* INVALID FIN/ACK packets
@ 2007-11-14 10:02 Aiko Barz
2007-11-14 22:35 ` Olivier Sessink
0 siblings, 1 reply; 4+ messages in thread
From: Aiko Barz @ 2007-11-14 10:02 UTC (permalink / raw)
To: netfilter; +Cc: aiko
[-- Attachment #1: Type: text/plain, Size: 2916 bytes --]
Hi,
like others, I'm facing some conntrack problems. A typical logentry
looks like this:
> Nov 14 10:46:22 lain fire: INVALID IN=eth0 OUT= MAC=00:e0:81:5c:f7:d9:00:02:85:04:0e:c0:08:00 SRC=a.b.c.d DST=88.198.253.172 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=47775 DF PROTO=TCP SPT=49184 DPT=993 WINDOW=65535 RES=0x00 ACK RST URGP=0
> Nov 14 10:46:22 lain fire: INPUT IN=eth0 OUT= MAC=00:e0:81:5c:f7:d9:00:02:85:04:0e:c0:08:00 SRC=a.b.c.d DST=88.198.253.172 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=47775 DF PROTO=TCP SPT=49184 DPT=993 WINDOW=65535 RES=0x00 ACK RST URGP=0
> Nov 14 10:46:22 lain fire: OUTPUT IN= OUT=eth0 SRC=88.198.253.172 DST=a.b.c.d LEN=68 TOS=0x00 PREC=0xC0 TTL=64 ID=13872 PROTO=ICMP TYPE=3 CODE=13 [SRC=a.b.c.d DST=88.198.253.172 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=47775 DF PROTO=TCP SPT=49184 DPT=993 WINDOW=65535 RES=0x00 ACK RST URGP=0 ]
lain is an IMAP server. This is not happening in any FORWARDING chain.
I have one more server with this same kind of problem. "ACK RST" and
"ACK FIN" packets are involved.
> $ uname -a
> Linux lain 2.6.22-gentoo-r8-lain #2 SMP Wed Oct 24 13:48:14 CEST 2007 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ AuthenticAMD GNU/Linux
> sysctl -a| grep -i conntrack
> net.netfilter.nf_conntrack_generic_timeout = 600
> net.netfilter.nf_conntrack_max = 65536
> net.netfilter.nf_conntrack_count = 127
> net.netfilter.nf_conntrack_buckets = 8192
> net.netfilter.nf_conntrack_checksum = 1
> net.netfilter.nf_conntrack_log_invalid = 1
> net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
> net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
> net.netfilter.nf_conntrack_tcp_timeout_established = 432000
> net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
> net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
> net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
> net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
> net.netfilter.nf_conntrack_tcp_timeout_close = 10
> net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
> net.netfilter.nf_conntrack_tcp_loose = 1
> net.netfilter.nf_conntrack_tcp_be_liberal = 0
> net.netfilter.nf_conntrack_tcp_max_retrans = 3
> net.netfilter.nf_conntrack_udp_timeout = 30
> net.netfilter.nf_conntrack_udp_timeout_stream = 180
> net.netfilter.nf_conntrack_icmp_timeout = 30
> net.nf_conntrack_max = 65536
The rules are basically like the following set:
> $fw -A INPUT -m state --state INVALID -j LOG --log-prefix "fire: INVALID "
> $fw -A INPUT -i $dev -m state --state ESTABLISHED,RELATED -s $world -d $myip -j ACCEPT
> $fw -A OUTPUT -o $dev -m state --state ESTABLISHED,RELATED -d $world -s $myip -j ACCEPT
> $fw -A INPUT -i $dev -p tcp -m tcp -m state --state NEW --syn -s $world --sport 1024: -d $myip --dport 993 -j ACCEPT
Those rules are working most of the time. But there are quite a number
of invalid connections...
Bye,
Aiko
--
:wq
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: INVALID FIN/ACK packets
2007-11-14 10:02 INVALID FIN/ACK packets Aiko Barz
@ 2007-11-14 22:35 ` Olivier Sessink
2007-11-15 9:57 ` Jozsef Kadlecsik
0 siblings, 1 reply; 4+ messages in thread
From: Olivier Sessink @ 2007-11-14 22:35 UTC (permalink / raw)
To: Aiko Barz, netfilter
Aiko Barz wrote:
> Hi,
>
> like others, I'm facing some conntrack problems. A typical logentry
> looks like this:
>
>> Nov 14 10:46:22 lain fire: INVALID IN=eth0 OUT= MAC=00:e0:81:5c:f7:d9:00:02:85:04:0e:c0:08:00 SRC=a.b.c.d DST=88.198.253.172 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=47775 DF PROTO=TCP SPT=49184 DPT=993 WINDOW=65535 RES=0x00 ACK RST URGP=0
>> Nov 14 10:46:22 lain fire: INPUT IN=eth0 OUT= MAC=00:e0:81:5c:f7:d9:00:02:85:04:0e:c0:08:00 SRC=a.b.c.d DST=88.198.253.172 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=47775 DF PROTO=TCP SPT=49184 DPT=993 WINDOW=65535 RES=0x00 ACK RST URGP=0
>> Nov 14 10:46:22 lain fire: OUTPUT IN= OUT=eth0 SRC=88.198.253.172 DST=a.b.c.d LEN=68 TOS=0x00 PREC=0xC0 TTL=64 ID=13872 PROTO=ICMP TYPE=3 CODE=13 [SRC=a.b.c.d DST=88.198.253.172 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=47775 DF PROTO=TCP SPT=49184 DPT=993 WINDOW=65535 RES=0x00 ACK RST URGP=0 ]
>
> lain is an IMAP server. This is not happening in any FORWARDING chain.
> I have one more server with this same kind of problem. "ACK RST" and
> "ACK FIN" packets are involved.
same problem here. Even on a local very high speed (gigabit) network I
see INVALID packages when connections are closed (especially when the
server load is high). I see them between blades in the same bladecenter.
I think that the timeouts are too strict. Most of the problems are
solved (for me) when the timeouts are increased:
echo "240" >
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
echo "60" > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
echo "240" > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
echo "60" > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_last_ack
perhaps one of the developers can elaborate why these timeouts are this
strict by default?
Olivier
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: INVALID FIN/ACK packets
2007-11-14 22:35 ` Olivier Sessink
@ 2007-11-15 9:57 ` Jozsef Kadlecsik
2007-11-26 22:10 ` Aiko Barz
0 siblings, 1 reply; 4+ messages in thread
From: Jozsef Kadlecsik @ 2007-11-15 9:57 UTC (permalink / raw)
To: Olivier Sessink; +Cc: Aiko Barz, netfilter
On Wed, 14 Nov 2007, Olivier Sessink wrote:
> > I have one more server with this same kind of problem. "ACK RST" and
> > "ACK FIN" packets are involved.
Please enable full internal logging in netfilter and make sure at least
one loggin target module is loaded in and record by tcpdump one full
TCP session where such packets occurs. Then send me the generated kernel
log and the dump file so that I could analyze it.
> same problem here. Even on a local very high speed (gigabit) network I
> see INVALID packages when connections are closed (especially when the
> server load is high). I see them between blades in the same bladecenter.
>
> I think that the timeouts are too strict. Most of the problems are
> solved (for me) when the timeouts are increased:
>
> echo "240" >
> /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
> echo "60" > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
> echo "240" > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
> echo "60" > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_last_ack
>
> perhaps one of the developers can elaborate why these timeouts are this
> strict by default?
If you increase the timeouts, then you may store dead connections
unnecessarily. If you have got enough RAM and increased the hash size of
the conntrack table then that's not a real problem of course.
Best regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: INVALID FIN/ACK packets
2007-11-15 9:57 ` Jozsef Kadlecsik
@ 2007-11-26 22:10 ` Aiko Barz
0 siblings, 0 replies; 4+ messages in thread
From: Aiko Barz @ 2007-11-26 22:10 UTC (permalink / raw)
To: Jozsef Kadlecsik; +Cc: Olivier Sessink, netfilter
[-- Attachment #1.1: Type: text/plain, Size: 927 bytes --]
On Thu, Nov 15, 2007 at 10:57:44AM +0100, Jozsef Kadlecsik wrote:
> On Wed, 14 Nov 2007, Olivier Sessink wrote:
>
> > > I have one more server with this same kind of problem. "ACK RST" and
> > > "ACK FIN" packets are involved.
>
> Please enable full internal logging in netfilter and make sure at least
> one loggin target module is loaded in and record by tcpdump one full
> TCP session where such packets occurs. Then send me the generated kernel
> log and the dump file so that I could analyze it.
Hm,
maybe other people would like to look at it too. :)
Still don't have a tcpdump, but I attached the internal conntrack log.
I didn't do it on my servers, because they are in use. I used my
Notebook, which is having the same symptoms. My servers have several
thousand entries of this kind each day.
Bye,
Aiko
PS.: I also tried the vanilla 2.6.23.9 kernel. Still suffering...
--
:wq
[-- Attachment #1.2: dmesg.txt --]
[-- Type: text/plain, Size: 14546 bytes --]
Nov 25 17:00:22 motoko tcp_in_window: START
Nov 25 17:00:22 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003277754 ack=0 sack=0 win=5840 end=1003277755
Nov 25 17:00:22 motoko tcp_in_window: sender end=1003277755 maxend=1003277755 maxwin=5840 scale=7 receiver end=0 maxend=0 maxwin=1 scale=0
Nov 25 17:00:22 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003277754 ack=0 sack =0 win=5840 end=1003277755
Nov 25 17:00:22 motoko tcp_in_window: sender end=1003277755 maxend=1003277755 maxwin=5840 scale=7 receiver end=0 maxend=0 maxwin=1 scale=0
Nov 25 17:00:22 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:22 motoko tcp_in_window: res=1 sender end=1003277755 maxend=1003277755 maxwin=5840 receiver end=0 maxend=5840 maxwin=1
Nov 25 17:00:22 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=1 ack=0 fin=0 rst=0 old=0 new=1
Nov 25 17:00:23 motoko tcp_in_window: START
Nov 25 17:00:23 motoko tcp_in_window: src=___:80 dst=___:48595 seq=671751393 ack=1003277755 sack=1003277755 win=4356 end=671751394
Nov 25 17:00:23 motoko tcp_in_window: sender end=0 maxend=5840 maxwin=1 scale=0 receiver end=1003277755 maxend=1003277755 maxwin=5840 scale=7
Nov 25 17:00:23 motoko tcp_in_window: src=___:80 dst=___:48595 seq=671751393 ack=1003277755 sack =1003277755 win=4356 end=671751394
Nov 25 17:00:23 motoko tcp_in_window: sender end=671751394 maxend=671751394 maxwin=4356 scale=0 receiver end=1003277755 maxend=1003277755 maxwin=5840 scale=7
Nov 25 17:00:23 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:23 motoko tcp_in_window: res=1 sender end=671751394 maxend=671751394 maxwin=4356 receiver end=1003277755 maxend=1003282111 maxwin=5840
Nov 25 17:00:23 motoko tcp_conntracks: src=___:80 dst=___:48595 syn=1 ack=1 fin=0 rst=0 old=1 new=2
Nov 25 17:00:23 motoko tcp_in_window: START
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003277755 ack=671751394 sack=671751394 win=46 end=1003277755
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003277755 maxend=1003282111 maxwin=5840 scale=7 receiver end=671751394 maxend=671751394 maxwin=4356 scale=0
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003277755 ack=671751394 sack =671751394 win=46 end=1003277755
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003277755 maxend=1003282111 maxwin=5840 scale=7 receiver end=671751394 maxend=671751394 maxwin=4356 scale=0
Nov 25 17:00:23 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:23 motoko tcp_in_window: res=1 sender end=1003277755 maxend=1003282111 maxwin=5888 receiver end=671751394 maxend=671757282 maxwin=4356
Nov 25 17:00:23 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=0 ack=1 fin=0 rst=0 old=2 new=3
Nov 25 17:00:23 motoko tcp_in_window: START
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003277755 ack=671751394 sack=671751394 win=46 end=1003278253
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003277755 maxend=1003282111 maxwin=5888 scale=7 receiver end=671751394 maxend=671757282 maxwin=4356 scale=0
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003277755 ack=671751394 sack =671751394 win=46 end=1003278253
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003277755 maxend=1003282111 maxwin=5888 scale=7 receiver end=671751394 maxend=671757282 maxwin=4356 scale=0
Nov 25 17:00:23 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:23 motoko tcp_in_window: res=1 sender end=1003278253 maxend=1003282111 maxwin=5888 receiver end=671751394 maxend=671757282 maxwin=4356
