* Fw: [Bug 111751] New: Kernel send tcp reset when receive icmp redirect
@ 2016-02-03 0:56 Stephen Hemminger
2016-02-03 2:35 ` Eric Dumazet
0 siblings, 1 reply; 4+ messages in thread
From: Stephen Hemminger @ 2016-02-03 0:56 UTC (permalink / raw)
To: netdev
Begin forwarded message:
Date: Tue, 2 Feb 2016 11:42:41 +0000
From: "bugzilla-daemon@bugzilla.kernel.org" <bugzilla-daemon@bugzilla.kernel.org>
To: "shemminger@linux-foundation.org" <shemminger@linux-foundation.org>
Subject: [Bug 111751] New: Kernel send tcp reset when receive icmp redirect
https://urldefense.proofpoint.com/v2/url?u=https-3A__bugzilla.kernel.org_show-5Fbug.cgi-3Fid-3D111751&d=CwICaQ&c=IL_XqQWOjubgfqINi2jTzg&r=q_lvUiVm1uM6QEw9TPH-6jiV__hsrE6xXUAtATPE9x0&m=UNO95AZfSkcQcZYh6NtZCATnWsJA165x3m2P3_Yo4mY&s=8874491L4x2GOXBxBlNCQJaF3d2Jryc776RbYqRVTS8&e=
Bug ID: 111751
Summary: Kernel send tcp reset when receive icmp redirect
Product: Networking
Version: 2.5
Kernel Version: 4.4.0
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: IPV4
Assignee: shemminger@linux-foundation.org
Reporter: pety@rusnet.ru
Regression: No
Network scheme:
server1
router----eth0------buggy-linux-box
router ip - 192.168.113.246/30
server1 ip on eth0 - 192.168.113.245/30, 192.168.113.158/27 (aliases), default
to 192.168.113.246
buggy-linux-box ip - 192.168.113.133/27
When I try telnet (or ssh, for example) to 192.168.113.133 from
192.168.113.115, I receive tcp reset:
13:55:22.341015 IP (tos 0x10, ttl 62, id 54936, offset 0, flags [DF], proto TCP
(6), length 60)
192.168.113.115.33160 > 192.168.113.133.23: Flags [S], cksum 0x681c
(correct), seq 1552183701, win 5840, options [mss 1460,sackOK,TS val
1739695885 ecr 0,nop,wscale 9], length 0
13:55:22.341039 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6),
length 60)
192.168.113.133.23 > 192.168.113.115.33160: Flags [S.], cksum 0x6ac8
(incorrect -> 0x4221), seq 1195050131, ack 1552183702, win 28960, o
ptions [mss 1460,sackOK,TS val 337210292 ecr 1739695885,nop,wscale 7], length 0
13:55:22.341188 IP (tos 0xc0, ttl 64, id 29828, offset 0, flags [none], proto
ICMP (1), length 88)
192.168.113.158 > 192.168.113.133: ICMP redirect 192.168.113.115 to host
192.168.113.246, length 68
IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length
60)
192.168.113.133.23 > 192.168.113.115.33160: Flags [S.], cksum 0x4221
(correct), seq 1195050131, ack 1552183702, win 28960, options [mss
1460,sackOK,TS val 337210292 ecr 1739695885,nop,wscale 7], length 0
13:55:22.341264 IP (tos 0x10, ttl 62, id 54937, offset 0, flags [DF], proto TCP
(6), length 52)
192.168.113.115.33160 > 192.168.113.133.23: Flags [.], cksum 0xe201
(correct), seq 1, ack 1, win 12, options [nop,nop,TS val 1739695885
ecr 337210292], length 0
13:55:22.341281 IP (tos 0x10, ttl 64, id 28000, offset 0, flags [DF], proto TCP
(6), length 40)
192.168.113.133.23 > 192.168.113.115.33160: Flags [R], cksum 0x77d8
(correct), seq 1195050132, win 0, length 0
13:55:22.341284 IP (tos 0x10, ttl 62, id 54938, offset 0, flags [DF], proto TCP
(6), length 76)
192.168.113.115.33160 > 192.168.113.133.23: Flags [P.], cksum 0x8590
(correct), seq 1:25, ack 1, win 12, options [nop,nop,TS val 1739695
885 ecr 337210292], length 24 [telnet DO SUPPRESS GO AHEAD, WILL TERMINAL TYPE,
WILL NAWS, WILL TSPEED, WILL LFLOW, WILL LINEMODE, WILL NEW-
ENVIRON, DO STATUS]
13:55:22.341289 IP (tos 0x10, ttl 64, id 28001, offset 0, flags [DF], proto TCP
(6), length 40)
192.168.113.133.23 > 192.168.113.115.33160: Flags [R], cksum 0x77d8
(correct), seq 1195050132, win 0, length 0
^C
7 packets captured
7 packets received by filter
0 packets dropped by kernel
If I turn off sending redirects on server1, or reject incoming ICMP with
iptables (on buggy-box), the problem is gone.
