From: "Robert M. Albrecht" <romal@gmx.de>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: netfilter@vger.kernel.org
Subject: Re: illegal packets
Date: Sat, 16 Feb 2008 22:08:23 +0100 [thread overview]
Message-ID: <47B750C7.2070707@gmx.de> (raw)
In-Reply-To: <Pine.LNX.4.64.0802162139240.26797@blackhole.kfki.hu>
Hi Jozsef,
thanks for your fast reply.
As newer kernels as 2.6.24 aren`t supported in OpenWRT I have to ignore it
for the moment :-(
For the moment I have to remove the INVALID statement from my configuration
for the recent-module, as recent puts this invalid packets on the blacklist.
cu romal
Jozsef Kadlecsik schrieb:
> On Sat, 16 Feb 2008, Robert M. Albrecht wrote:
>
>> I keep getting this invalid packets, one to five per minute.
>>
>> Why are the invalid ?
>
>> kernel: nf_ct_tcp: invalid packed ignored IN= OUT= SRC=212.60.137.183
>> DST=217.72.204.254 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=25024 DF
>> PROTO=TCP SPT=52369 DPT=80 SEQ=4686532 ACK=0 WINDOW=5840 RES=0x00 SYN
>> URGP=0 OPT (020405B40402080A0244
>
> This is a connection-initiating SYN packet, but there is an existing
> connection already between 212.60.137.183:52369<->217.72.204.254:80.
> So the firewall ignores the packet (does not take it into account at
> keeping track the connection, but lets it through). Probably it's a
> connection-reopening, which is not handled properly.
>
> The newest git tree contains a fix for reopening connections. So either
> upgrade or ignore the invalid packet warnings ;-).
>
> Best regards,
> Jozsef
> -
> E-mail : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : KFKI Research Institute for Particle and Nuclear Physics
> H-1525 Budapest 114, POB. 49, Hungary
> -
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2008-02-16 21:08 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-16 20:15 illegal packets Robert M. Albrecht
2008-02-16 20:51 ` Jozsef Kadlecsik
2008-02-16 21:08 ` Robert M. Albrecht [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47B750C7.2070707@gmx.de \
--to=romal@gmx.de \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox