| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070802095550.GA27226@2ka.mipt.ru> Date: Thu, 2 Aug 2007 13:55:50 +0400 From: Evgeniy Polyakov <johnpol@....mipt.ru> To: john@...een.lv Cc: netdev@...r.kernel.org Subject: Re: strange tcp behavior On Thu, Aug 02, 2007 at 09:19:06AM +0300, john@...een.lv (john@...een.lv) wrote: > 1186035057.207629 127.0.0.1 -> 127.0.0.1 TCP 50000 > smtp [SYN] > Seq=0 Len=0 > 1186035057.207632 127.0.0.1 -> 127.0.0.1 TCP smtp > 50000 [SYN, ACK] > Seq=0 Ack=1 Win=32792 Len=0 MSS=16396 > 1186035057.207666 127.0.0.1 -> 127.0.0.1 TCP 50000 > smtp [ACK] > Seq=1 Ack=1 Win=1500 Len=0 > 1186035057.207699 127.0.0.1 -> 127.0.0.1 SMTP Command: EHLO localhost > 1186035057.207718 127.0.0.1 -> 127.0.0.1 TCP smtp > 50000 [ACK] > Seq=1 Ack=17 Win=32792 Len=0 > 1186035057.207736 127.0.0.1 -> 127.0.0.1 TCP 50000 > smtp [RST] > Seq=17 Len=0 > 1186035057.223934 127.0.0.1 -> 127.0.0.1 TCP 33787 > 50000 [RST, > ACK] Seq=0 Ack=0 Win=32792 Len=0 > > Can someone please comment as to why, tcp stack sends rst packet from the > wrong source port in this situation. Besides the fact, that test applications do not run if started not as root, I got this: 13:51:12.180241 IP localhost.localdomain.50000 > localhost.localdomain.10250: S 906222067:906222067(0) win 1500 13:51:12.180279 IP localhost.localdomain.10250 > localhost.localdomain.50000: S 2011233747:2011233747(0) ack 906222068 win 32792 <mss 16396> 13:51:12.180293 IP localhost.localdomain.50000 > localhost.localdomain.10250: R 906222068:906222068(0) win 0 13:51:12.180320 IP localhost.localdomain.50000 > localhost.localdomain.10250: . ack 1 win 1500 13:51:12.180329 IP localhost.localdomain.10250 > localhost.localdomain.50000: R 2011233748:2011233748(0) win 0 13:51:12.180341 IP localhost.localdomain.50000 > localhost.localdomain.10250: P 1:17(16) ack 1 win 1500 13:51:12.180349 IP localhost.localdomain.10250 > localhost.localdomain.50000: R 2011233748:2011233748(0) win 0 13:51:12.180361 IP localhost.localdomain.50000 > localhost.localdomain.10250: R 906222084:906222084(0) win 1500 I.e. there is no bug in this session. FC7 2.6.22.1-27.fc7 kernel. Here is vanilla (with my patches, unrelated to the problem though) 2.6.22-rc5: 09:33:37.650279 IP localhost.50000 > localhost.10250: S 1326688203:1326688203(0) win 1500 09:33:37.664391 IP localhost.10250 > localhost.50000: S 3637551175:3637551175(0) ack 1326688204 win 32792 <mss 16396> 09:33:37.664417 IP localhost.50000 > localhost.10250: R 1326688204:1326688204(0) win 0 09:33:37.650451 IP localhost.50000 > localhost.10250: . ack 1 win 1500 09:33:37.650467 IP localhost.10250 > localhost.50000: R 3637551176:3637551176(0) win 0 09:33:37.650481 IP localhost.50000 > localhost.10250: P 1:17(16) ack 1 win 1500 09:33:37.650493 IP localhost.10250 > localhost.50000: R 3637551176:3637551176(0) win 0 09:33:37.650507 IP localhost.50000 > localhost.10250: R 1326688220:1326688220(0) win 1500 Is it possible that your tcpdump is screwed? -- Evgeniy Polyakov - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists