Segment failed SYNCOOKIE?
Steve Kargl
sgk at troutmask.apl.washington.edu
Wed May 30 19:37:29 UTC 2007
On Wed, May 30, 2007 at 02:40:04PM +0200, Andre Oppermann wrote:
>
> I have committed further changes and logging to tcp_input() that
> will give more insight into this. Please update to the latest
> current and report the new log messages.
>
Andre,
I have
src/sys/netinet/tcp_syncache.c,v 1.120 2007/05/28 23:27:44 andre Exp $
which is giving me
May 30 12:20:07 node13 kernel: bge0: watchdog timeout -- resetting
May 30 12:20:07 node13 kernel: bge0: link state changed to DOWN
May 30 12:20:09 node13 kernel: bge0: link state changed to UP
May 30 12:20:53 node13 kernel: TCP: [192.168.0.13]:55626 to [192.168.0.13]:59148 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
May 30 12:20:53 node13 kernel: TCP: [192.168.0.11]:62391 to [192.168.0.13]:50827 tcpflags 0x11<FIN,ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
May 30 12:20:54 node13 kernel: TCP: [192.168.0.12]:63318 to [192.168.0.13]:55624 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
I don't know if the watchdog timeout is a symptom or cause of the
SYNCOOKIE problem.
Note, this is an openmpi app that is using the Message Passing Interface
to communicate between processes.
--
Steve
More information about the freebsd-current
mailing list