
> Thanks, Jozsef. Attached is the new packet capture and trace with patch
> applied.
Thanks, now packets and conntrack states can be compared.
Up to packet 6 everything is normal. However, look at packet 7:
16:20:21.653783 IP (tos 0x0, ttl 52, id 24152, offset 0, flags [DF],
proto TCP (6), length 40)
Remote_Server.63001 > Linux_Router.1039: Flags [F.], cksum 0x567b
(correct), seq 3661860393, ack 2561327135, win 14600, length 0
This is the first FIN packet, and the kernel debug log says:
[ 376.950000] tcp_packet:
[ 376.950000] dir=1, seq=3661860393 ack=2561327135 win=14600 end=3661860394
[ 376.950000] tcp_conntracks:
[ 376.950000] syn=0 ack=1 fin=1 rst=0 old=3 new=4
The previous conntrack state is in "old=3", i.e.
TCP_CONNTRACK_ESTABLISHED. The new=4 means TCP_CONNTRACK_FIN_WAIT. However
between
[ 376.950000] tcp_packet:
[ 376.950000] dir=1, seq=3661860393 ack=2561327135 win=14600 end=3661860394
and
[ 376.950000] tcp_conntracks:
[ 376.950000] syn=0 ack=1 fin=1 rst=0 old=3 new=4
there is a missing the call to tcp_in_window()! Therefore the internal
counters of conntrack is not updated and later packets won't match the
wrong internal states.
Why the call to tcp_in_window() is missing? Looking at tcp_packet(),
there's nothing which could cause skipping it: the big switch about the
new_state does not divert the handling of TCP_CONNTRACK_FIN_WAIT.
So, what's your kernel version number? You have got the source:
please post net/netfilter/nf_conntrack_proto_tcp.c
Best regards,
Jozsef
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
