Segment failed SYNCOOKIE?

Steve Kargl sgk at troutmask.apl.washington.edu
Wed May 30 19:37:29 UTC 2007


On Wed, May 30, 2007 at 02:40:04PM +0200, Andre Oppermann wrote:
> 
> I have committed further changes and logging to tcp_input() that
> will give more insight into this.  Please update to the latest
> current and report the new log messages.
> 

Andre,

I have 
 src/sys/netinet/tcp_syncache.c,v 1.120 2007/05/28 23:27:44 andre Exp $
which is giving me


May 30 12:20:07 node13 kernel: bge0: watchdog timeout -- resetting
May 30 12:20:07 node13 kernel: bge0: link state changed to DOWN
May 30 12:20:09 node13 kernel: bge0: link state changed to UP
May 30 12:20:53 node13 kernel: TCP: [192.168.0.13]:55626 to [192.168.0.13]:59148 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
May 30 12:20:53 node13 kernel: TCP: [192.168.0.11]:62391 to [192.168.0.13]:50827 tcpflags 0x11<FIN,ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
May 30 12:20:54 node13 kernel: TCP: [192.168.0.12]:63318 to [192.168.0.13]:55624 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)

I don't know if the watchdog timeout is a symptom or cause of the
SYNCOOKIE problem.

Note, this is an openmpi app that is using the Message Passing Interface
to communicate between processes.

-- 
Steve


More information about the freebsd-current mailing list