Looks like kernel 4.1.15 without this problem.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Fw: [Bug 111751] New: Kernel send tcp reset when receive icmp redirect
2016-02-03 0:56 Fw: [Bug 111751] New: Kernel send tcp reset when receive icmp redirect Stephen Hemminger
@ 2016-02-03 2:35 ` Eric Dumazet
2016-02-03 3:31 ` [PATCH net] tcp: do not drop syn_recv on all icmp reports Eric Dumazet
0 siblings, 1 reply; 4+ messages in thread
From: Eric Dumazet @ 2016-02-03 2:35 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: netdev
On Wed, 2016-02-03 at 11:56 +1100, Stephen Hemminger wrote:
>
> Begin forwarded message:
>
> Date: Tue, 2 Feb 2016 11:42:41 +0000
> From: "bugzilla-daemon@bugzilla.kernel.org" <bugzilla-daemon@bugzilla.kernel.org>
> To: "shemminger@linux-foundation.org" <shemminger@linux-foundation.org>
> Subject: [Bug 111751] New: Kernel send tcp reset when receive icmp redirect
>
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__bugzilla.kernel.org_show-5Fbug.cgi-3Fid-3D111751&d=CwICaQ&c=IL_XqQWOjubgfqINi2jTzg&r=q_lvUiVm1uM6QEw9TPH-6jiV__hsrE6xXUAtATPE9x0&m=UNO95AZfSkcQcZYh6NtZCATnWsJA165x3m2P3_Yo4mY&s=8874491L4x2GOXBxBlNCQJaF3d2Jryc776RbYqRVTS8&e=
>
> Bug ID: 111751
> Summary: Kernel send tcp reset when receive icmp redirect
> Product: Networking
> Version: 2.5
> Kernel Version: 4.4.0
> Hardware: All
> OS: Linux
> Tree: Mainline
> Status: NEW
> Severity: normal
> Priority: P1
> Component: IPV4
> Assignee: shemminger@linux-foundation.org
> Reporter: pety@rusnet.ru
> Regression: No
>
> Network scheme:
>
> server1
> router----eth0------buggy-linux-box
>
> router ip - 192.168.113.246/30
>
> server1 ip on eth0 - 192.168.113.245/30, 192.168.113.158/27 (aliases), default
> to 192.168.113.246
>
> buggy-linux-box ip - 192.168.113.133/27
>
> When I try telnet (or ssh, for example) to 192.168.113.133 from
> 192.168.113.115, I receive tcp reset:
>
> 13:55:22.341015 IP (tos 0x10, ttl 62, id 54936, offset 0, flags [DF], proto TCP
> (6), length 60)
> 192.168.113.115.33160 > 192.168.113.133.23: Flags [S], cksum 0x681c
> (correct), seq 1552183701, win 5840, options [mss 1460,sackOK,TS val
> 1739695885 ecr 0,nop,wscale 9], length 0
>
> 13:55:22.341039 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6),
> length 60)
> 192.168.113.133.23 > 192.168.113.115.33160: Flags [S.], cksum 0x6ac8
> (incorrect -> 0x4221), seq 1195050131, ack 1552183702, win 28960, o
> ptions [mss 1460,sackOK,TS val 337210292 ecr 1739695885,nop,wscale 7], length 0
>
> 13:55:22.341188 IP (tos 0xc0, ttl 64, id 29828, offset 0, flags [none], proto
> ICMP (1), length 88)
> 192.168.113.158 > 192.168.113.133: ICMP redirect 192.168.113.115 to host
> 192.168.113.246, length 68
> IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length
> 60)
> 192.168.113.133.23 > 192.168.113.115.33160: Flags [S.], cksum 0x4221
> (correct), seq 1195050131, ack 1552183702, win 28960, options [mss
> 1460,sackOK,TS val 337210292 ecr 1739695885,nop,wscale 7], length 0
>
> 13:55:22.341264 IP (tos 0x10, ttl 62, id 54937, offset 0, flags [DF], proto TCP
> (6), length 52)
> 192.168.113.115.33160 > 192.168.113.133.23: Flags [.], cksum 0xe201
> (correct), seq 1, ack 1, win 12, options [nop,nop,TS val 1739695885
> ecr 337210292], length 0
>
> 13:55:22.341281 IP (tos 0x10, ttl 64, id 28000, offset 0, flags [DF], proto TCP
> (6), length 40)
> 192.168.113.133.23 > 192.168.113.115.33160: Flags [R], cksum 0x77d8
> (correct), seq 1195050132, win 0, length 0
>
> 13:55:22.341284 IP (tos 0x10, ttl 62, id 54938, offset 0, flags [DF], proto TCP
> (6), length 76)
> 192.168.113.115.33160 > 192.168.113.133.23: Flags [P.], cksum 0x8590
> (correct), seq 1:25, ack 1, win 12, options [nop,nop,TS val 1739695
> 885 ecr 337210292], length 24 [telnet DO SUPPRESS GO AHEAD, WILL TERMINAL TYPE,
> WILL NAWS, WILL TSPEED, WILL LFLOW, WILL LINEMODE, WILL NEW-
> ENVIRON, DO STATUS]
>
> 13:55:22.341289 IP (tos 0x10, ttl 64, id 28001, offset 0, flags [DF], proto TCP
> (6), length 40)
> 192.168.113.133.23 > 192.168.113.115.33160: Flags [R], cksum 0x77d8
> (correct), seq 1195050132, win 0, length 0
> ^C
> 7 packets captured
> 7 packets received by filter
> 0 packets dropped by kernel
>
> If I turn off sending redirects on server1, or reject incoming ICMP with
> iptables (on buggy-box), the problem is gone.
>
> Looks like kernel 4.1.15 without this problem.
>
Thanks Stephen for the report. I am cooking a fix.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH net] tcp: do not drop syn_recv on all icmp reports
2016-02-03 2:35 ` Eric Dumazet
@ 2016-02-03 3:31 ` Eric Dumazet
2016-02-09 9:17 ` David Miller
0 siblings, 1 reply; 4+ messages in thread
From: Eric Dumazet @ 2016-02-03 3:31 UTC (permalink / raw)
To: David Miller; +Cc: netdev, Petr Novopashenniy
From: Eric Dumazet <edumazet@google.com>
Petr Novopashenniy reported that ICMP redirects on SYN_RECV sockets
were leading to RST.
This is of course incorrect.
A specific list of ICMP messages should be able to drop a SYN_RECV.
For instance, a REDIRECT on SYN_RECV shall be ignored, as we do
not hold a dst per SYN_RECV pseudo request.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=111751
Fixes: 079096f103fa ("tcp/dccp: install syn_recv requests into ehash table")
Reported-by: Petr Novopashenniy <pety@rusnet.ru>
Signed-off-by: Eric Dumazet <edumazet@google.com>
---
A similar patch will be needed for DCCP.
Petr, please test if this patch solves your issue ? Thanks !
include/net/tcp.h | 2 +-
net/ipv4/tcp_ipv4.c | 11 ++++++++---
net/ipv6/tcp_ipv6.c | 5 +++--
3 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/include/net/tcp.h b/include/net/tcp.h
index f6f8f032c73e..ae6468f5c9f3 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -447,7 +447,7 @@ const u8 *tcp_parse_md5sig_option(const struct tcphdr *th);
void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb);
void tcp_v4_mtu_reduced(struct sock *sk);
-void tcp_req_err(struct sock *sk, u32 seq);
+void tcp_req_err(struct sock *sk, u32 seq, bool abort);
int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb);
struct sock *tcp_create_openreq_child(const struct sock *sk,
struct request_sock *req,
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index a4d523709ab3..7f6ff037adaf 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -311,7 +311,7 @@ static void do_redirect(struct sk_buff *skb, struct sock *sk)
/* handle ICMP messages on TCP_NEW_SYN_RECV request sockets */
-void tcp_req_err(struct sock *sk, u32 seq)
+void tcp_req_err(struct sock *sk, u32 seq, bool abort)
{
struct request_sock *req = inet_reqsk(sk);
struct net *net = sock_net(sk);
@@ -323,7 +323,7 @@ void tcp_req_err(struct sock *sk, u32 seq)
if (seq != tcp_rsk(req)->snt_isn) {
NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
- } else {
+ } else if (abort) {
/*
* Still in SYN_RECV, just remove it silently.
* There is no good way to pass the error to the newly
@@ -383,7 +383,12 @@ void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
}
seq = ntohl(th->seq);
if (sk->sk_state == TCP_NEW_SYN_RECV)
- return tcp_req_err(sk, seq);
+ return tcp_req_err(sk, seq,
+ type == ICMP_PARAMETERPROB ||
+ type == ICMP_TIME_EXCEEDED ||
+ (type == ICMP_DEST_UNREACH &&
+ (code == ICMP_NET_UNREACH ||
+ code == ICMP_HOST_UNREACH)));
bh_lock_sock(sk);
/* If too many ICMPs get dropped on busy
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 006396e31cb0..01caceccb528 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -327,6 +327,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
struct tcp_sock *tp;
__u32 seq, snd_una;
struct sock *sk;
+ bool fatal;
int err;
sk = __inet6_lookup_established(net, &tcp_hashinfo,
@@ -345,8 +346,9 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
return;
}
seq = ntohl(th->seq);
+ fatal = icmpv6_err_convert(type, code, &err);
if (sk->sk_state == TCP_NEW_SYN_RECV)
- return tcp_req_err(sk, seq);
+ return tcp_req_err(sk, seq, fatal);
bh_lock_sock(sk);
if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
@@ -400,7 +402,6 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
goto out;
}
- icmpv6_err_convert(type, code, &err);
/* Might be for an request_sock */
switch (sk->sk_state) {
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH net] tcp: do not drop syn_recv on all icmp reports
2016-02-03 3:31 ` [PATCH net] tcp: do not drop syn_recv on all icmp reports Eric Dumazet
@ 2016-02-09 9:17 ` David Miller
0 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2016-02-09 9:17 UTC (permalink / raw)
To: eric.dumazet; +Cc: netdev, pety
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Tue, 02 Feb 2016 19:31:12 -0800
> From: Eric Dumazet <edumazet@google.com>
>
> Petr Novopashenniy reported that ICMP redirects on SYN_RECV sockets
> were leading to RST.
>
> This is of course incorrect.
>
> A specific list of ICMP messages should be able to drop a SYN_RECV.
>
> For instance, a REDIRECT on SYN_RECV shall be ignored, as we do
> not hold a dst per SYN_RECV pseudo request.
>
> Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=111751
> Fixes: 079096f103fa ("tcp/dccp: install syn_recv requests into ehash table")
> Reported-by: Petr Novopashenniy <pety@rusnet.ru>
> Signed-off-by: Eric Dumazet <edumazet@google.com>
Applied and queued up for -stable, thanks Eric.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-02-09 9:24 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-03 0:56 Fw: [Bug 111751] New: Kernel send tcp reset when receive icmp redirect Stephen Hemminger
2016-02-03 2:35 ` Eric Dumazet
2016-02-03 3:31 ` [PATCH net] tcp: do not drop syn_recv on all icmp reports Eric Dumazet
2016-02-09 9:17 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox