From: Aiko Barz <aiko@deepco.de>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: Olivier Sessink <lists@olivier.pk.wau.nl>, netfilter@vger.kernel.org
Subject: Re: INVALID FIN/ACK packets
Date: Mon, 26 Nov 2007 23:10:06 +0100 [thread overview]
Message-ID: <20071126221006.GA5729@motoko> (raw)
In-Reply-To: <Pine.LNX.4.64.0711151040590.13029@blackhole.kfki.hu>
[-- Attachment #1.1: Type: text/plain, Size: 927 bytes --]
On Thu, Nov 15, 2007 at 10:57:44AM +0100, Jozsef Kadlecsik wrote:
> On Wed, 14 Nov 2007, Olivier Sessink wrote:
>
> > > I have one more server with this same kind of problem. "ACK RST" and
> > > "ACK FIN" packets are involved.
>
> Please enable full internal logging in netfilter and make sure at least
> one loggin target module is loaded in and record by tcpdump one full
> TCP session where such packets occurs. Then send me the generated kernel
> log and the dump file so that I could analyze it.
Hm,
maybe other people would like to look at it too. :)
Still don't have a tcpdump, but I attached the internal conntrack log.
I didn't do it on my servers, because they are in use. I used my
Notebook, which is having the same symptoms. My servers have several
thousand entries of this kind each day.
Bye,
Aiko
PS.: I also tried the vanilla 2.6.23.9 kernel. Still suffering...
--
:wq
[-- Attachment #1.2: dmesg.txt --]
[-- Type: text/plain, Size: 14546 bytes --]
Nov 25 17:00:22 motoko tcp_in_window: START
Nov 25 17:00:22 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003277754 ack=0 sack=0 win=5840 end=1003277755
Nov 25 17:00:22 motoko tcp_in_window: sender end=1003277755 maxend=1003277755 maxwin=5840 scale=7 receiver end=0 maxend=0 maxwin=1 scale=0
Nov 25 17:00:22 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003277754 ack=0 sack =0 win=5840 end=1003277755
Nov 25 17:00:22 motoko tcp_in_window: sender end=1003277755 maxend=1003277755 maxwin=5840 scale=7 receiver end=0 maxend=0 maxwin=1 scale=0
Nov 25 17:00:22 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:22 motoko tcp_in_window: res=1 sender end=1003277755 maxend=1003277755 maxwin=5840 receiver end=0 maxend=5840 maxwin=1
Nov 25 17:00:22 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=1 ack=0 fin=0 rst=0 old=0 new=1
Nov 25 17:00:23 motoko tcp_in_window: START
Nov 25 17:00:23 motoko tcp_in_window: src=___:80 dst=___:48595 seq=671751393 ack=1003277755 sack=1003277755 win=4356 end=671751394
Nov 25 17:00:23 motoko tcp_in_window: sender end=0 maxend=5840 maxwin=1 scale=0 receiver end=1003277755 maxend=1003277755 maxwin=5840 scale=7
Nov 25 17:00:23 motoko tcp_in_window: src=___:80 dst=___:48595 seq=671751393 ack=1003277755 sack =1003277755 win=4356 end=671751394
Nov 25 17:00:23 motoko tcp_in_window: sender end=671751394 maxend=671751394 maxwin=4356 scale=0 receiver end=1003277755 maxend=1003277755 maxwin=5840 scale=7
Nov 25 17:00:23 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:23 motoko tcp_in_window: res=1 sender end=671751394 maxend=671751394 maxwin=4356 receiver end=1003277755 maxend=1003282111 maxwin=5840
Nov 25 17:00:23 motoko tcp_conntracks: src=___:80 dst=___:48595 syn=1 ack=1 fin=0 rst=0 old=1 new=2
Nov 25 17:00:23 motoko tcp_in_window: START
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003277755 ack=671751394 sack=671751394 win=46 end=1003277755
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003277755 maxend=1003282111 maxwin=5840 scale=7 receiver end=671751394 maxend=671751394 maxwin=4356 scale=0
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003277755 ack=671751394 sack =671751394 win=46 end=1003277755
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003277755 maxend=1003282111 maxwin=5840 scale=7 receiver end=671751394 maxend=671751394 maxwin=4356 scale=0
Nov 25 17:00:23 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:23 motoko tcp_in_window: res=1 sender end=1003277755 maxend=1003282111 maxwin=5888 receiver end=671751394 maxend=671757282 maxwin=4356
Nov 25 17:00:23 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=0 ack=1 fin=0 rst=0 old=2 new=3
Nov 25 17:00:23 motoko tcp_in_window: START
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003277755 ack=671751394 sack=671751394 win=46 end=1003278253
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003277755 maxend=1003282111 maxwin=5888 scale=7 receiver end=671751394 maxend=671757282 maxwin=4356 scale=0
