Reset regarded as a new session

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Yoav Zamir" <yoav_zamm@hotmail.com>
To: netfilter@lists.netfilter.org
Subject: Reset regarded as a new session
Date: Tue, 29 Jun 2004 15:59:30 +0300	[thread overview]
Message-ID: <BAY7-F19hUlmsQlcwuu0004a46a@hotmail.com> (raw)

It seems like iptables doesn't treat correctly a session I have created.
The situation is as follows:
I have two machines (A-holds a program that is a TCP client, B-TCP server).
A contains an SNAT & DNAT that alter the ip-addresses of the outgoing 
sessions.

Now (in chronological order):
A opens a session (sends a SYN, recieves SYN ACK).
A sends some data (and recieves acks).
A closes the connection: (Sends a FIN)
B sends an ACK to the FIN (that contains data(!)).
A sends a RST to B (because data was recieved in the FINACK(?)), but at this 
point the NAT sends it with altered IP addresses - as though the session has 
already ended and the reset packet belongs to a new session. This packet 
also has bad chksum.
B tries to send FIN packets (with the correct IP addresses), but recieves no 
acknowledgements to them; Thus leaving the session stuck on the server in 
the mode LAST_ACK.

The NAT configuration and a plot of tethereal is attached.

Regards,
Yoav.


Compiled by tethereal, based on tcpdump:

  1   0.000000  3.6.104.154 -> 2.7.88.255   TCP 20000 > 20000 [SYN] Seq=0 
Ack=0 Win=5840 Len=0 MSS=1460 TSV=5140710 TSER=0 WS=0
  2   0.001437   2.7.88.255 -> 3.6.104.154  TCP 20000 > 20000 [SYN, ACK] 
Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=5109167 TSER=5140710 WS=0
  3   0.001477  3.6.104.154 -> 2.7.88.255   TCP 20000 > 20000 [ACK] Seq=1 
Ack=1 Win=5840 Len=0 TSV=5140712 TSER=5109167
  4   0.001551  3.6.104.154 -> 2.7.88.255   TCP 20000 > 20000 [ACK] Seq=1 
Ack=1 Win=5840 Len=1448 TSV=5140712 TSER=5109167
  5   0.001575  3.6.104.154 -> 2.7.88.255   TCP 20000 > 20000 [ACK] Seq=1449 
Ack=1 Win=5840 Len=1448 TSV=5140712 TSER=5109167
  6   0.010284   2.7.88.255 -> 3.6.104.154  TCP 20000 > 20000 [ACK] Seq=1 
Ack=1449 Win=8688 Len=0 TSV=5109175 TSER=5140712
  7   0.010307  3.6.104.154 -> 2.7.88.255   TCP 20000 > 20000 [PSH, ACK] 
Seq=2897 Ack=1 Win=5840 Len=1448 TSV=5140721 TSER=5109175
  8   0.010318  3.6.104.154 -> 2.7.88.255   TCP 20000 > 20000 [PSH, ACK] 
Seq=4345 Ack=1 Win=5840 Len=658 TSV=5140721 TSER=5109175
  9   0.022450   2.7.88.255 -> 3.6.104.154  TCP [TCP Dup ACK 6#1] [TCP 
Previous segment lost] 20000 > 20000 [ACK] Seq=7 Ack=1449 Win=8688 Len=0 
TSV=5109188 TSER=5140712 SLE=1709622117 SRE=1709623565
10   0.024704   2.7.88.255 -> 3.6.104.154  TCP [TCP Dup ACK 6#2] 20000 > 
20000 [ACK] Seq=7 Ack=1449 Win=8688 Len=0 TSV=5109190 TSER=5140712 
SLE=1709622117 SRE=1709624223
11   0.213172  3.6.104.154 -> 2.7.88.255   TCP [TCP Retransmission] 20000 > 
20000 [ACK] Seq=1449 Ack=1 Win=5840 Len=1448 TSV=5140923 TSER=5109175
12   0.215916   2.7.88.255 -> 3.6.104.154  TCP [TCP Retransmission] 20000 > 
20000 [PSH, ACK] Seq=1 Ack=1449 Win=8688 Len=6 TSV=5109381 TSER=5140712 
SLE=1709622117 SRE=1709624223
13   0.215940  3.6.104.154 -> 2.7.88.255   TCP 20000 > 20000 [ACK] Seq=5003 
Ack=7 Win=5840 Len=0 TSV=5140926 TSER=5109381
14   0.216025  3.6.104.154 -> 2.7.88.255   TCP 20000 > 20000 [FIN, ACK] 
Seq=5003 Ack=7 Win=5840 Len=0 TSV=5140926 TSER=5109381
15   0.221815   2.7.88.255 -> 3.6.104.154  TCP 20000 > 20000 [ACK] Seq=7 
Ack=5003 Win=11584 Len=0 TSV=5109387 TSER=5140923
16   0.222140   2.7.88.255 -> 3.6.104.154  TCP 20000 > 20000 [PSH, ACK] 
Seq=7 Ack=5004 Win=11584 Len=6 TSV=5109387 TSER=5140926
17   0.222211  3.6.104.232 -> 2.7.89.77    TCP 20000 > 20000 [RST] Seq=0 
Ack=0 Win=0 [CHECKSUM INCORRECT] Len=0
18   0.222468   2.7.88.255 -> 3.6.104.154  TCP 20000 > 20000 [FIN, PSH, ACK] 
Seq=13 Ack=5004 Win=11584 Len=6 TSV=5109387 TSER=5140926
19   0.222494  3.6.104.234 -> 2.7.89.79    TCP 20000 > 20000 [RST] Seq=0 
Ack=0 Win=0 [CHECKSUM INCORRECT] Len=0
20   0.422856   2.7.88.255 -> 3.6.104.154  TCP [TCP Retransmission] 20000 > 
20000 [FIN, PSH, ACK] Seq=7 Ack=5004 Win=11584 Len=12 TSV=5109588 
TSER=5140926
21   0.422887  3.6.104.236 -> 2.7.89.81    TCP 20000 > 20000 [RST] Seq=0 
Ack=0 Win=0 [CHECKSUM INCORRECT] Len=0
22   0.824776   2.7.88.255 -> 3.6.104.154  TCP [TCP Retransmission] 20000 > 
20000 [FIN, PSH, ACK] Seq=7 Ack=5004 Win=11584 Len=12 TSV=5109990 
TSER=5140926
23   0.824837  3.6.104.238 -> 2.7.89.83    TCP 20000 > 20000 [RST] Seq=0 
Ack=0 Win=0 [CHECKSUM INCORRECT] Len=0
24   1.628616   2.7.88.255 -> 3.6.104.154  TCP [TCP Retransmission] 20000 > 
20000 [FIN, PSH, ACK] Seq=7 Ack=5004 Win=11584 Len=12 TSV=5110794 
TSER=5140926
25   1.628643  3.6.104.240 -> 2.7.89.85    TCP 20000 > 20000 [RST] Seq=0 
Ack=0 Win=0 [CHECKSUM INCORRECT] Len=0
26   3.236299   2.7.88.255 -> 3.6.104.154  TCP [TCP Retransmission] 20000 > 
20000 [FIN, PSH, ACK] Seq=7 Ack=5004 Win=11584 Len=12 TSV=5112402 
TSER=5140926
27   3.236341  3.6.104.242 -> 2.7.89.87    TCP 20000 > 20000 [RST] Seq=0 
Ack=0 Win=0 [CHECKSUM INCORRECT] Len=0
28   6.451663   2.7.88.255 -> 3.6.104.154  TCP [TCP Retransmission] 20000 > 
20000 [FIN, PSH, ACK] Seq=7 Ack=5004 Win=11584 Len=12 TSV=5115618 
TSER=5140926
29   6.451699  3.6.104.244 -> 2.7.89.89    TCP 20000 > 20000 [RST] Seq=0 
Ack=0 Win=0 [CHECKSUM INCORRECT] Len=0
30  12.883417   2.7.88.255 -> 3.6.104.154  TCP [TCP Retransmission] 20000 > 
20000 [FIN, PSH, ACK] Seq=7 Ack=5004 Win=11584 Len=12 TSV=5122050 
TSER=5140926
31  12.883461  3.6.104.246 -> 2.7.89.91    TCP 20000 > 20000 [RST] Seq=0 
Ack=0 Win=0 [CHECKSUM INCORRECT] Len=0

The NAT's configuration is:
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       tcp  --  anywhere             anywhere            tcp 
spts:20000:29999 to:3.2.46.172-3.19.11.33:20000-30000

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere            tcp 
spts:20000:29999 to:2.3.31.18-2.12.21.34:11111-22222

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

next             reply	other threads:[~2004-06-29 12:59 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-06-29 12:59 Yoav Zamir [this message]
  -- strict thread matches above, loose matches on Subject: below --
2004-06-28 12:46 Reset regarded as a new session Yoav Zamir

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=BAY7-F19hUlmsQlcwuu0004a46a@hotmail.com \
    --to=yoav_zamm@hotmail.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.