From owner-freebsd-current@FreeBSD.ORG Mon May 28 15:29:45 2007 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5F07E16A468 for ; Mon, 28 May 2007 15:29:45 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id C4B1713C4B8 for ; Mon, 28 May 2007 15:29:44 +0000 (UTC) (envelope-from andre@freebsd.org) Received: (qmail 78624 invoked from network); 28 May 2007 14:46:05 -0000 Received: from dotat.atdotat.at (HELO [62.48.0.47]) ([62.48.0.47]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 28 May 2007 14:46:05 -0000 Message-ID: <465AF567.6020708@freebsd.org> Date: Mon, 28 May 2007 17:29:43 +0200 From: Andre Oppermann User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b) Gecko/20050217 MIME-Version: 1.0 To: Abdullah Ibn Hamad Al-Marri References: <20070525234115.GA48789@troutmask.apl.washington.edu> <499c70c0705261245k6679a12k5a0237fce786ab68@mail.gmail.com> In-Reply-To: <499c70c0705261245k6679a12k5a0237fce786ab68@mail.gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-current@freebsd.org, Steve Kargl Subject: Re: Segment failed SYNCOOKIE? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 May 2007 15:29:45 -0000 Abdullah Ibn Hamad Al-Marri wrote: > On 5/26/07, Steve Kargl wrote: > >> Anyone have ideas on how to cure >> >> May 25 16:20:03 node13 kernel: TCP: [192.168.0.15]:53815 to >> [192.168.0.13]:50992 tcpflags 0x11; syncache_expand: >> Segment failed SYNCOOKIE authentication >> >> The hardware and kernel on 192.168.0.15 and 192.168.0.13 >> are identical. >> >> -- >> Steve > > 7.0-CURRENT FreeBSD 7.0-CURRENT #0: Sat May 26 04:25:29 GMT 2007 > > I got the same problem and my sever paniced today. Please provide the panic message and if available a backtrace for the panic. We have to track down the exact cause of it (which may not necessarily be the syncache). > TCP: [70.162.96.41]:54686 to [IP removed for security reasons]:59999 > tcpflags 0x18; syncache_expand: Segment failed SYNCOOKIE > authentication Logging of TCP segment validation failure has recently been enabled to aid debugging of TCP (interoperability) issues. This particular message means that a SYN was received on a listen socket but no matching syncache entry was found. The second test for a syncookie also failed. Normally this means a spoofed packet or port scan is hitting your machine. To make this certain you should answer a couple of questions: a) What daemon is running on your port 59999? b) Do you know [70.162.96.41] and does it have any business in contacting your daemon on 59999? I agree that the log message should be made more clear to avoid unnecessary confusion. Nothing is broken and syncache is doing its job just fine. -- Andre