From: Eric Dumazet <eric.dumazet@gmail.com>
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: netdev@vger.kernel.org
Subject: Re: Fw: [Bug 111751] New: Kernel send tcp reset when receive icmp redirect
Date: Tue, 02 Feb 2016 18:35:52 -0800 [thread overview]
Message-ID: <1454466952.7627.211.camel@edumazet-glaptop2.roam.corp.google.com> (raw)
In-Reply-To: <20160203115616.5549851a@samsung9>
On Wed, 2016-02-03 at 11:56 +1100, Stephen Hemminger wrote:
>
> Begin forwarded message:
>
> Date: Tue, 2 Feb 2016 11:42:41 +0000
> From: "bugzilla-daemon@bugzilla.kernel.org" <bugzilla-daemon@bugzilla.kernel.org>
> To: "shemminger@linux-foundation.org" <shemminger@linux-foundation.org>
> Subject: [Bug 111751] New: Kernel send tcp reset when receive icmp redirect
>
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__bugzilla.kernel.org_show-5Fbug.cgi-3Fid-3D111751&d=CwICaQ&c=IL_XqQWOjubgfqINi2jTzg&r=q_lvUiVm1uM6QEw9TPH-6jiV__hsrE6xXUAtATPE9x0&m=UNO95AZfSkcQcZYh6NtZCATnWsJA165x3m2P3_Yo4mY&s=8874491L4x2GOXBxBlNCQJaF3d2Jryc776RbYqRVTS8&e=
>
> Bug ID: 111751
> Summary: Kernel send tcp reset when receive icmp redirect
> Product: Networking
> Version: 2.5
> Kernel Version: 4.4.0
> Hardware: All
> OS: Linux
> Tree: Mainline
> Status: NEW
> Severity: normal
> Priority: P1
> Component: IPV4
> Assignee: shemminger@linux-foundation.org
> Reporter: pety@rusnet.ru
> Regression: No
>
> Network scheme:
>
> server1
> router----eth0------buggy-linux-box
>
> router ip - 192.168.113.246/30
>
> server1 ip on eth0 - 192.168.113.245/30, 192.168.113.158/27 (aliases), default
> to 192.168.113.246
>
> buggy-linux-box ip - 192.168.113.133/27
>
> When I try telnet (or ssh, for example) to 192.168.113.133 from
> 192.168.113.115, I receive tcp reset:
>
> 13:55:22.341015 IP (tos 0x10, ttl 62, id 54936, offset 0, flags [DF], proto TCP
> (6), length 60)
> 192.168.113.115.33160 > 192.168.113.133.23: Flags [S], cksum 0x681c
> (correct), seq 1552183701, win 5840, options [mss 1460,sackOK,TS val
> 1739695885 ecr 0,nop,wscale 9], length 0
>
> 13:55:22.341039 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6),
> length 60)
> 192.168.113.133.23 > 192.168.113.115.33160: Flags [S.], cksum 0x6ac8
> (incorrect -> 0x4221), seq 1195050131, ack 1552183702, win 28960, o
> ptions [mss 1460,sackOK,TS val 337210292 ecr 1739695885,nop,wscale 7], length 0
>
> 13:55:22.341188 IP (tos 0xc0, ttl 64, id 29828, offset 0, flags [none], proto
> ICMP (1), length 88)
> 192.168.113.158 > 192.168.113.133: ICMP redirect 192.168.113.115 to host
> 192.168.113.246, length 68
> IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length
> 60)
> 192.168.113.133.23 > 192.168.113.115.33160: Flags [S.], cksum 0x4221
> (correct), seq 1195050131, ack 1552183702, win 28960, options [mss
> 1460,sackOK,TS val 337210292 ecr 1739695885,nop,wscale 7], length 0
>
> 13:55:22.341264 IP (tos 0x10, ttl 62, id 54937, offset 0, flags [DF], proto TCP
> (6), length 52)
> 192.168.113.115.33160 > 192.168.113.133.23: Flags [.], cksum 0xe201
> (correct), seq 1, ack 1, win 12, options [nop,nop,TS val 1739695885
> ecr 337210292], length 0
>
> 13:55:22.341281 IP (tos 0x10, ttl 64, id 28000, offset 0, flags [DF], proto TCP
> (6), length 40)
> 192.168.113.133.23 > 192.168.113.115.33160: Flags [R], cksum 0x77d8
> (correct), seq 1195050132, win 0, length 0
>
> 13:55:22.341284 IP (tos 0x10, ttl 62, id 54938, offset 0, flags [DF], proto TCP
> (6), length 76)
> 192.168.113.115.33160 > 192.168.113.133.23: Flags [P.], cksum 0x8590
> (correct), seq 1:25, ack 1, win 12, options [nop,nop,TS val 1739695
> 885 ecr 337210292], length 24 [telnet DO SUPPRESS GO AHEAD, WILL TERMINAL TYPE,
> WILL NAWS, WILL TSPEED, WILL LFLOW, WILL LINEMODE, WILL NEW-
> ENVIRON, DO STATUS]
>
> 13:55:22.341289 IP (tos 0x10, ttl 64, id 28001, offset 0, flags [DF], proto TCP
> (6), length 40)
> 192.168.113.133.23 > 192.168.113.115.33160: Flags [R], cksum 0x77d8
> (correct), seq 1195050132, win 0, length 0
> ^C
> 7 packets captured
> 7 packets received by filter
> 0 packets dropped by kernel
>
> If I turn off sending redirects on server1, or reject incoming ICMP with
> iptables (on buggy-box), the problem is gone.
>
> Looks like kernel 4.1.15 without this problem.
>
Thanks Stephen for the report. I am cooking a fix.
next prev parent reply other threads:[~2016-02-03 2:35 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-03 0:56 Fw: [Bug 111751] New: Kernel send tcp reset when receive icmp redirect Stephen Hemminger
2016-02-03 2:35 ` Eric Dumazet [this message]
2016-02-03 3:31 ` [PATCH net] tcp: do not drop syn_recv on all icmp reports Eric Dumazet
2016-02-09 9:17 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1454466952.7627.211.camel@edumazet-glaptop2.roam.corp.google.com \
--to=eric.dumazet@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox