Re: Problem with TCP connection not opening properly
From: Tony Mountifield (tony_at_softins.clara.co.uk)
Date: 04/01/04
- Next message: Hammercode: "WAP stack for linux"
- Previous message: NeCrOS: "Re: [Q] any wireless card support LINUX driver?"
- In reply to: Tim Haynes: "Re: Problem with TCP connection not opening properly"
- Next in thread: Alex Butcher: "Re: Problem with TCP connection not opening properly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 1 Apr 2004 13:18:02 +0100
Tim Haynes <news-reply{at}stirfried.vegetable.org.uk> wrote:
> tony@softins.clara.co.uk (Tony Mountifield) writes:
>
> [snip]
> > http://www.softins.co.uk/tcp-problem.html shows packet traces from both
> > ends of the connection. Please would any folks knowledgable in this area
> > take a look and make any suggestions?
I've added a bit more to that web page, some of which repeats what I
have said below, and also a packet trace from a successful transaction.
> What firewalling arrangements do you have on both boxes? Are any packets
> being reported as lost at these times?
The server has no iptables rules set up. The client has an ipchains
firewall, but the output chain includes a rule allowing anything to go
to the IP address of the server. The only rules preceding it are rules
to allow anything via eth0 or lo. The client's Internet interface is
ADSL on ppp0.
> How frequently does it occur? I gather from `fairly regularly' that it's
> not necessarily *ever* connection between these boxes, is it most? When it
> happens, is it only these two boxes?
Well these are the only two boxes I can log both ends of. But I saw a
similar server-side sequence this morning from a colleague's attempt to
poll the same box, from a Windows client via a Linux NAT router/firewall.
My client polls the server for mail every 2 minutes, and I get one of
these failures every 1-3 hours. So probably 1 in 50-100 times.
> Are you getting any kernel messages in `dmesg` (maybe check kern.log)
> around the times of dropped packets, perhaps related to ip_conntrack_max?
No, nothing in the logs at all. Other rejected packets are logged at
different times, but nothing related to this.
> I'm not convinced about the client's method of closing down the connection
> either - it sends a RST, gets a FIN/ACK back, and sends *another* RST, is
> this normal, anyone?
>
> What kernel patches do you have on the boxes, particularly on the server?
> Any GRsecurity in evidence, complete with its rand_ip_ids and rand_isns
> options?
It's a stock 2.4.22 kernel for Fedora Core 1. The only mod is to recompile
with the RTC set to be a module instead of compiled in. But I have been
seeing this problem for quite a while (I posted about it on 5 January, to
which you also replied), since before I made any mods.
The bit I don't understand is why the client doesn't repeat the ACK when
it receives a duplicate SYN|ACK. Stevens' TCP/IP Vol 1 doesn't seem to
discuss this particular scenario.
Cheers,
Tony
-- Tony Mountifield Work: tony@softins.co.uk - http://www.softins.co.uk Play: tony@mountifield.org - http://tony.mountifield.org
- Next message: Hammercode: "WAP stack for linux"
- Previous message: NeCrOS: "Re: [Q] any wireless card support LINUX driver?"
- In reply to: Tim Haynes: "Re: Problem with TCP connection not opening properly"
- Next in thread: Alex Butcher: "Re: Problem with TCP connection not opening properly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
