Daniel Drake wrote:
When retrying the telnet test, this appears in the logs:
Jul 8 14:53:04 dsd inv IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1
LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=15 DF PROTO=TCP SPT=80 DPT=58950 WINDOW=0
RES=0x00 ACK RST URGP=0
Does this mean that the kernel thinks its own ACK RST packet is invalid?
I think I know what happens. In 2.6.12 we started dropping the conntrack
reference when a packet leaves IP, so packets on loopback are tracked
twice (LOCAL_OUT/PRE_ROUTING). TCP connection tracking destroys a
conntrack entry when the only reply is an RST. So when the packet is
tracked for the second time in PRE_ROUTING, the conntrack entry can't
be found anymore and the packet is considered invalid.
You could confirm this theory by logging invalid packets in LOCAL_OUT
and in PRE_ROUTING - only PRE_ROUTING should trigger. I'm going to
think about a solution meanwhile.
Regards
Patrick
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
|
|