From: "Ron Lai" <ronlai@cs.stanford.edu>
To: Patrick McHardy <kaber@trash.net>
Cc: netfilter@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: Fw: Problems with nf_nat_ftp.ko and nf_conntrack_ftp.ko in 2.6.22.6
Date: Thu, 1 Nov 2007 14:16:02 -0700 [thread overview]
Message-ID: <001601c81ccc$682bb4a0$bb0b10ac@FireEye.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 12428 bytes --]
The log I got is listed below and the corresponding pcap file is attached.
Nov 1 21:14:54 ron kernel: ftp: Conntrackinfo = 2
Nov 1 21:14:54 ron kernel: ftp: Conntrackinfo = 2
Nov 1 21:14:54 ron kernel: ftp: dataoff(60) >= skblen(60)
Nov 1 21:14:54 ron kernel: ftp: dataoff(60) >= skblen(60)
Nov 1 21:14:54 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:14:54 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:14:54 ron kernel: nf_conntrack_ftp_help: wrong seq pos (UNSET)(0)
or (UNSET)(0)
Nov 1 21:14:54 ron kernel: nf_conntrack_ftp_help: wrong seq pos
(3267319485) or (UNSET)(0)
Nov 1 21:14:54 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:14:54 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:14:59 ron kernel: nf_conntrack_ftp_help: wrong seq pos (UNSET)(0)
or (UNSET)(0)
Nov 1 21:14:59 ron kernel: nf_conntrack_ftp_help: wrong seq pos
(3733317025) or (UNSET)(0)
Nov 1 21:14:59 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:14:59 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:14:59 ron kernel: find_pattern `227 ': dlen = 45
Nov 1 21:14:59 ron kernel: find_pattern `229 ': dlen = 45
Nov 1 21:14:59 ron kernel: find_pattern `227 ': dlen = 45
Nov 1 21:14:59 ron kernel: find_pattern `229 ': dlen = 45
Nov 1 21:14:59 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:14:59 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:15 ron kernel: find_pattern `PORT': dlen = 7
Nov 1 21:15:15 ron kernel: find_pattern `EPRT': dlen = 7
Nov 1 21:15:15 ron kernel: find_pattern `PORT': dlen = 7
Nov 1 21:15:15 ron kernel: find_pattern `EPRT': dlen = 7
Nov 1 21:15:15 ron kernel: find_pattern `227 ': dlen = 48
Nov 1 21:15:15 ron kernel: find_pattern `229 ': dlen = 48
Nov 1 21:15:15 ron kernel: find_pattern `227 ': dlen = 48
Nov 1 21:15:15 ron kernel: find_pattern `229 ': dlen = 48
Nov 1 21:15:15 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:15 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:15 ron kernel: find_pattern `PORT': dlen = 6
Nov 1 21:15:15 ron kernel: find_pattern `EPRT': dlen = 6
Nov 1 21:15:15 ron kernel: find_pattern `PORT': dlen = 6
Nov 1 21:15:15 ron kernel: find_pattern `EPRT': dlen = 6
Nov 1 21:15:15 ron kernel: find_pattern `227 ': dlen = 19
Nov 1 21:15:15 ron kernel: find_pattern `229 ': dlen = 19
Nov 1 21:15:15 ron kernel: find_pattern `227 ': dlen = 19
Nov 1 21:15:15 ron kernel: find_pattern `229 ': dlen = 19
Nov 1 21:15:15 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:15 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:19 ron kernel: find_pattern `PORT': dlen = 27
Nov 1 21:15:19 ron kernel: Pattern matches!
Nov 1 21:15:19 ron kernel: Skipped up to ` '!
Nov 1 21:15:19 ron kernel: Match succeeded!
Nov 1 21:15:19 ron kernel: conntrack_ftp: match `172,16,119,91,128,61' (20
bytes at 3733317043)
Nov 1 21:15:19 ron kernel: FTP_NAT: type 0, off 5 len 20
Nov 1 21:15:19 ron kernel: calling nf_nat_mangle_tcp_packet
Nov 1 21:15:19 ron kernel: nf_nat_mangle_packet: Extending packet by 1 from
79 bytes
Nov 1 21:15:19 ron kernel: nf_nat_resize_packet: Seq_offset before:
offset_before=0, offset_after=0, correction_pos=0
Nov 1 21:15:19 ron kernel: nf_nat_resize_packet: Seq_offset after:
offset_before=0, offset_after=1, correction_pos=3733317038
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317038->3733317038, ack from 3267319597->3267319597
Nov 1 21:15:19 ron kernel: find_pattern `PORT': dlen = 28
Nov 1 21:15:19 ron kernel: Pattern matches!
Nov 1 21:15:19 ron kernel: Skipped up to ` '!
Nov 1 21:15:19 ron kernel: Match succeeded!
Nov 1 21:15:19 ron kernel: conntrack_ftp: match `172,16,255,123,128,61' (21
bytes at 3733317043)
Nov 1 21:15:19 ron kernel: conntrack_ftp: NOT RECORDING: 172.16.255.123 !=
172.16.119.91
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317038->3733317038, ack from 3267319597->3267319597
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 30
Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 30
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3267319597->3267319597, ack from 3733317066->3733317065
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 30
Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 30
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3267319597->3267319597, ack from 3733317065->3733317064
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317065->3733317066, ack from 3267319627->3267319627
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317066->3733317067, ack from 3267319627->3267319627
Nov 1 21:15:19 ron kernel: nf_conntrack_ftp_help: wrong seq pos
(3733317066) or (3733317065)
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317064->3733317065, ack from 3267319627->3267319627
Nov 1 21:15:19 ron kernel: find_pattern `PORT': dlen = 1
Nov 1 21:15:19 ron kernel: find_pattern `EPRT': dlen = 1
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317065->3733317066, ack from 3267319627->3267319627
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 33
Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 33
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3267319627->3267319627, ack from 3733317067->3733317066
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 33
Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 33
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3267319627->3267319627, ack from 3733317066->3733317065
Nov 1 21:15:19 ron kernel: find_pattern `PORT': dlen = 6
Nov 1 21:15:19 ron kernel: find_pattern `EPRT': dlen = 6
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317065->3733317066, ack from 3267319660->3267319660
Nov 1 21:15:19 ron kernel: find_pattern `PORT': dlen = 6
Nov 1 21:15:19 ron kernel: find_pattern `EPRT': dlen = 6
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317066->3733317067, ack from 3267319660->3267319660
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 53
Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 53
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3267319660->3267319660, ack from 3733317073->3733317072
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 53
Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 53
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3267319660->3267319660, ack from 3733317072->3733317071
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317071->3733317072, ack from 3267319713->3267319713
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317072->3733317073, ack from 3267319713->3267319713
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 24
Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 24
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3267319713->3267319713, ack from 3733317073->3733317072
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 24
Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 24
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3267319713->3267319713, ack from 3733317072->3733317071
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317071->3733317072, ack from 3267319737->3267319737
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317072->3733317073, ack from 3267319737->3267319737
Nov 1 21:15:23 ron kernel: find_pattern `PORT': dlen = 6
Nov 1 21:15:23 ron kernel: find_pattern `EPRT': dlen = 6
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317071->3733317072, ack from 3267319737->3267319737
Nov 1 21:15:23 ron kernel: find_pattern `PORT': dlen = 6
Nov 1 21:15:23 ron kernel: find_pattern `EPRT': dlen = 6
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317072->3733317073, ack from 3267319737->3267319737
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317077->3733317078, ack from 3267319737->3267319737
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317078->3733317079, ack from 3267319737->3267319737
Nov 1 21:15:23 ron kernel: find_pattern `227 ': dlen = 14
Nov 1 21:15:23 ron kernel: find_pattern `229 ': dlen = 14
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3267319737->3267319737, ack from 3733317079->3733317078
Nov 1 21:15:23 ron kernel: find_pattern `227 ': dlen = 14
Nov 1 21:15:23 ron kernel: find_pattern `229 ': dlen = 14
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3267319737->3267319737, ack from 3733317078->3733317077
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3267319751->3267319751, ack from 3733317079->3733317078
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3267319751->3267319751, ack from 3733317078->3733317077
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3267319752->3267319752, ack from 3733317080->3733317079
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3267319752->3267319752, ack from 3733317079->3733317078
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317077->3733317078, ack from 0->0
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317078->3733317079, ack from 0->0
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317077->3733317078, ack from 0->0
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317078->3733317079, ack from 0->0
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317078->3733317079, ack from 0->0
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317079->3733317080, ack from 0->0
ron
----- Original Message -----
From: "ron lai" <ronlai@cs.stanford.edu>
To: "ron lai" <ronlai@cs.stanford.edu>
Sent: Wednesday, October 31, 2007 10:07 PM
Subject: Fw: Problems with nf_nat_ftp.ko and nf_conntrack_ftp.ko in 2.6.22.6
>
> ----- Original Message -----
> From: "Patrick McHardy" <kaber@trash.net>
> To: "Ron Lai" <ronlai@cs.stanford.edu>
> Cc: <netfilter@vger.kernel.org>; "Netfilter Development Mailinglist"
> <netfilter-devel@vger.kernel.org>
> Sent: Monday, October 29, 2007 5:51 AM
> Subject: Re: Problems with nf_nat_ftp.ko and nf_conntrack_ftp.ko in
> 2.6.22.6
>
>
>> Ron Lai wrote:
>>> The packet dump from the 2.6.22.6 box in the middle is attached. In the
>>> trace 172.16.119.91 is the original IP address of the FTP client and
>>> 172.16.255.123 is the NATted address. The FTP server's address is
>>> 172.16.118.1.
>>>
>>> The problem happens between packet 31 and packet 34. Packet 31 indicates
>>> that the client expects ACK number 0x64b4dda9 for the PORT command it
>>> sends. However, the ACK number it actually gets is 0x64b4dda8.
>>
>>
>> Thats really odd. It properly adjusts the sequence number in the
>> original direction by +1, but incorrectly adjusts the acknowledgement
>> in the reply direction by -2. I don't see how this could happen with
>> the vanilla 2.6.22 kernel, are you using any additional patches?
>>
>> Otherwise please edit net/ipv4/netfilter/nf_nat_helper.c and add
>> a #define DEBUG at the first line, recompile and post the output
>> of the failed session (ideally two failed sessions). Thanks.
>>
>> -
>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
[-- Attachment #2: ftp_test.pcap --]
[-- Type: application/octet-stream, Size: 7199 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: "Ron Lai" <ronlai@cs.stanford.edu>
To: "Patrick McHardy" <kaber@trash.net>
Cc: <netfilter@vger.kernel.org>, <netfilter-devel@vger.kernel.org>
Subject: Fw: Problems with nf_nat_ftp.ko and nf_conntrack_ftp.ko in 2.6.22.6
Date: Thu, 1 Nov 2007 14:16:02 -0700 [thread overview]
Message-ID: <001601c81ccc$682bb4a0$bb0b10ac@FireEye.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 12428 bytes --]
The log I got is listed below and the corresponding pcap file is attached.
Nov 1 21:14:54 ron kernel: ftp: Conntrackinfo = 2
Nov 1 21:14:54 ron kernel: ftp: Conntrackinfo = 2
Nov 1 21:14:54 ron kernel: ftp: dataoff(60) >= skblen(60)
Nov 1 21:14:54 ron kernel: ftp: dataoff(60) >= skblen(60)
Nov 1 21:14:54 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:14:54 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:14:54 ron kernel: nf_conntrack_ftp_help: wrong seq pos (UNSET)(0)
or (UNSET)(0)
Nov 1 21:14:54 ron kernel: nf_conntrack_ftp_help: wrong seq pos
(3267319485) or (UNSET)(0)
Nov 1 21:14:54 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:14:54 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:14:59 ron kernel: nf_conntrack_ftp_help: wrong seq pos (UNSET)(0)
or (UNSET)(0)
Nov 1 21:14:59 ron kernel: nf_conntrack_ftp_help: wrong seq pos
(3733317025) or (UNSET)(0)
Nov 1 21:14:59 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:14:59 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:14:59 ron kernel: find_pattern `227 ': dlen = 45
Nov 1 21:14:59 ron kernel: find_pattern `229 ': dlen = 45
Nov 1 21:14:59 ron kernel: find_pattern `227 ': dlen = 45
Nov 1 21:14:59 ron kernel: find_pattern `229 ': dlen = 45
Nov 1 21:14:59 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:14:59 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:15 ron kernel: find_pattern `PORT': dlen = 7
Nov 1 21:15:15 ron kernel: find_pattern `EPRT': dlen = 7
Nov 1 21:15:15 ron kernel: find_pattern `PORT': dlen = 7
Nov 1 21:15:15 ron kernel: find_pattern `EPRT': dlen = 7
Nov 1 21:15:15 ron kernel: find_pattern `227 ': dlen = 48
Nov 1 21:15:15 ron kernel: find_pattern `229 ': dlen = 48
Nov 1 21:15:15 ron kernel: find_pattern `227 ': dlen = 48
Nov 1 21:15:15 ron kernel: find_pattern `229 ': dlen = 48
Nov 1 21:15:15 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:15 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:15 ron kernel: find_pattern `PORT': dlen = 6
Nov 1 21:15:15 ron kernel: find_pattern `EPRT': dlen = 6
Nov 1 21:15:15 ron kernel: find_pattern `PORT': dlen = 6
Nov 1 21:15:15 ron kernel: find_pattern `EPRT': dlen = 6
Nov 1 21:15:15 ron kernel: find_pattern `227 ': dlen = 19
Nov 1 21:15:15 ron kernel: find_pattern `229 ': dlen = 19
Nov 1 21:15:15 ron kernel: find_pattern `227 ': dlen = 19
Nov 1 21:15:15 ron kernel: find_pattern `229 ': dlen = 19
Nov 1 21:15:15 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:15 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:19 ron kernel: find_pattern `PORT': dlen = 27
Nov 1 21:15:19 ron kernel: Pattern matches!
Nov 1 21:15:19 ron kernel: Skipped up to ` '!
Nov 1 21:15:19 ron kernel: Match succeeded!
Nov 1 21:15:19 ron kernel: conntrack_ftp: match `172,16,119,91,128,61' (20
bytes at 3733317043)
Nov 1 21:15:19 ron kernel: FTP_NAT: type 0, off 5 len 20
Nov 1 21:15:19 ron kernel: calling nf_nat_mangle_tcp_packet
Nov 1 21:15:19 ron kernel: nf_nat_mangle_packet: Extending packet by 1 from
79 bytes
Nov 1 21:15:19 ron kernel: nf_nat_resize_packet: Seq_offset before:
offset_before=0, offset_after=0, correction_pos=0
Nov 1 21:15:19 ron kernel: nf_nat_resize_packet: Seq_offset after:
offset_before=0, offset_after=1, correction_pos=3733317038
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317038->3733317038, ack from 3267319597->3267319597
Nov 1 21:15:19 ron kernel: find_pattern `PORT': dlen = 28
Nov 1 21:15:19 ron kernel: Pattern matches!
Nov 1 21:15:19 ron kernel: Skipped up to ` '!
Nov 1 21:15:19 ron kernel: Match succeeded!
