Segment failed SYNCOOKIE?

Steve Kargl sgk at troutmask.apl.washington.edu
Wed May 30 22:07:50 UTC 2007


On Wed, May 30, 2007 at 10:52:06PM +0200, Andre Oppermann wrote:
> Steve Kargl wrote:
> >On Wed, May 30, 2007 at 02:40:04PM +0200, Andre Oppermann wrote:
> >>I have committed further changes and logging to tcp_input() that
> >>will give more insight into this.  Please update to the latest
> >>current and report the new log messages.
> >
> >I have 
> > src/sys/netinet/tcp_syncache.c,v 1.120 2007/05/28 23:27:44 andre Exp $
> >which is giving me
> >
> >May 30 12:20:07 node13 kernel: bge0: watchdog timeout -- resetting
> >May 30 12:20:07 node13 kernel: bge0: link state changed to DOWN
> >May 30 12:20:09 node13 kernel: bge0: link state changed to UP
> >May 30 12:20:53 node13 kernel: TCP: [192.168.0.13]:55626 to 
> >[192.168.0.13]:59148 tcpflags 0x10<ACK>; syncache_expand: Segment failed 
> >SYNCOOKIE authentication, segment rejected (probably spoofed)
> >May 30 12:20:53 node13 kernel: TCP: [192.168.0.11]:62391 to 
> >[192.168.0.13]:50827 tcpflags 0x11<FIN,ACK>; syncache_expand: Segment 
> >failed SYNCOOKIE authentication, segment rejected (probably spoofed)
> >May 30 12:20:54 node13 kernel: TCP: [192.168.0.12]:63318 to 
> >[192.168.0.13]:55624 tcpflags 0x10<ACK>; syncache_expand: Segment failed 
> >SYNCOOKIE authentication, segment rejected (probably spoofed)
> 
> Our TCP has a bug where it closes a socket and tcpcb too fast and
> follow-up replies from the remote host may then hit the listen
> socket giving these artifacts.  I have a large TCP cleanup/rewrite
> upcoming that fixes these issues.

Thanks for the info.  Do you have an ETA for the rewrite?  If you
need someone to do some testing of the patch, you can send to me.

> >I don't know if the watchdog timeout is a symptom or cause of the
> >SYNCOOKIE problem.
> 
> In theory this is not related.  However if it *only* happens shortly
> after a bge0 watchdog timeout then there may be a relation.

Given your statement above, I think it's simple a coincidence.

> >Note, this is an openmpi app that is using the Message Passing Interface
> >to communicate between processes.
> 
> Does the openmpi application or the openmpi library raise any errors?

I'll have to get back to you on this one.

-- 
Steve


More information about the freebsd-current mailing list