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003277755 ack=671751394 sack =671751394 win=46 end=1003278253
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003277755 maxend=1003282111 maxwin=5888 scale=7 receiver end=671751394 maxend=671757282 maxwin=4356 scale=0
Nov 25 17:00:23 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:23 motoko tcp_in_window: res=1 sender end=1003278253 maxend=1003282111 maxwin=5888 receiver end=671751394 maxend=671757282 maxwin=4356
Nov 25 17:00:23 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=0 ack=1 fin=0 rst=0 old=3 new=3
Nov 25 17:00:23 motoko tcp_in_window: START
Nov 25 17:00:23 motoko tcp_in_window: src=___:80 dst=___:48595 seq=671751394 ack=1003278253 sack=1003278253 win=4854 end=671751814
Nov 25 17:00:23 motoko tcp_in_window: sender end=671751394 maxend=671757282 maxwin=4356 scale=0 receiver end=1003278253 maxend=1003282111 maxwin=5888 scale=7
Nov 25 17:00:23 motoko tcp_in_window: src=___:80 dst=___:48595 seq=671751394 ack=1003278253 sack =1003278253 win=4854 end=671751814
Nov 25 17:00:23 motoko tcp_in_window: sender end=671751394 maxend=671757282 maxwin=4356 scale=0 receiver end=1003278253 maxend=1003282111 maxwin=5888 scale=7
Nov 25 17:00:23 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:23 motoko tcp_in_window: res=1 sender end=671751814 maxend=671757282 maxwin=4854 receiver end=1003278253 maxend=1003283107 maxwin=5888
Nov 25 17:00:23 motoko tcp_conntracks: src=___:80 dst=___:48595 syn=0 ack=1 fin=0 rst=0 old=3 new=3
Nov 25 17:00:23 motoko tcp_in_window: START
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751814 sack=671751814 win=54 end=1003278253
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003278253 maxend=1003283107 maxwin=5888 scale=7 receiver end=671751814 maxend=671757282 maxwin=4854 scale=0
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751814 sack =671751814 win=54 end=1003278253
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003278253 maxend=1003283107 maxwin=5888 scale=7 receiver end=671751814 maxend=671757282 maxwin=4854 scale=0
Nov 25 17:00:23 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:23 motoko tcp_in_window: res=1 sender end=1003278253 maxend=1003283107 maxwin=6912 receiver end=671751814 maxend=671758726 maxwin=4854
Nov 25 17:00:23 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=0 ack=1 fin=0 rst=0 old=3 new=3
Nov 25 17:00:23 motoko tcp_in_window: START
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751814 sack=671751814 win=54 end=1003278254
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003278253 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751814 maxend=671758726 maxwin=4854 scale=0
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751814 sack =671751814 win=54 end=1003278254
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003278253 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751814 maxend=671758726 maxwin=4854 scale=0
Nov 25 17:00:23 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:23 motoko tcp_in_window: res=1 sender end=1003278254 maxend=1003283107 maxwin=6912 receiver end=671751814 maxend=671758726 maxwin=4854
Nov 25 17:00:23 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=0 ack=1 fin=1 rst=0 old=3 new=4
Nov 25 17:00:23 motoko tcp_new: sender end=2015426912 maxend=2015426912 maxwin=5840 scale=7 receiver end=0 maxend=0 maxwin=1 scale=0
Nov 25 17:00:23 motoko tcp_in_window: START
Nov 25 17:00:23 motoko tcp_in_window: src=___:80 dst=___:48595 seq=671751814 ack=1003278253 sack=1003278253 win=4854 end=671751815
Nov 25 17:00:23 motoko tcp_in_window: sender end=671751814 maxend=671758726 maxwin=4854 scale=0 receiver end=1003278254 maxend=1003283107 maxwin=6912 scale=7
Nov 25 17:00:23 motoko tcp_in_window: src=___:80 dst=___:48595 seq=671751814 ack=1003278253 sack =1003278253 win=4854 end=671751815
Nov 25 17:00:23 motoko tcp_in_window: sender end=671751814 maxend=671758726 maxwin=4854 scale=0 receiver end=1003278254 maxend=1003283107 maxwin=6912 scale=7
Nov 25 17:00:23 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:23 motoko tcp_in_window: res=1 sender end=671751815 maxend=671758726 maxwin=4854 receiver end=1003278254 maxend=1003283107 maxwin=6912
Nov 25 17:00:23 motoko tcp_conntracks: src=___:80 dst=___:48595 syn=0 ack=1 fin=1 rst=0 old=4 new=6
Nov 25 17:00:23 motoko tcp_in_window: START
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278254 ack=671751815 sack=671751815 win=54 end=1003278254
