lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.00.1001111459340.14108@wel-95.cs.helsinki.fi>
Date:	Mon, 11 Jan 2010 15:02:34 +0200 (EET)
From:	"Ilpo Järvinen" <ilpo.jarvinen@...sinki.fi>
To:	Denys Fedoryshchenko <denys@...p.net.lb>
cc:	Netdev <netdev@...r.kernel.org>
Subject: Re: Crazy TCP bug (keepalive flood?) in 2.6.32?

On Sat, 26 Dec 2009, Denys Fedoryshchenko wrote:

> Few more dumps. I notice:
> 1)Ack always equal 1
> 2)It is usually first segment of data sent (?)
> 
> Maybe some value not initialised properly?
> 
> 
> 17:03:50.406118 IP (tos 0x0, ttl 64, id 57958, offset 0, flags [DF], proto TCP 
> (6), length 1492)
>     194.146.153.114.8080 > 172.16.199.39.1472: Flags [.], seq 0:1452, ack 1, 
> win 7479, length 1452
> 17:03:50.407413 IP (tos 0x0, ttl 64, id 57959, offset 0, flags [DF], proto TCP 
> (6), length 1492)
>     194.146.153.114.8080 > 172.16.199.39.1472: Flags [.], seq 0:1452, ack 1, 
> win 7479, length 1452
> 17:03:50.408516 IP (tos 0x0, ttl 64, id 57960, offset 0, flags [DF], proto TCP 
> (6), length 1492)
>     194.146.153.114.8080 > 172.16.199.39.1472: Flags [.], seq 0:1452, ack 1, 
> win 7479, length 1452
> 17:03:50.409553 IP (tos 0x0, ttl 64, id 57961, offset 0, flags [DF], proto TCP 
> (6), length 1492)
>     194.146.153.114.8080 > 172.16.199.39.1472: Flags [.], seq 0:1452, ack 1, 
> win 7479, length 1452
> 17:03:50.410424 IP (tos 0x0, ttl 64, id 57962, offset 0, flags [DF], proto TCP 
> (6), length 1492)
>     194.146.153.114.8080 > 172.16.199.39.1472: Flags [.], seq 0:1452, ack 1, 
> win 7479, length 1452
> 
> 
> 
> 17:04:39.801149 IP (tos 0x0, ttl 64, id 19431, offset 0, flags [DF], proto TCP 
> (6), length 517)
>     194.146.153.114.8080 > 172.16.107.14.1405: Flags [P.], cksum 0x51c6 
> (correct), seq 0:477, ack 1, win 8730, length 477
> 17:04:39.802538 IP (tos 0x0, ttl 64, id 19432, offset 0, flags [DF], proto TCP 
> (6), length 517)
>     194.146.153.114.8080 > 172.16.107.14.1405: Flags [P.], cksum 0x51c6 
> (correct), seq 0:477, ack 1, win 8730, length 477
> 17:04:39.803438 IP (tos 0x0, ttl 64, id 19433, offset 0, flags [DF], proto TCP 
> (6), length 517)
>     194.146.153.114.8080 > 172.16.107.14.1405: Flags [P.], cksum 0x51c6 
> (correct), seq 0:477, ack 1, win 8730, length 477
> 17:04:39.804251 IP (tos 0x0, ttl 64, id 19434, offset 0, flags [DF], proto TCP 
> (6), length 517)
>     194.146.153.114.8080 > 172.16.107.14.1405: Flags [P.], cksum 0x51c6 
> (correct), seq 0:477, ack 1, win 8730, length 477
> 17:04:39.805050 IP (tos 0x0, ttl 64, id 19435, offset 0, flags [DF], proto TCP 
> (6), length 517)
>     194.146.153.114.8080 > 172.16.107.14.1405: Flags [P.], cksum 0x51c6 
> (correct), seq 0:477, ack 1, win 8730, length 477
> 
> 17:06:22.123862 IP (tos 0x0, ttl 64, id 25912, offset 0, flags [DF], proto TCP 
> (6), length 1492)
>     194.146.153.114.8080 > 172.16.180.148.50101: Flags [.], seq 0:1452, ack 1, 
> win 108, length 1452
> 17:06:22.124440 IP (tos 0x0, ttl 64, id 25913, offset 0, flags [DF], proto TCP 
> (6), length 1492)
>     194.146.153.114.8080 > 172.16.180.148.50101: Flags [.], seq 0:1452, ack 1, 
> win 108, length 1452
> 17:06:22.125600 IP (tos 0x0, ttl 64, id 25914, offset 0, flags [DF], proto TCP 
> (6), length 1492)
>     194.146.153.114.8080 > 172.16.180.148.50101: Flags [.], seq 0:1452, ack 1, 
> win 108, length 1452
> ^C17:06:22.126243 IP (tos 0x0, ttl 64, id 25915, offset 0, flags [DF], proto 
> TCP (6), length 1492)
>     194.146.153.114.8080 > 172.16.180.148.50101: Flags [.], seq 0:1452, ack 1, 
> win 108, length 1452
> 
> 
> 
> 17:06:43.404279 IP (tos 0x0, ttl 64, id 10279, offset 0, flags [DF], proto TCP 
> (6), length 768)
>     194.146.153.114.8080 > 172.16.199.151.49404: Flags [FP.], cksum 0x4ac3 
> (correct), seq 0:728, ack 1, win 9816, length 728
> 17:06:43.405819 IP (tos 0x0, ttl 64, id 10281, offset 0, flags [DF], proto TCP 
> (6), length 768)
>     194.146.153.114.8080 > 172.16.199.151.49404: Flags [FP.], cksum 0x4ac3 
> (correct), seq 0:728, ack 1, win 9816, length 728
> 17:06:43.406670 IP (tos 0x0, ttl 64, id 10282, offset 0, flags [DF], proto TCP 
> (6), length 768)
>     194.146.153.114.8080 > 172.16.199.151.49404: Flags [FP.], cksum 0x4ac3 
> (correct), seq 0:728, ack 1, win 9816, length 728
> 17:06:43.407821 IP (tos 0x0, ttl 64, id 10283, offset 0, flags [DF], proto TCP 
> (6), length 768)
>     194.146.153.114.8080 > 172.16.199.151.49404: Flags [FP.], cksum 0x4ac3 
> (correct), seq 0:728, ack 1, win 9816, length 728
> 
> 
> 17:07:09.933303 IP (tos 0x0, ttl 64, id 41731, offset 0, flags [DF], proto TCP 
> (6), length 555)
>     194.146.153.114.8080 > 172.16.175.130.1692: Flags [P.], cksum 0x7d98 
> (correct), seq 0:515, ack 1, win 6432, length 515
> 17:07:09.934305 IP (tos 0x0, ttl 64, id 41732, offset 0, flags [DF], proto TCP 
> (6), length 555)
>     194.146.153.114.8080 > 172.16.175.130.1692: Flags [P.], cksum 0x7d98 
> (correct), seq 0:515, ack 1, win 6432, length 515
> 17:07:09.935076 IP (tos 0x0, ttl 64, id 41733, offset 0, flags [DF], proto TCP 
> (6), length 555)
>     194.146.153.114.8080 > 172.16.175.130.1692: Flags [P.], cksum 0x7d98 
> (correct), seq 0:515, ack 1, win 6432, length 515
> 17:07:09.935887 IP (tos 0x0, ttl 64, id 41734, offset 0, flags [DF], proto TCP 
> (6), length 555)
>     194.146.153.114.8080 > 172.16.175.130.1692: Flags [P.], cksum 0x7d98 
> (correct), seq 0:515, ack 1, win 6432, length 515
> 17:07:09.937096 IP (tos 0x0, ttl 64, id 41735, offset 0, flags [DF], proto TCP 
> (6), length 555)
>     194.146.153.114.8080 > 172.16.175.130.1692: Flags [P.], cksum 0x7d98 
> (correct), seq 0:515, ack 1, win 6432, length 515
> 17:07:09.938083 IP (tos 0x0, ttl 64, id 41736, offset 0, flags [DF], proto TCP 
> (6), length 555)
>     194.146.153.114.8080 > 172.16.175.130.1692: Flags [P.], cksum 0x7d98 
> (correct), seq 0:515, ack 1, win 6432, length 515
> 
> 17:09:21.672761 IP (tos 0x0, ttl 64, id 48515, offset 0, flags [DF], proto TCP 
> (6), length 412)
>     194.146.153.114.8080 > 172.16.163.219.47653: Flags [P.], cksum 0x584c 
> (correct), seq 0:372, ack 1, win 181, length 372
> 17:09:21.673756 IP (tos 0x0, ttl 64, id 48516, offset 0, flags [DF], proto TCP 
> (6), length 412)
>     194.146.153.114.8080 > 172.16.163.219.47653: Flags [P.], cksum 0x584c 
> (correct), seq 0:372, ack 1, win 181, length 372
> 17:09:21.674574 IP (tos 0x0, ttl 64, id 48517, offset 0, flags [DF], proto TCP 
> (6), length 412)
>     194.146.153.114.8080 > 172.16.163.219.47653: Flags [P.], cksum 0x584c 
> (correct), seq 0:372, ack 1, win 181, length 372
> 17:09:21.675440 IP (tos 0x0, ttl 64, id 48518, offset 0, flags [DF], proto TCP 
> (6), length 412)
>     194.146.153.114.8080 > 172.16.163.219.47653: Flags [P.], cksum 0x584c 
> (correct), seq 0:372, ack 1, win 181, length 372
> 17:09:21.676625 IP (tos 0x0, ttl 64, id 48519, offset 0, flags [DF], proto TCP 
> (6), length 412)
>     194.146.153.114.8080 > 172.16.163.219.47653: Flags [P.], cksum 0x584c 
> (correct), seq 0:372, ack 1, win 181, length 372
> 17:09:21.678963 IP (tos 0x0, ttl 64, id 48521, offset 0, flags [DF], proto TCP 
> (6), length 412)
>     194.146.153.114.8080 > 172.16.163.219.47653: Flags [P.], cksum 0x584c 
> (correct), seq 0:372, ack 1, win 181, length 372
> 
> 17:11:12.032679 IP (tos 0x0, ttl 64, id 39699, offset 0, flags [DF], proto TCP 
> (6), length 552)
>     194.146.153.114.8080 > 172.16.15.13.63145: Flags [P.], cksum 0x1559 
> (correct), seq 0:512, ack 1, win 6432, length 512
> 17:11:12.033882 IP (tos 0x0, ttl 64, id 39700, offset 0, flags [DF], proto TCP 
> (6), length 552)
>     194.146.153.114.8080 > 172.16.15.13.63145: Flags [P.], cksum 0x1559 
> (correct), seq 0:512, ack 1, win 6432, length 512
> 17:11:12.034835 IP (tos 0x0, ttl 64, id 39701, offset 0, flags [DF], proto TCP 
> (6), length 552)
>     194.146.153.114.8080 > 172.16.15.13.63145: Flags [P.], cksum 0x1559 
> (correct), seq 0:512, ack 1, win 6432, length 512
> 17:11:12.035720 IP (tos 0x0, ttl 64, id 39702, offset 0, flags [DF], proto TCP 
> (6), length 552)
>     194.146.153.114.8080 > 172.16.15.13.63145: Flags [P.], cksum 0x1559 
> (correct), seq 0:512, ack 1, win 6432, length 512
> 

Can you see if the RTO lower bound is violated (I added some printing of 
vars there too already now if it turns out to be something):

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 65b8ebf..d84469f 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -327,6 +327,22 @@ static void do_pmtu_discovery(struct sock *sk, struct iphdr *iph, u32 mtu)
  * is probably better.
  *
  */
+static int prints = 0;
+
+static void tcp_debug_rto(struct sock *sk, struct sk_buff *skb, u32 remaining, int locked)
+{
+	struct inet_connection_sock *icsk = inet_csk(sk);
+	struct tcp_sock *tp = tcp_sk(sk);
+
+	if (prints++ < 1000) {
+		printk("rto: %u (%u >> 3 + %u, %u) time: %u sent: %u pen: %u %lu rem: %u %s\n",
+		       icsk->icsk_rto, tp->srtt, tp->rttvar,
+		       (u32)icsk->icsk_backoff,
+		       tcp_time_stamp, TCP_SKB_CB(skb)->when,
+		       (u32)icsk->icsk_pending, icsk->icsk_timeout, remaining,
+		       locked ? "locked" : "");
+	}
+}
 
 void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
 {
@@ -409,6 +425,11 @@ void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
 		inet_csk(sk)->icsk_rto = __tcp_set_rto(tp) <<
 					 icsk->icsk_backoff;
 		tcp_bound_rto(sk);
+		if (icsk->icsk_rto < TCP_RTO_MIN) {
+			if (net_ratelimit())
+				printk("lower bound violation: %u\n", icsk->icsk_rto);
+			icsk->icsk_rto = TCP_RTO_MIN;
+		}
 
 		skb = tcp_write_queue_head(sk);
 		BUG_ON(!skb);
@@ -417,14 +438,17 @@ void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
 				tcp_time_stamp - TCP_SKB_CB(skb)->when);
 
 		if (remaining) {
+			tcp_debug_rto(sk, skb, remaining, 0);
 			inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
 						  remaining, TCP_RTO_MAX);
 		} else if (sock_owned_by_user(sk)) {
+			tcp_debug_rto(sk, skb, remaining, 1);
 			/* RTO revert clocked out retransmission,
 			 * but socket is locked. Will defer. */
 			inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
 						  HZ/20, TCP_RTO_MAX);
 		} else {
+			tcp_debug_rto(sk, skb, remaining, 0);
 			/* RTO revert clocked out retransmission.
 			 * Will retransmit now */
 			tcp_retransmit_timer(sk);
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