Nov 25 17:00:23 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=0 ack=1 fin=0 rst=0 old=3 new=3
Nov 25 17:00:23 motoko tcp_in_window: START
Nov 25 17:00:23 motoko tcp_in_window: src=___:80 dst=___:48595 seq=671751394 ack=1003278253 sack=1003278253 win=4854 end=671751814
Nov 25 17:00:23 motoko tcp_in_window: sender end=671751394 maxend=671757282 maxwin=4356 scale=0 receiver end=1003278253 maxend=1003282111 maxwin=5888 scale=7
Nov 25 17:00:23 motoko tcp_in_window: src=___:80 dst=___:48595 seq=671751394 ack=1003278253 sack =1003278253 win=4854 end=671751814
Nov 25 17:00:23 motoko tcp_in_window: sender end=671751394 maxend=671757282 maxwin=4356 scale=0 receiver end=1003278253 maxend=1003282111 maxwin=5888 scale=7
Nov 25 17:00:23 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:23 motoko tcp_in_window: res=1 sender end=671751814 maxend=671757282 maxwin=4854 receiver end=1003278253 maxend=1003283107 maxwin=5888
Nov 25 17:00:23 motoko tcp_conntracks: src=___:80 dst=___:48595 syn=0 ack=1 fin=0 rst=0 old=3 new=3
Nov 25 17:00:23 motoko tcp_in_window: START
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751814 sack=671751814 win=54 end=1003278253
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003278253 maxend=1003283107 maxwin=5888 scale=7 receiver end=671751814 maxend=671757282 maxwin=4854 scale=0
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751814 sack =671751814 win=54 end=1003278253
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003278253 maxend=1003283107 maxwin=5888 scale=7 receiver end=671751814 maxend=671757282 maxwin=4854 scale=0
Nov 25 17:00:23 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:23 motoko tcp_in_window: res=1 sender end=1003278253 maxend=1003283107 maxwin=6912 receiver end=671751814 maxend=671758726 maxwin=4854
Nov 25 17:00:23 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=0 ack=1 fin=0 rst=0 old=3 new=3
Nov 25 17:00:23 motoko tcp_in_window: START
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751814 sack=671751814 win=54 end=1003278254
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003278253 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751814 maxend=671758726 maxwin=4854 scale=0
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751814 sack =671751814 win=54 end=1003278254
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003278253 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751814 maxend=671758726 maxwin=4854 scale=0
Nov 25 17:00:23 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:23 motoko tcp_in_window: res=1 sender end=1003278254 maxend=1003283107 maxwin=6912 receiver end=671751814 maxend=671758726 maxwin=4854
Nov 25 17:00:23 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=0 ack=1 fin=1 rst=0 old=3 new=4
Nov 25 17:00:23 motoko tcp_new: sender end=2015426912 maxend=2015426912 maxwin=5840 scale=7 receiver end=0 maxend=0 maxwin=1 scale=0
Nov 25 17:00:23 motoko tcp_in_window: START
Nov 25 17:00:23 motoko tcp_in_window: src=___:80 dst=___:48595 seq=671751814 ack=1003278253 sack=1003278253 win=4854 end=671751815
Nov 25 17:00:23 motoko tcp_in_window: sender end=671751814 maxend=671758726 maxwin=4854 scale=0 receiver end=1003278254 maxend=1003283107 maxwin=6912 scale=7
Nov 25 17:00:23 motoko tcp_in_window: src=___:80 dst=___:48595 seq=671751814 ack=1003278253 sack =1003278253 win=4854 end=671751815
Nov 25 17:00:23 motoko tcp_in_window: sender end=671751814 maxend=671758726 maxwin=4854 scale=0 receiver end=1003278254 maxend=1003283107 maxwin=6912 scale=7
Nov 25 17:00:23 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:23 motoko tcp_in_window: res=1 sender end=671751815 maxend=671758726 maxwin=4854 receiver end=1003278254 maxend=1003283107 maxwin=6912
Nov 25 17:00:23 motoko tcp_conntracks: src=___:80 dst=___:48595 syn=0 ack=1 fin=1 rst=0 old=4 new=6
Nov 25 17:00:23 motoko tcp_in_window: START
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278254 ack=671751815 sack=671751815 win=54 end=1003278254
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003278254 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751815 maxend=671758726 maxwin=4854 scale=0
