Date: Wed, 30 May 2007 22:52:06 +0200 From: Andre Oppermann <andre@freebsd.org> To: Steve Kargl <sgk@troutmask.apl.washington.edu> Cc: freebsd-current@freebsd.org Subject: Re: Segment failed SYNCOOKIE? Message-ID: <465DE3F6.3030001@freebsd.org> In-Reply-To: <20070530193523.GA13655@troutmask.apl.washington.edu> References: <20070525234115.GA48789@troutmask.apl.washington.edu> <465AF5C6.2010302@freebsd.org> <20070529002304.GA90534@troutmask.apl.washington.edu> <465D70A4.3040107@freebsd.org> <20070530193523.GA13655@troutmask.apl.washington.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Steve Kargl wrote: > On Wed, May 30, 2007 at 02:40:04PM +0200, Andre Oppermann wrote: >> I have committed further changes and logging to tcp_input() that >> will give more insight into this. Please update to the latest >> current and report the new log messages. >> > > Andre, > > I have > src/sys/netinet/tcp_syncache.c,v 1.120 2007/05/28 23:27:44 andre Exp $ > which is giving me > > > May 30 12:20:07 node13 kernel: bge0: watchdog timeout -- resetting > May 30 12:20:07 node13 kernel: bge0: link state changed to DOWN > May 30 12:20:09 node13 kernel: bge0: link state changed to UP > May 30 12:20:53 node13 kernel: TCP: [192.168.0.13]:55626 to [192.168.0.13]:59148 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) > May 30 12:20:53 node13 kernel: TCP: [192.168.0.11]:62391 to [192.168.0.13]:50827 tcpflags 0x11<FIN,ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) > May 30 12:20:54 node13 kernel: TCP: [192.168.0.12]:63318 to [192.168.0.13]:55624 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) Our TCP has a bug where it closes a socket and tcpcb too fast and follow-up replies from the remote host may then hit the listen socket giving these artifacts. I have a large TCP cleanup/rewrite upcoming that fixes these issues. > I don't know if the watchdog timeout is a symptom or cause of the > SYNCOOKIE problem. In theory this is not related. However if it *only* happens shortly after a bge0 watchdog timeout then there may be a relation. > Note, this is an openmpi app that is using the Message Passing Interface > to communicate between processes. Does the openmpi application or the openmpi library raise any errors? -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?465DE3F6.3030001>