Bug 156628
Summary: | Router based on FC3 do not forward tcp packets with SACK set | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Peter <tormozilla> |
Component: | kernel | Assignee: | David Miller <davem> |
Status: | CLOSED CANTFIX | QA Contact: | Brian Brock <bbrock> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | davej, wtogami |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i586 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-10-03 01:06:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Peter
2005-05-02 18:13:58 UTC
The SACK blocks get stripped by netfilter. What netfilter modules exactly do you have loaded? The SACK blocks get stripped so that netfilter does not have to recompute the sequence numbers inside of them when it munges the packets, f.e. for doing FTP NAT. But that should not be relevant here. I bet it's some bug in TCP connection tracking. # lsmod Module Size Used by iptable_filter 2881 0 cls_u32 8517 2 sch_sfq 5825 8 sch_htb 19137 2 iptable_mangle 2753 0 iptable_nat 22301 1 ip_conntrack 41369 1 iptable_nat ip_tables 20417 3 iptable_filter,iptable_mangle,iptable_nat ip_gre 13153 0 md5 4289 1 ipv6 258689 10 tun 11457 1 uhci_hcd 32857 0 e100 44993 0 pcnet32 33733 0 8139too 28609 0 mii 5057 3 e100,pcnet32,8139too floppy 63345 0 dm_snapshot 17925 0 dm_zero 2497 0 dm_mirror 24877 0 ext3 130761 3 jbd 76889 1 ext3 dm_mod 59989 7 dm_snapshot,dm_zero,dm_mirror BTW That SACK (sack sack 1) packet was actually sent by SSH_SERVER as "sack sack 1 {23:179}" but received as "sack sack 1 {1880160731:1880160887}" Is it OK? Or packet was corrupted somewhere between $EXTERNAL_IP and $SSH_SERVER. SSH_SERVER dump 11:29:24.788445 IP $EXTERNAL_IP.4825 > $SSH_SERVER.ssh: S 2238651369:2238651369(0) win 5840 <mss 1460,sackOK,timestamp 563771714 0,nop,wscale 0> 11:29:24.788514 IP $SSH_SERVER.ssh > $EXTERNAL_IP.4825: S 1629206029:1629206029(0) ack 2238651370 win 5792 <mss 1460,sackOK,timestamp 31927719 563771714,nop,wscale 0> 11:29:24.944168 IP $EXTERNAL_IP.4825 > $SSH_SERVER.ssh: . ack 1 win 5840 <nop,nop,timestamp 563771730 31927719> 11:29:25.075030 IP $SSH_SERVER.ssh > $EXTERNAL_IP.4825: P 1:24(23) ack 1 win 5792 <nop,nop,timestamp 31927748 563771730> 11:29:25.235772 IP $EXTERNAL_IP.4825 > $SSH_SERVER.ssh: . ack 24 win 5840 <nop,nop,timestamp 563771759 31927748> 11:29:25.237590 IP $EXTERNAL_IP.4825 > $SSH_SERVER.ssh: P 1:23(22) ack 24 win 5840 <nop,nop,timestamp 563771759 31927748> 11:29:25.237660 IP $SSH_SERVER.ssh > $EXTERNAL_IP.4825: . ack 23 win 5792 <nop,nop,timestamp 31927764 563771759> 11:29:25.238419 IP $SSH_SERVER.ssh > $EXTERNAL_IP.4825: P 24:300(276) ack 23 win 5792 <nop,nop,timestamp 31927764 563771759> 11:29:25.402294 IP $EXTERNAL_IP.4825 > $SSH_SERVER.ssh: P 23:179(156) ack 300 win 6432 <nop,nop,timestamp 563771775 31927764> 11:29:25.429814 IP $SSH_SERVER.ssh > $EXTERNAL_IP.4825: P 300:312(12) ack 179 win 5792 <nop,nop,timestamp 31927784 563771775> 11:29:25.871950 IP $EXTERNAL_IP.4825 > $SSH_SERVER.ssh: P 23:179(156) ack 300 win 6432 <nop,nop,timestamp 563771823 31927764> 11:29:25.871997 IP $SSH_SERVER.ssh > $EXTERNAL_IP.4825: . ack 179 win 5792 <nop,nop,timestamp 31927828 563771823,nop,nop,sack sack 1 {23:179} > 11:29:25.879466 IP $SSH_SERVER.ssh > $EXTERNAL_IP.4825: P 300:312(12) ack 179 win 5792 <nop,nop,timestamp 31927829 563771823> 11:29:26.044612 IP $EXTERNAL_IP.4825 > $SSH_SERVER.ssh: R 2238651548:2238651548(0) win 0 11:29:26.046737 IP $EXTERNAL_IP.4825 > $SSH_SERVER.ssh: P 179:207(28) ack 312 win 6432 <nop,nop,timestamp 563771840 31927829> 11:29:26.046790 IP $SSH_SERVER.ssh > $EXTERNAL_IP.4825: R 1629206341:1629206341(0) win 0 An update has been released for Fedora Core 3 (kernel-2.6.12-1.1372_FC3) which may contain a fix for your problem. Please update to this new kernel, and report whether or not it fixes your problem. If you have updated to Fedora Core 4 since this bug was opened, and the problem still occurs with the latest updates for that release, please change the version field of this bug to 'fc4'. Thank you. This bug has been automatically closed as part of a mass update. It had been in NEEDINFO state since July 2005. If this bug still exists in current errata kernels, please reopen this bug. There are a large number of inactive bugs in the database, and this is the only way to purge them. Thank you. |