Nov 25 17:00:23 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278254 ack=671751815 sack =671751815 win=54 end=1003278254
Nov 25 17:00:23 motoko tcp_in_window: sender end=1003278254 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751815 maxend=671758726 maxwin=4854 scale=0
Nov 25 17:00:23 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:23 motoko tcp_in_window: res=1 sender end=1003278254 maxend=1003283107 maxwin=6912 receiver end=671751815 maxend=671758727 maxwin=4854
Nov 25 17:00:23 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=0 ack=1 fin=0 rst=0 old=6 new=7
Nov 25 17:00:25 motoko tcp_in_window: START
Nov 25 17:00:25 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751815 sack=671751815 win=54 end=1003278254
Nov 25 17:00:25 motoko tcp_in_window: sender end=1003278254 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751815 maxend=671758727 maxwin=4854 scale=0
Nov 25 17:00:25 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751815 sack =671751815 win=54 end=1003278254
Nov 25 17:00:25 motoko tcp_in_window: sender end=1003278254 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751815 maxend=671758727 maxwin=4854 scale=0
Nov 25 17:00:25 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:25 motoko tcp_in_window: res=1 sender end=1003278254 maxend=1003283107 maxwin=6912 receiver end=671751815 maxend=671758727 maxwin=4854
Nov 25 17:00:25 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=0 ack=1 fin=1 rst=0 old=7 new=7
Nov 25 17:00:25 motoko tcp_in_window: START
Nov 25 17:00:25 motoko tcp_in_window: src=___:80 dst=___:48595 seq=671751814 ack=1003278254 sack=1003278254 win=54 end=671751814
Nov 25 17:00:25 motoko tcp_in_window: sender end=671751815 maxend=671758727 maxwin=4854 scale=0 receiver end=1003278254 maxend=1003283107 maxwin=6912 scale=7
Nov 25 17:00:25 motoko tcp_in_window: src=___:80 dst=___:48595 seq=671751814 ack=1003278254 sack =1003278254 win=54 end=671751814
Nov 25 17:00:25 motoko tcp_in_window: sender end=671751815 maxend=671758727 maxwin=4854 scale=0 receiver end=1003278254 maxend=1003283107 maxwin=6912 scale=7
Nov 25 17:00:25 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:25 motoko tcp_in_window: res=1 sender end=671751815 maxend=671758727 maxwin=4854 receiver end=1003278254 maxend=1003283107 maxwin=6912
Nov 25 17:00:25 motoko tcp_conntracks: src=___:80 dst=___:48595 syn=0 ack=0 fin=0 rst=1 old=7 new=8
Nov 25 17:00:27 motoko tcp_in_window: START
Nov 25 17:00:27 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751815 sack=671751815 win=54 end=1003278254
Nov 25 17:00:27 motoko tcp_in_window: sender end=1003278254 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751815 maxend=671758727 maxwin=4854 scale=0
Nov 25 17:00:27 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751815 sack =671751815 win=54 end=1003278254
Nov 25 17:00:27 motoko tcp_in_window: sender end=1003278254 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751815 maxend=671758727 maxwin=4854 scale=0
Nov 25 17:00:27 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:27 motoko tcp_in_window: res=1 sender end=1003278254 maxend=1003283107 maxwin=6912 receiver end=671751815 maxend=671758727 maxwin=4854
Nov 25 17:00:27 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=0 ack=1 fin=1 rst=0 old=8 new=8
Nov 25 17:00:33 motoko tcp_in_window: START
Nov 25 17:00:33 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751815 sack=671751815 win=54 end=1003278254
Nov 25 17:00:33 motoko tcp_in_window: sender end=1003278254 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751815 maxend=671758727 maxwin=4854 scale=0
Nov 25 17:00:33 motoko tcp_in_window: src=___:48595 dst=___:80 seq=1003278253 ack=671751815 sack =671751815 win=54 end=1003278254
Nov 25 17:00:33 motoko tcp_in_window: sender end=1003278254 maxend=1003283107 maxwin=6912 scale=7 receiver end=671751815 maxend=671758727 maxwin=4854 scale=0
Nov 25 17:00:33 motoko tcp_in_window: I=1 II=1 III=1 IV=1
Nov 25 17:00:33 motoko tcp_in_window: res=1 sender end=1003278254 maxend=1003283107 maxwin=6912 receiver end=671751815 maxend=671758727 maxwin=4854
Nov 25 17:00:33 motoko tcp_conntracks: src=___:48595 dst=___:80 syn=0 ack=1 fin=1 rst=0 old=8 new=8
Nov 25 17:00:45 motoko nf_ct_tcp: invalid new deleting.