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003278254 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751815 maxend=671758726 maxwin=4854 scale=0
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278254 ack=671751815 sack =671751815 win=54 end=1003278254
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003278254 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751815 maxend=671758726 maxwin=4854 scale=0
Nov 25 17:00:23 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:23 motoko tcp_in_window: res=1 sender end=1003278254 maxend=1003283107 maxwin=6912 receiver end=671751815 maxend=671758727 maxwin=4854
Nov 25 17:00:23 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=0 ack=1 fin=0 rst=0 old=6 new=7
Nov 25 17:00:25 motoko tcp_in_window: START
Nov 25 17:00:25 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751815 sack=671751815 win=54 end=1003278254
Nov 25 17:00:25 motoko tcp_in_window: sender end=1003278254 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751815 maxend=671758727 maxwin=4854 scale=0
Nov 25 17:00:25 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751815 sack =671751815 win=54 end=1003278254
Nov 25 17:00:25 motoko tcp_in_window: sender end=1003278254 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751815 maxend=671758727 maxwin=4854 scale=0
Nov 25 17:00:25 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:25 motoko tcp_in_window: res=1 sender end=1003278254 maxend=1003283107 maxwin=6912 receiver end=671751815 maxend=671758727 maxwin=4854
Nov 25 17:00:25 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=0 ack=1 fin=1 rst=0 old=7 new=7
Nov 25 17:00:25 motoko tcp_in_window: START
Nov 25 17:00:25 motoko tcp_in_window: src=___:80 dst=___:48595 seq=671751814 ack=1003278254 sack=1003278254 win=54 end=671751814
Nov 25 17:00:25 motoko tcp_in_window: sender end=671751815 maxend=671758727 maxwin=4854 scale=0 receiver end=1003278254 maxend=1003283107 maxwin=6912 scale=7
Nov 25 17:00:25 motoko tcp_in_window: src=___:80 dst=___:48595 seq=671751814 ack=1003278254 sack =1003278254 win=54 end=671751814
Nov 25 17:00:25 motoko tcp_in_window: sender end=671751815 maxend=671758727 maxwin=4854 scale=0 receiver end=1003278254 maxend=1003283107 maxwin=6912 scale=7
Nov 25 17:00:25 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:25 motoko tcp_in_window: res=1 sender end=671751815 maxend=671758727 maxwin=4854 receiver end=1003278254 maxend=1003283107 maxwin=6912
Nov 25 17:00:25 motoko tcp_conntracks: src=___:80 dst=___:48595 syn=0 ack=0 fin=0 rst=1 old=7 new=8
Nov 25 17:00:27 motoko tcp_in_window: START
Nov 25 17:00:27 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751815 sack=671751815 win=54 end=1003278254
Nov 25 17:00:27 motoko tcp_in_window: sender end=1003278254 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751815 maxend=671758727 maxwin=4854 scale=0
Nov 25 17:00:27 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751815 sack =671751815 win=54 end=1003278254
Nov 25 17:00:27 motoko tcp_in_window: sender end=1003278254 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751815 maxend=671758727 maxwin=4854 scale=0
Nov 25 17:00:27 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:27 motoko tcp_in_window: res=1 sender end=1003278254 maxend=1003283107 maxwin=6912 receiver end=671751815 maxend=671758727 maxwin=4854
Nov 25 17:00:27 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=0 ack=1 fin=1 rst=0 old=8 new=8
Nov 25 17:00:33 motoko tcp_in_window: START
Nov 25 17:00:33 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751815 sack=671751815 win=54 end=1003278254
Nov 25 17:00:33 motoko tcp_in_window: sender end=1003278254 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751815 maxend=671758727 maxwin=4854 scale=0
Nov 25 17:00:33 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751815 sack =671751815 win=54 end=1003278254
Nov 25 17:00:33 motoko tcp_in_window: sender end=1003278254 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751815 maxend=671758727 maxwin=4854 scale=0
Nov 25 17:00:33 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:33 motoko tcp_in_window: res=1 sender end=1003278254 maxend=1003283107 maxwin=6912 receiver end=671751815 maxend=671758727 maxwin=4854
Nov 25 17:00:33 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=0 ack=1 fin=1 rst=0 old=8 new=8
Nov 25 17:00:45 motoko nf_ct_tcp: invalid new deleting.
Nov 25 17:00:45 motoko fire: OUTPUT IN= OUT=eth1 SRC=172.16.8.12 DST=195.71.11.83 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19465 DF PROTO=TCP SPT=48595 DPT=80 WINDOW=54 RES=0x00 ACK FIN URGP=0
Nov 25 17:00:45 motoko fire: INVALID IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.16.8.12 DST=172.16.8.12 LEN=80 TOS=0x00 PREC=0xC0 TTL=64 ID=29673 PROTO=ICMP TYPE=3 CODE=13 [SRC=172.16.8.12 DST=195.71.11.83 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19465 DF PROTO=TCP SPT=48595 DPT=80 WINDOW=54 RES=0x00 ACK FIN URGP=0 ]
Nov 25 17:01:08 motoko nf_ct_tcp: invalid new deleting.
Nov 25 17:01:08 motoko fire: OUTPUT IN= OUT=eth1 SRC=172.16.8.12 DST=195.71.11.83 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19466 DF PROTO=TCP SPT=48595 DPT=80 WINDOW=54 RES=0x00 ACK FIN URGP=0
Nov 25 17:01:08 motoko fire: INVALID IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.16.8.12 DST=172.16.8.12 LEN=80 TOS=0x00 PREC=0xC0 TTL=64 ID=29685 PROTO=ICMP TYPE=3 CODE=13 [SRC=172.16.8.12 DST=195.71.11.83 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19466 DF PROTO=TCP SPT=48595 DPT=80 WINDOW=54 RES=0x00 ACK FIN URGP=0 ]
Nov 25 17:01:54 motoko nf_ct_tcp: invalid new deleting.
Nov 25 17:01:54 motoko fire: OUTPUT IN= OUT=eth1 SRC=172.16.8.12 DST=195.71.11.83 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19467 DF PROTO=TCP SPT=48595 DPT=80 WINDOW=54 RES=0x00 ACK FIN URGP=0
Nov 25 17:01:54 motoko fire: INVALID IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.16.8.12 DST=172.16.8.12 LEN=80 TOS=0x00 PREC=0xC0 TTL=64 ID=29697 PROTO=ICMP TYPE=3 CODE=13 [SRC=172.16.8.12 DST=195.71.11.83 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19467 DF PROTO=TCP SPT=48595 DPT=80 WINDOW=54 RES=0x00 ACK FIN URGP=0 ]
Nov 25 17:03:26 motoko nf_ct_tcp: invalid new deleting.
Nov 25 17:03:26 motoko fire: OUTPUT IN= OUT=eth1 SRC=172.16.8.12 DST=195.71.11.83 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19468 DF PROTO=TCP SPT=48595 DPT=80 WINDOW=54 RES=0x00 ACK FIN URGP=0
Nov 25 17:03:26 motoko fire: INVALID IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.16.8.12 DST=172.16.8.12 LEN=80 TOS=0x00 PREC=0xC0 TTL=64 ID=29709 PROTO=ICMP TYPE=3 CODE=13 [SRC=172.16.8.12 DST=195.71.11.83 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19468 DF PROTO=TCP SPT=48595 DPT=80 WINDOW=54 RES=0x00 ACK FIN URGP=0 ]
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
prev parent reply other threads:[~2007-11-26 22:10 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-14 10:02 INVALID FIN/ACK packets Aiko Barz
2007-11-14 22:35 ` Olivier Sessink
2007-11-15 9:57 ` Jozsef Kadlecsik
2007-11-26 22:10 ` Aiko Barz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071126221006.GA5729@motoko \
--to=aiko@deepco.de \
--cc=kadlec@blackhole.kfki.hu \
--cc=lists@olivier.pk.wau.nl \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox