Re: Out of window filter catches too much

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pierre Ossman <drzeus-list@drzeus.cx>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: netfilter@lists.netfilter.org
Subject: Re: Out of window filter catches too much
Date: Wed, 02 Mar 2005 09:58:08 +0100	[thread overview]
Message-ID: <42258020.9000904@drzeus.cx> (raw)
In-Reply-To: <Pine.LNX.4.58.0503020908580.16314@blackhole.kfki.hu>

Jozsef Kadlecsik wrote:

>On Wed, 2 Mar 2005, Pierre Ossman wrote:
>
>  
>
>>>On Mon, 21 Feb 2005 I posted a patch to netfilter-devel which addresses
>>>this and other issues in TCP window tracking. Please try the patch.
>>>      
>>>
>>I assume you meant:
>>https://lists.netfilter.org/pipermail/netfilter-devel/2005-February/018598.html
>>
>>I've tried the patch and it seems to keep it from dropping the ACKs
>>which is enough to keep the connection going. I still get some errors
>>the other way though:
>>
>>Mar  2 01:36:22 prometheus kernel: ip_ct_tcp: SEQ is over the upper
>>bound (over the window of the receiver) IN= OUT= SRC=10.8.0.24
>>DST=10.8.5.10 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=52959 DF PROTO=TCP
>>SPT=1053 DPT=873 SEQ=3991302411 ACK=1391445765 WINDOW=115 RES=0x00 ACK
>>URGP=0 OPT (0101080AD974090C92CE1415)
>>    
>>
>
>If it is reproducible then could you capture the traffic with tcpdump and
>send me the results together with the corresponding log lines? Please dump
>on both sides of the firewall.
>
>  
>
It's a lot of traffic so that will be difficult. The problems appear 
after at least 100 MB has been transfered. Is there some way I can 
reduce this to just the parts that are of relevance to you?
If you have a decent connection (or a lot of time ;)) I suppose I could 
put up the entire thing on the local webserver for you to download at 
your own leisure.

Rgds
Pierrre

next prev parent reply	other threads:[~2005-03-02  8:58 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-02-26  0:01 Out of window filter catches too much Pierre Ossman
2005-03-01  8:40 ` Jozsef Kadlecsik
2005-03-02  7:59   ` Pierre Ossman
2005-03-02  8:10     ` Jozsef Kadlecsik
2005-03-02  8:58       ` Pierre Ossman [this message]
2005-03-02  9:03         ` Jozsef Kadlecsik
     [not found]           ` <4226F2D8.4070502@drzeus.cx>
2005-03-03 11:31             ` Jozsef Kadlecsik

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42258020.9000904@drzeus.cx \
    --to=drzeus-list@drzeus.cx \
    --cc=kadlec@blackhole.kfki.hu \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.