Nov 1 21:15:19 ron kernel: conntrack_ftp: match `172,16,255,123,128,61' (21
bytes at 3733317043)
Nov 1 21:15:19 ron kernel: conntrack_ftp: NOT RECORDING: 172.16.255.123 !=
172.16.119.91
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317038->3733317038, ack from 3267319597->3267319597
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 30
Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 30
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3267319597->3267319597, ack from 3733317066->3733317065
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 30
Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 30
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3267319597->3267319597, ack from 3733317065->3733317064
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317065->3733317066, ack from 3267319627->3267319627
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317066->3733317067, ack from 3267319627->3267319627
Nov 1 21:15:19 ron kernel: nf_conntrack_ftp_help: wrong seq pos
(3733317066) or (3733317065)
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317064->3733317065, ack from 3267319627->3267319627
Nov 1 21:15:19 ron kernel: find_pattern `PORT': dlen = 1
Nov 1 21:15:19 ron kernel: find_pattern `EPRT': dlen = 1
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317065->3733317066, ack from 3267319627->3267319627
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 33
Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 33
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3267319627->3267319627, ack from 3733317067->3733317066
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 33
Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 33
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3267319627->3267319627, ack from 3733317066->3733317065
Nov 1 21:15:19 ron kernel: find_pattern `PORT': dlen = 6
Nov 1 21:15:19 ron kernel: find_pattern `EPRT': dlen = 6
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317065->3733317066, ack from 3267319660->3267319660
Nov 1 21:15:19 ron kernel: find_pattern `PORT': dlen = 6
Nov 1 21:15:19 ron kernel: find_pattern `EPRT': dlen = 6
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317066->3733317067, ack from 3267319660->3267319660
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 53
Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 53
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3267319660->3267319660, ack from 3733317073->3733317072
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 53
Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 53
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3267319660->3267319660, ack from 3733317072->3733317071
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317071->3733317072, ack from 3267319713->3267319713
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317072->3733317073, ack from 3267319713->3267319713
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 24
Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 24
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3267319713->3267319713, ack from 3733317073->3733317072
Nov 1 21:15:19 ron kernel: find_pattern `227 ': dlen = 24
Nov 1 21:15:19 ron kernel: find_pattern `229 ': dlen = 24
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3267319713->3267319713, ack from 3733317072->3733317071
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317071->3733317072, ack from 3267319737->3267319737
Nov 1 21:15:19 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:19 ron kernel: Adjusting sequence number from
3733317072->3733317073, ack from 3267319737->3267319737
Nov 1 21:15:23 ron kernel: find_pattern `PORT': dlen = 6
Nov 1 21:15:23 ron kernel: find_pattern `EPRT': dlen = 6
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317071->3733317072, ack from 3267319737->3267319737
Nov 1 21:15:23 ron kernel: find_pattern `PORT': dlen = 6
Nov 1 21:15:23 ron kernel: find_pattern `EPRT': dlen = 6
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317072->3733317073, ack from 3267319737->3267319737
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317077->3733317078, ack from 3267319737->3267319737
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317078->3733317079, ack from 3267319737->3267319737
Nov 1 21:15:23 ron kernel: find_pattern `227 ': dlen = 14
Nov 1 21:15:23 ron kernel: find_pattern `229 ': dlen = 14
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3267319737->3267319737, ack from 3733317079->3733317078
Nov 1 21:15:23 ron kernel: find_pattern `227 ': dlen = 14
Nov 1 21:15:23 ron kernel: find_pattern `229 ': dlen = 14
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3267319737->3267319737, ack from 3733317078->3733317077
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3267319751->3267319751, ack from 3733317079->3733317078
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3267319751->3267319751, ack from 3733317078->3733317077
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3267319752->3267319752, ack from 3733317080->3733317079
Nov 1 21:15:23 ron kernel: ftp: dataoff(52) >= skblen(52)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3267319752->3267319752, ack from 3733317079->3733317078
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317077->3733317078, ack from 0->0
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317078->3733317079, ack from 0->0
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317077->3733317078, ack from 0->0
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317078->3733317079, ack from 0->0
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317078->3733317079, ack from 0->0
Nov 1 21:15:23 ron kernel: ftp: dataoff(40) >= skblen(40)
Nov 1 21:15:23 ron kernel: Adjusting sequence number from
3733317079->3733317080, ack from 0->0
ron
----- Original Message -----
From: "ron lai" <ronlai@cs.stanford.edu>
To: "ron lai" <ronlai@cs.stanford.edu>
Sent: Wednesday, October 31, 2007 10:07 PM
Subject: Fw: Problems with nf_nat_ftp.ko and nf_conntrack_ftp.ko in 2.6.22.6
>
> ----- Original Message -----
> From: "Patrick McHardy" <kaber@trash.net>
> To: "Ron Lai" <ronlai@cs.stanford.edu>
> Cc: <netfilter@vger.kernel.org>; "Netfilter Development Mailinglist"
> <netfilter-devel@vger.kernel.org>
> Sent: Monday, October 29, 2007 5:51 AM
> Subject: Re: Problems with nf_nat_ftp.ko and nf_conntrack_ftp.ko in
> 2.6.22.6
>
>
>> Ron Lai wrote:
>>> The packet dump from the 2.6.22.6 box in the middle is attached. In the
>>> trace 172.16.119.91 is the original IP address of the FTP client and
>>> 172.16.255.123 is the NATted address. The FTP server's address is
>>> 172.16.118.1.
>>>
>>> The problem happens between packet 31 and packet 34. Packet 31 indicates
>>> that the client expects ACK number 0x64b4dda9 for the PORT command it
>>> sends. However, the ACK number it actually gets is 0x64b4dda8.
>>
>>
>> Thats really odd. It properly adjusts the sequence number in the
>> original direction by +1, but incorrectly adjusts the acknowledgement
>> in the reply direction by -2. I don't see how this could happen with
>> the vanilla 2.6.22 kernel, are you using any additional patches?
>>
>> Otherwise please edit net/ipv4/netfilter/nf_nat_helper.c and add
>> a #define DEBUG at the first line, recompile and post the output
>> of the failed session (ideally two failed sessions). Thanks.
>>
>> -
>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
[-- Attachment #2: ftp_test.pcap --]
[-- Type: application/octet-stream, Size: 7199 bytes --]
next reply other threads:[~2007-11-01 21:16 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-01 21:16 Ron Lai [this message]
2007-11-01 21:16 ` Fw: Problems with nf_nat_ftp.ko and nf_conntrack_ftp.ko in 2.6.22.6 Ron Lai
2007-11-05 11:03 ` Amin Azez
2007-11-05 16:36 ` ron lai
2007-11-05 16:36 ` ron lai
2007-11-06 10:14 ` Patrick McHardy
2007-11-06 13:19 ` ron lai
2007-11-06 13:19 ` ron lai
2007-11-06 13:24 ` Patrick McHardy
2007-11-06 13:50 ` ron lai
2007-11-06 13:50 ` ron lai
2007-11-06 14:05 ` Patrick McHardy
2007-11-06 15:17 ` Pascal Hambourg
2007-11-07 5:08 ` ron lai
2007-11-07 5:08 ` ron lai
2007-11-07 9:49 ` Patrick McHardy
2007-11-07 10:33 ` Patrick McHardy
2007-11-07 10:59 ` Pascal Hambourg
2007-11-07 11:37 ` Patrick McHardy
2007-11-07 15:17 ` ron lai
2007-11-07 15:17 ` ron lai
2007-11-07 23:19 ` Patrick McHardy
2007-11-07 23:54 ` Ron Lai
2007-11-07 23:54 ` Ron Lai
2007-11-08 9:03 ` Pascal Hambourg
2007-11-08 11:43 ` Patrick McHardy
-- strict thread matches above, loose matches on Subject: below --
2007-11-07 11:44 bdschuym@pandora.be
2007-11-07 11:44 ` bdschuym@pandora.be
2007-11-07 11:55 ` Patrick McHardy
2007-11-07 23:29 ` Bart De Schuymer
2007-11-12 6:00 ` Patrick McHardy
2007-11-12 7:35 ` Philip Craig
2007-11-12 7:39 ` Patrick McHardy
2007-11-08 2:16 ` Philip Craig
2007-11-12 7:30 bdschuym@pandora.be
2007-11-12 7:30 ` bdschuym@pandora.be
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='001601c81ccc$682bb4a0$bb0b10ac@FireEye.com' \
--to=ronlai@cs.stanford.edu \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.