Nov 25 17:00:45 motoko fire: OUTPUT IN= OUT=eth1 SRC=172.16.8.12 DST=195.71.11.83 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19465 DF PROTO=TCP SPT=48595 DPT=80 WINDOW=54 RES=0x00 ACK FIN URGP=0
Nov 25 17:00:45 motoko fire: INVALID IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.16.8.12 DST=172.16.8.12 LEN=80 TOS=0x00 PREC=0xC0 TTL=64 ID=29673 PROTO=ICMP TYPE=3 CODE=13 [SRC=172.16.8.12 DST=195.71.11.83 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19465 DF PROTO=TCP SPT=48595 DPT=80 WINDOW=54 RES=0x00 ACK FIN URGP=0 ]
Nov 25 17:01:08 motoko nf_ct_tcp: invalid new deleting.
Nov 25 17:01:08 motoko fire: OUTPUT IN= OUT=eth1 SRC=172.16.8.12 DST=195.71.11.83 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19466 DF PROTO=TCP SPT=48595 DPT=80 WINDOW=54 RES=0x00 ACK FIN URGP=0
Nov 25 17:01:08 motoko fire: INVALID IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.16.8.12 DST=172.16.8.12 LEN=80 TOS=0x00 PREC=0xC0 TTL=64 ID=29685 PROTO=ICMP TYPE=3 CODE=13 [SRC=172.16.8.12 DST=195.71.11.83 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19466 DF PROTO=TCP SPT=48595 DPT=80 WINDOW=54 RES=0x00 ACK FIN URGP=0 ]
Nov 25 17:01:54 motoko nf_ct_tcp: invalid new deleting.
Nov 25 17:01:54 motoko fire: OUTPUT IN= OUT=eth1 SRC=172.16.8.12 DST=195.71.11.83 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19467 DF PROTO=TCP SPT=48595 DPT=80 WINDOW=54 RES=0x00 ACK FIN URGP=0
Nov 25 17:01:54 motoko fire: INVALID IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.16.8.12 DST=172.16.8.12 LEN=80 TOS=0x00 PREC=0xC0 TTL=64 ID=29697 PROTO=ICMP TYPE=3 CODE=13 [SRC=172.16.8.12 DST=195.71.11.83 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19467 DF PROTO=TCP SPT=48595 DPT=80 WINDOW=54 RES=0x00 ACK FIN URGP=0 ]
Nov 25 17:03:26 motoko nf_ct_tcp: invalid new deleting.
Nov 25 17:03:26 motoko fire: OUTPUT IN= OUT=eth1 SRC=172.16.8.12 DST=195.71.11.83 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19468 DF PROTO=TCP SPT=48595 DPT=80 WINDOW=54 RES=0x00 ACK FIN URGP=0
Nov 25 17:03:26 motoko fire: INVALID IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.16.8.12 DST=172.16.8.12 LEN=80 TOS=0x00 PREC=0xC0 TTL=64 ID=29709 PROTO=ICMP TYPE=3 CODE=13 [SRC=172.16.8.12 DST=195.71.11.83 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19468 DF PROTO=TCP SPT=48595 DPT=80 WINDOW=54 RES=0x00 ACK FIN URGP=0 ]
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-11-26 22:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-11-14 10:02 INVALID FIN/ACK packets Aiko Barz
2007-11-14 22:35 ` Olivier Sessink
2007-11-15 9:57 ` Jozsef Kadlecsik
2007-11-26 22:10 ` Aiko Barz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox