* ISNs and 2.6.22, Was: Re: haproxy & linux firewall (netfilter)
[not found] ` <20071020150035.GA12878@1wt.eu>
@ 2007-10-20 17:08 ` Krzysztof Oledzki
2007-10-20 17:23 ` Krzysztof Oledzki
0 siblings, 1 reply; 3+ messages in thread
From: Krzysztof Oledzki @ 2007-10-20 17:08 UTC (permalink / raw)
To: Willy Tarreau; +Cc: haproxy, netdev
[-- Attachment #1: Type: TEXT/PLAIN, Size: 2685 bytes --]
On Sat, 20 Oct 2007, Willy Tarreau wrote:
<CUT>
>>> What is very strange is that linux uses random increments, so your ISNs
>>> should not wrap in a matter of a few seconds.
>>
>> Good point. I need to investigate this.
>
> netcat is very convenient for such tests. It's easy to bind it to a
> source port for consecutive tests while you run tcpdump in the background :
>
> $ echo bla | nc -p 1234 192.168.1.2 80
> $ echo bla | nc -p 1234 192.168.1.2 80
>
> Also, please try this with tcp_timestamps enabled and disabled to see if it
> changes anything.
Interesting... :|
2.6.20:
18:52:33.558379 IP 192.168.0.33.3333 > 212.77.100.101.80: S 3708509816:3708509816(0) win 5840 <mss 1460,sackOK,timestamp 1884090256 0,nop,wscale 1>
18:52:33.882129 IP 192.168.0.33.3333 > 212.77.100.101.80: S 3708833567:3708833567(0) win 5840 <mss 1460,sackOK,timestamp 1884090580 0,nop,wscale 1>
18:52:34.084000 IP 192.168.0.33.3333 > 212.77.100.101.80: S 3709035437:3709035437(0) win 5840 <mss 1460,sackOK,timestamp 1884090782 0,nop,wscale 1>
2.6.21:
18:58:36.074969 IP 192.168.0.66.3333 > 212.77.100.101.80: S 110585153:110585153(0) win 5840 <mss 1460,sackOK,timestamp 112007046 0,nop,wscale 5>
18:58:36.440084 IP 192.168.0.66.3333 > 212.77.100.101.80: S 110950271:110950271(0) win 5840 <mss 1460,sackOK,timestamp 112007412 0,nop,wscale 5>
18:58:36.830141 IP 192.168.0.66.3333 > 212.77.100.101.80: S 111340328:111340328(0) win 5840 <mss 1460,sackOK,timestamp 112007802 0,nop,wscale 5>
2.6.22:
18:59:34.525097 IP 192.168.0.7.3333 > 212.77.100.101.80: S 3303295586:3303295586(0) win 5840 <mss 1460,sackOK,timestamp 1111842 0,nop,wscale 6>
18:59:34.942104 IP 192.168.0.7.3333 > 212.77.100.101.80: S 3720303240:3720303240(0) win 5840 <mss 1460,sackOK,timestamp 1112259 0,nop,wscale 6>
18:59:35.412229 IP 192.168.0.7.3333 > 212.77.100.101.80: S 4190427367:4190427367(0) win 5840 <mss 1460,sackOK,timestamp 1112729 0,nop,wscale 6>
2.6.22+tcp_timestamps=0:
19:00:38.285554 IP 192.168.0.7.3333 > 212.77.100.101.80: S 2639244549:2639244549(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
19:00:39.448675 IP 192.168.0.7.3333 > 212.77.100.101.80: S 3802363348:3802363348(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
19:00:43.003850 IP 192.168.0.7.3333 > 212.77.100.101.80: S 3062574559:3062574559(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
19:00:45.950863 IP 192.168.0.7.3333 > 212.77.100.101.80: S 1714619373:1714619373(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
So it seems that ISNs are not randomly incremented but rather randomly
generated. Adding netdev@vger.kernel.org to the CC list.
Best regards,
Krzysztof Olędzki
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: ISNs and 2.6.22, Was: Re: haproxy & linux firewall (netfilter)
2007-10-20 17:08 ` ISNs and 2.6.22, Was: Re: haproxy & linux firewall (netfilter) Krzysztof Oledzki
@ 2007-10-20 17:23 ` Krzysztof Oledzki
2007-10-20 21:52 ` Willy Tarreau
0 siblings, 1 reply; 3+ messages in thread
From: Krzysztof Oledzki @ 2007-10-20 17:23 UTC (permalink / raw)
To: Willy Tarreau; +Cc: haproxy, netdev
[-- Attachment #1: Type: TEXT/PLAIN, Size: 3275 bytes --]
On Sat, 20 Oct 2007, Krzysztof Oledzki wrote:
>
>
> On Sat, 20 Oct 2007, Willy Tarreau wrote:
> <CUT>
>
>>>> What is very strange is that linux uses random increments, so your ISNs
>>>> should not wrap in a matter of a few seconds.
>>>
>>> Good point. I need to investigate this.
>>
>> netcat is very convenient for such tests. It's easy to bind it to a
>> source port for consecutive tests while you run tcpdump in the background :
>>
>> $ echo bla | nc -p 1234 192.168.1.2 80
>> $ echo bla | nc -p 1234 192.168.1.2 80
>>
>> Also, please try this with tcp_timestamps enabled and disabled to see if it
>> changes anything.
>
> Interesting... :|
>
> 2.6.20:
> 18:52:33.558379 IP 192.168.0.33.3333 > 212.77.100.101.80: S
> 3708509816:3708509816(0) win 5840 <mss 1460,sackOK,timestamp 1884090256
> 0,nop,wscale 1>
> 18:52:33.882129 IP 192.168.0.33.3333 > 212.77.100.101.80: S
> 3708833567:3708833567(0) win 5840 <mss 1460,sackOK,timestamp 1884090580
> 0,nop,wscale 1>
> 18:52:34.084000 IP 192.168.0.33.3333 > 212.77.100.101.80: S
> 3709035437:3709035437(0) win 5840 <mss 1460,sackOK,timestamp 1884090782
> 0,nop,wscale 1>
>
> 2.6.21:
> 18:58:36.074969 IP 192.168.0.66.3333 > 212.77.100.101.80: S
> 110585153:110585153(0) win 5840 <mss 1460,sackOK,timestamp 112007046
> 0,nop,wscale 5>
> 18:58:36.440084 IP 192.168.0.66.3333 > 212.77.100.101.80: S
> 110950271:110950271(0) win 5840 <mss 1460,sackOK,timestamp 112007412
> 0,nop,wscale 5>
> 18:58:36.830141 IP 192.168.0.66.3333 > 212.77.100.101.80: S
> 111340328:111340328(0) win 5840 <mss 1460,sackOK,timestamp 112007802
> 0,nop,wscale 5>
>
> 2.6.22:
> 18:59:34.525097 IP 192.168.0.7.3333 > 212.77.100.101.80: S
> 3303295586:3303295586(0) win 5840 <mss 1460,sackOK,timestamp 1111842
> 0,nop,wscale 6>
> 18:59:34.942104 IP 192.168.0.7.3333 > 212.77.100.101.80: S
> 3720303240:3720303240(0) win 5840 <mss 1460,sackOK,timestamp 1112259
> 0,nop,wscale 6>
> 18:59:35.412229 IP 192.168.0.7.3333 > 212.77.100.101.80: S
> 4190427367:4190427367(0) win 5840 <mss 1460,sackOK,timestamp 1112729
> 0,nop,wscale 6>
>
> 2.6.22+tcp_timestamps=0:
> 19:00:38.285554 IP 192.168.0.7.3333 > 212.77.100.101.80: S
> 2639244549:2639244549(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
> 19:00:39.448675 IP 192.168.0.7.3333 > 212.77.100.101.80: S
> 3802363348:3802363348(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
> 19:00:43.003850 IP 192.168.0.7.3333 > 212.77.100.101.80: S
> 3062574559:3062574559(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
> 19:00:45.950863 IP 192.168.0.7.3333 > 212.77.100.101.80: S
> 1714619373:1714619373(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
>
> So it seems that ISNs are not randomly incremented but rather randomly
> generated. Adding netdev@vger.kernel.org to the CC list.
Eh, I was little to hurry this time. There were not randomly generated but
incremented with to big value. This patch fixes my problem:
http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git;a=blob;f=queue-2.6.22/fix-tcp-initial-sequence-number-selection.patch;h=05b9167d68ecde1e6088f58c55e2906b768420ed;hb=HEAD
Looking forward for a next -stable release. ;)
Best regards,
Krzysztof Olędzki
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: ISNs and 2.6.22, Was: Re: haproxy & linux firewall (netfilter)
2007-10-20 17:23 ` Krzysztof Oledzki
@ 2007-10-20 21:52 ` Willy Tarreau
0 siblings, 0 replies; 3+ messages in thread
From: Willy Tarreau @ 2007-10-20 21:52 UTC (permalink / raw)
To: Krzysztof Oledzki; +Cc: haproxy, netdev
On Sat, Oct 20, 2007 at 07:23:25PM +0200, Krzysztof Oledzki wrote:
(...)
> >So it seems that ISNs are not randomly incremented but rather randomly
> >generated. Adding netdev@vger.kernel.org to the CC list.
>
> Eh, I was little to hurry this time. There were not randomly generated but
> incremented with to big value. This patch fixes my problem:
>
> http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git;a=blob;f=queue-2.6.22/fix-tcp-initial-sequence-number-selection.patch;h=05b9167d68ecde1e6088f58c55e2906b768420ed;hb=HEAD
Good catch Krzysztof ! I've already noticed that one on LKML but did not
make the connection with your problem!
Please also tell Jozsef so that if he gets other reports, he knows where
to point the reporters.
Regards,
Willy
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-10-21 1:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <Pine.LNX.4.64.0710192358340.17074@bizon.gios.gov.pl>
[not found] ` <20071020055604.GA1371@1wt.eu>
[not found] ` <Pine.LNX.4.64.0710201422220.17074@bizon.gios.gov.pl>
[not found] ` <20071020133101.GB3490@1wt.eu>
[not found] ` <Pine.LNX.4.64.0710201544290.17074@bizon.gios.gov.pl>
[not found] ` <20071020150035.GA12878@1wt.eu>
2007-10-20 17:08 ` ISNs and 2.6.22, Was: Re: haproxy & linux firewall (netfilter) Krzysztof Oledzki
2007-10-20 17:23 ` Krzysztof Oledzki
2007-10-20 21:52 ` Willy Tarreau
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).