bugzilla-daemon@bugzilla.netfilter.org
2006-Jun-14 15:00 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-06-14 15:00 MET ------- I run into the same probs with Mandriva kernel. All kernel >2.6.11 are definitly affected. kernel 2.6.8.1 has no problems. Hope this helps a little bit. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jun-14 15:00 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-06-14 15:00 MET ------- I run into the same probs with Mandriva kernel. All kernel >2.6.11 are definitly affected. kernel 2.6.8.1 has no problems. Hope this helps a little bit. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jun-14 15:00 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-06-14 15:00 MET ------- I run into the same probs with Mandriva kernel. All kernel >2.6.11 are definitly affected. kernel 2.6.8.1 has no problems. Hope this helps a little bit. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-08 18:43 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464
netfilter@linuxace.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |holm@theorie.physik.uni-
| |goettingen.de
------- Additional Comments From netfilter@linuxace.com 2006-07-08 18:43 MET
-------
Joerg: could you attach a packet dump from the problematic connection -
something like this:
tcpdump -Snni any net 217.0.0.0/8
Jurgen: need more details as to what is failing for you, including packet trace
and iptables -nvL output
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-08 18:43 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464
netfilter@linuxace.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |holm@theorie.physik.uni-
| |goettingen.de
------- Additional Comments From netfilter@linuxace.com 2006-07-08 18:43 MET
-------
Joerg: could you attach a packet dump from the problematic connection -
something like this:
tcpdump -Snni any net 217.0.0.0/8
Jurgen: need more details as to what is failing for you, including packet trace
and iptables -nvL output
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-08 18:43 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464
netfilter@linuxace.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |holm@theorie.physik.uni-
| |goettingen.de
------- Additional Comments From netfilter@linuxace.com 2006-07-08 18:43 MET
-------
Joerg: could you attach a packet dump from the problematic connection -
something like this:
tcpdump -Snni any net 217.0.0.0/8
Jurgen: need more details as to what is failing for you, including packet trace
and iptables -nvL output
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-08 22:27 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From joerg@dorchain.net 2006-07-08 22:27 MET ------- Created an attachment (id=249) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=249&action=view) tcpdump output First line the out invalid match log output. I hope this helps to spot the state transition causing the troubles. Bye, Joerg -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-08 22:27 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From joerg@dorchain.net 2006-07-08 22:27 MET ------- Created an attachment (id=249) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=249&action=view) tcpdump output First line the out invalid match log output. I hope this helps to spot the state transition causing the troubles. Bye, Joerg -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-08 22:27 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From joerg@dorchain.net 2006-07-08 22:27 MET ------- Created an attachment (id=249) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=249&action=view) tcpdump output First line the out invalid match log output. I hope this helps to spot the state transition causing the troubles. Bye, Joerg -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-08 22:27 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From joerg@dorchain.net 2006-07-08 22:27 MET ------- Created an attachment (id=249) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=249&action=view) tcpdump output First line the out invalid match log output. I hope this helps to spot the state transition causing the troubles. Bye, Joerg -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-09 12:38 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-09 12:38 MET ------- Created an attachment (id=250) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=250&action=view) Output of holm's tcpdump This is the output of tcpdump -i eth1 -w /tmp/holm.ether -S host 84.132.150.225 which is al log of a failed ftp session. Suitable for ethereal! -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-09 12:38 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-09 12:38 MET ------- Created an attachment (id=250) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=250&action=view) Output of holm's tcpdump This is the output of tcpdump -i eth1 -w /tmp/holm.ether -S host 84.132.150.225 which is al log of a failed ftp session. Suitable for ethereal! -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-09 12:38 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-09 12:38 MET ------- Created an attachment (id=250) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=250&action=view) Output of holm's tcpdump This is the output of tcpdump -i eth1 -w /tmp/holm.ether -S host 84.132.150.225 which is al log of a failed ftp session. Suitable for ethereal! -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-09 12:45 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-09 12:45 MET ------- Created an attachment (id=251) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=251&action=view) Holm's iptables my iptables rules (rules with source ip any, all others are dropped) -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-09 12:45 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-09 12:45 MET ------- Created an attachment (id=251) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=251&action=view) Holm's iptables my iptables rules (rules with source ip any, all others are dropped) -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-09 12:45 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-09 12:45 MET ------- Created an attachment (id=251) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=251&action=view) Holm's iptables my iptables rules (rules with source ip any, all others are dropped) -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-09 12:57 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-09 12:57 MET ------- You can trigger the bug easly, if you are on a client net with traffic shaping My current ip is 84.132.150.225. The attached tcpdump log is a ftp session with reduced transfer speed due to traffic shaping. Traffic shaping isn't needed, because under normal circumstances the bug appears also. You only have to wait a longer (longer) time. ftp is a good candidate for this check, because it is more sensitive the http This is only a my feeling: for http ist takes alonger time untils the bug occurs jh -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-09 12:57 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-09 12:57 MET ------- You can trigger the bug easly, if you are on a client net with traffic shaping My current ip is 84.132.150.225. The attached tcpdump log is a ftp session with reduced transfer speed due to traffic shaping. Traffic shaping isn't needed, because under normal circumstances the bug appears also. You only have to wait a longer (longer) time. ftp is a good candidate for this check, because it is more sensitive the http This is only a my feeling: for http ist takes alonger time untils the bug occurs jh -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-09 12:57 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-09 12:57 MET ------- You can trigger the bug easly, if you are on a client net with traffic shaping My current ip is 84.132.150.225. The attached tcpdump log is a ftp session with reduced transfer speed due to traffic shaping. Traffic shaping isn't needed, because under normal circumstances the bug appears also. You only have to wait a longer (longer) time. ftp is a good candidate for this check, because it is more sensitive the http This is only a my feeling: for http ist takes alonger time untils the bug occurs jh -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 07:22 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From kaber@trash.net 2006-07-10 07:22 MET ------- Are you using SFQ with perturbation? -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 07:22 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From kaber@trash.net 2006-07-10 07:22 MET ------- Are you using SFQ with perturbation? -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 07:22 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From kaber@trash.net 2006-07-10 07:22 MET ------- Are you using SFQ with perturbation? -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 07:22 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From kaber@trash.net 2006-07-10 07:22 MET ------- Are you using SFQ with perturbation? -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 11:52 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-10 11:52 MET ------- (In reply to comment #18)> Are you using SFQ with perturbation?Yes. Im using the "wonder shaper" But as I mentioned, I runs also without traffice shaping into trouble. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 11:52 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-10 11:52 MET ------- (In reply to comment #18)> Are you using SFQ with perturbation?Yes. Im using the "wonder shaper" But as I mentioned, I runs also without traffice shaping into trouble. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 11:52 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-10 11:52 MET ------- (In reply to comment #18)> Are you using SFQ with perturbation?Yes. Im using the "wonder shaper" But as I mentioned, I runs also without traffice shaping into trouble. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 11:58 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From kaber@trash.net 2006-07-10 11:58 MET ------- (In reply to comment #19)> (In reply to comment #18) > > Are you using SFQ with perturbation? > > Yes. Im using the "wonder shaper" > But as I mentioned, I runs also without traffice shaping into trouble.Just mentioning it since your dump shows this: Jul 8 21:45:14 Redstar kernel: Invalid match: IN=ppp0 OUT= MACSRC=217.10.79.19 DST=212.88.133.153 LEN=52 TOS=0x00 PREC=0x00 TTL=58 ID=52725 DF PROTO=TCP SPT=37618 DPT=49443 WINDOW=9904 RES=0x00 ACK RST URGP=0 which is most likely caused by reordering caused by SFQ perturbation combined with a very low (free) bandwidth class (its a bad option in my opinion). Please send dumps of the problem without SFQ (or just without perturbation), this shadows whatever other cause their might be. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 11:58 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From kaber@trash.net 2006-07-10 11:58 MET ------- (In reply to comment #19)> (In reply to comment #18) > > Are you using SFQ with perturbation? > > Yes. Im using the "wonder shaper" > But as I mentioned, I runs also without traffice shaping into trouble.Just mentioning it since your dump shows this: Jul 8 21:45:14 Redstar kernel: Invalid match: IN=ppp0 OUT= MACSRC=217.10.79.19 DST=212.88.133.153 LEN=52 TOS=0x00 PREC=0x00 TTL=58 ID=52725 DF PROTO=TCP SPT=37618 DPT=49443 WINDOW=9904 RES=0x00 ACK RST URGP=0 which is most likely caused by reordering caused by SFQ perturbation combined with a very low (free) bandwidth class (its a bad option in my opinion). Please send dumps of the problem without SFQ (or just without perturbation), this shadows whatever other cause their might be. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 11:58 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From kaber@trash.net 2006-07-10 11:58 MET ------- (In reply to comment #19)> (In reply to comment #18) > > Are you using SFQ with perturbation? > > Yes. Im using the "wonder shaper" > But as I mentioned, I runs also without traffice shaping into trouble.Just mentioning it since your dump shows this: Jul 8 21:45:14 Redstar kernel: Invalid match: IN=ppp0 OUT= MACSRC=217.10.79.19 DST=212.88.133.153 LEN=52 TOS=0x00 PREC=0x00 TTL=58 ID=52725 DF PROTO=TCP SPT=37618 DPT=49443 WINDOW=9904 RES=0x00 ACK RST URGP=0 which is most likely caused by reordering caused by SFQ perturbation combined with a very low (free) bandwidth class (its a bad option in my opinion). Please send dumps of the problem without SFQ (or just without perturbation), this shadows whatever other cause their might be. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 11:58 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From kaber@trash.net 2006-07-10 11:58 MET ------- (In reply to comment #19)> (In reply to comment #18) > > Are you using SFQ with perturbation? > > Yes. Im using the "wonder shaper" > But as I mentioned, I runs also without traffice shaping into trouble.Just mentioning it since your dump shows this: Jul 8 21:45:14 Redstar kernel: Invalid match: IN=ppp0 OUT= MACSRC=217.10.79.19 DST=212.88.133.153 LEN=52 TOS=0x00 PREC=0x00 TTL=58 ID=52725 DF PROTO=TCP SPT=37618 DPT=49443 WINDOW=9904 RES=0x00 ACK RST URGP=0 which is most likely caused by reordering caused by SFQ perturbation combined with a very low (free) bandwidth class (its a bad option in my opinion). Please send dumps of the problem without SFQ (or just without perturbation), this shadows whatever other cause their might be. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 12:05 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-10 12:05 MET ------- Created an attachment (id=253) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=253&action=view) Holm's /var/log/messages THis is the firewall log that belongs to my tcpdump. Sorry for the lateness. jh -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 12:05 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-10 12:05 MET ------- Created an attachment (id=253) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=253&action=view) Holm's /var/log/messages THis is the firewall log that belongs to my tcpdump. Sorry for the lateness. jh -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 12:05 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-10 12:05 MET ------- Created an attachment (id=253) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=253&action=view) Holm's /var/log/messages THis is the firewall log that belongs to my tcpdump. Sorry for the lateness. jh -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 12:08 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From joerg@dorchain.net 2006-07-10 12:08 MET ------- (In reply to comment #20)> Jul 8 21:45:14 Redstar kernel: Invalid match: IN=ppp0 OUT= MAC ^^^^^^^That is me, not Juergen. I am not using any special scheduling algorithms. Please note that here are two different people with two different setups expiriencing similiar problems, which is provocing confusion. Bye, Joerg -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 12:08 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From joerg@dorchain.net 2006-07-10 12:08 MET ------- (In reply to comment #20)> Jul 8 21:45:14 Redstar kernel: Invalid match: IN=ppp0 OUT= MAC ^^^^^^^That is me, not Juergen. I am not using any special scheduling algorithms. Please note that here are two different people with two different setups expiriencing similiar problems, which is provocing confusion. Bye, Joerg -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 12:08 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From joerg@dorchain.net 2006-07-10 12:08 MET ------- (In reply to comment #20)> Jul 8 21:45:14 Redstar kernel: Invalid match: IN=ppp0 OUT= MAC ^^^^^^^That is me, not Juergen. I am not using any special scheduling algorithms. Please note that here are two different people with two different setups expiriencing similiar problems, which is provocing confusion. Bye, Joerg -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-10 12:08 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From joerg@dorchain.net 2006-07-10 12:08 MET ------- (In reply to comment #20)> Jul 8 21:45:14 Redstar kernel: Invalid match: IN=ppp0 OUT= MAC ^^^^^^^That is me, not Juergen. I am not using any special scheduling algorithms. Please note that here are two different people with two different setups expiriencing similiar problems, which is provocing confusion. Bye, Joerg -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-12 03:10 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From netfilter@linuxace.com 2006-07-12 03:10 MET ------- Joerg - the invalid packet you receive: Jul 8 21:45:14 Redstar kernel: Invalid match: IN=ppp0 OUT= MACSRC=217.10.79.19 DST=212.88.133.153 LEN=52 TOS=0x00 PREC=0x00 TTL=58 ID=52725 DF PROTO=TCP SPT=37618 DPT=49443 WINDOW=9904 RES=0x00 ACK RST URGP=0 matches the tcpdump: 21:45:14.470885 IP 217.10.79.19.37618 > 212.88.133.153.49443: R 3969071728:3969071728(0) ack 3348563057 win 9904 <nop,nop,timestamp 82982227 1164171085> I cannot say why the host attempts to reset the connection using a different and seemingly random port instead of 443 as it should, but it is definitely invalid and netfilter is right to complain. If that is the only problem (a remote host which seems braindead), then the problem lies with that host, not with netfilter. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-12 03:10 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From netfilter@linuxace.com 2006-07-12 03:10 MET ------- Joerg - the invalid packet you receive: Jul 8 21:45:14 Redstar kernel: Invalid match: IN=ppp0 OUT= MACSRC=217.10.79.19 DST=212.88.133.153 LEN=52 TOS=0x00 PREC=0x00 TTL=58 ID=52725 DF PROTO=TCP SPT=37618 DPT=49443 WINDOW=9904 RES=0x00 ACK RST URGP=0 matches the tcpdump: 21:45:14.470885 IP 217.10.79.19.37618 > 212.88.133.153.49443: R 3969071728:3969071728(0) ack 3348563057 win 9904 <nop,nop,timestamp 82982227 1164171085> I cannot say why the host attempts to reset the connection using a different and seemingly random port instead of 443 as it should, but it is definitely invalid and netfilter is right to complain. If that is the only problem (a remote host which seems braindead), then the problem lies with that host, not with netfilter. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-12 03:10 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From netfilter@linuxace.com 2006-07-12 03:10 MET ------- Joerg - the invalid packet you receive: Jul 8 21:45:14 Redstar kernel: Invalid match: IN=ppp0 OUT= MACSRC=217.10.79.19 DST=212.88.133.153 LEN=52 TOS=0x00 PREC=0x00 TTL=58 ID=52725 DF PROTO=TCP SPT=37618 DPT=49443 WINDOW=9904 RES=0x00 ACK RST URGP=0 matches the tcpdump: 21:45:14.470885 IP 217.10.79.19.37618 > 212.88.133.153.49443: R 3969071728:3969071728(0) ack 3348563057 win 9904 <nop,nop,timestamp 82982227 1164171085> I cannot say why the host attempts to reset the connection using a different and seemingly random port instead of 443 as it should, but it is definitely invalid and netfilter is right to complain. If that is the only problem (a remote host which seems braindead), then the problem lies with that host, not with netfilter. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-12 09:53 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From joerg@dorchain.net 2006-07-12 09:53 MET -------> > If that is the only problem (a remote host which seems braindead), then the > problem lies with that host, not with netfilter.This was the one easiest to reproduce. There were others. I will try to find more examples. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-12 09:53 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From joerg@dorchain.net 2006-07-12 09:53 MET -------> > If that is the only problem (a remote host which seems braindead), then the > problem lies with that host, not with netfilter.This was the one easiest to reproduce. There were others. I will try to find more examples. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-12 09:53 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From joerg@dorchain.net 2006-07-12 09:53 MET -------> > If that is the only problem (a remote host which seems braindead), then the > problem lies with that host, not with netfilter.This was the one easiest to reproduce. There were others. I will try to find more examples. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-12 09:53 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From joerg@dorchain.net 2006-07-12 09:53 MET -------> > If that is the only problem (a remote host which seems braindead), then the > problem lies with that host, not with netfilter.This was the one easiest to reproduce. There were others. I will try to find more examples. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-13 03:09 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464
------- Additional Comments From netfilter@linuxace.com 2006-07-13 03:09 MET
-------
Jurgen: what kernel revision are you on? It seems to be having problems with
SACK packets from the trace, and if you are on 2.6.1[234], it could be a problem
with the TCP window tracking code.
02:52:32.303200 IP 84.132.150.225.32805 > 134.76.88.65.11064: . ack 63457 win
32406 <nop,nop,timestamp 2027314 229941865,nop,nop,sack 1
{1478490412:1478491852}>
02:52:32.303331 IP 134.76.249.1 > 84.132.150.225: ICMP 134.76.88.65 tcp port
11064 unreachable, length 72
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-13 03:09 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464
------- Additional Comments From netfilter@linuxace.com 2006-07-13 03:09 MET
-------
Jurgen: what kernel revision are you on? It seems to be having problems with
SACK packets from the trace, and if you are on 2.6.1[234], it could be a problem
with the TCP window tracking code.
02:52:32.303200 IP 84.132.150.225.32805 > 134.76.88.65.11064: . ack 63457 win
32406 <nop,nop,timestamp 2027314 229941865,nop,nop,sack 1
{1478490412:1478491852}>
02:52:32.303331 IP 134.76.249.1 > 84.132.150.225: ICMP 134.76.88.65 tcp port
11064 unreachable, length 72
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-13 03:09 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464
------- Additional Comments From netfilter@linuxace.com 2006-07-13 03:09 MET
-------
Jurgen: what kernel revision are you on? It seems to be having problems with
SACK packets from the trace, and if you are on 2.6.1[234], it could be a problem
with the TCP window tracking code.
02:52:32.303200 IP 84.132.150.225.32805 > 134.76.88.65.11064: . ack 63457 win
32406 <nop,nop,timestamp 2027314 229941865,nop,nop,sack 1
{1478490412:1478491852}>
02:52:32.303331 IP 134.76.249.1 > 84.132.150.225: ICMP 134.76.88.65 tcp port
11064 unreachable, length 72
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-13 11:20 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-13 11:20 MET ------- (In reply to comment #25)> Jurgen: what kernel revision are you on? It seems to be having problems with > SACK packets from the trace, and if you are on 2.6.1[234], it could be a problem > with the TCP window tracking code.Sorry, but this trace was produced under 2.6.16-1mdksmp. As I mentioned before, 2.6.8.1-26mdksmp (now on my firewall) has no such problems. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-13 11:20 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-13 11:20 MET ------- (In reply to comment #25)> Jurgen: what kernel revision are you on? It seems to be having problems with > SACK packets from the trace, and if you are on 2.6.1[234], it could be a problem > with the TCP window tracking code.Sorry, but this trace was produced under 2.6.16-1mdksmp. As I mentioned before, 2.6.8.1-26mdksmp (now on my firewall) has no such problems. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jul-13 11:20 UTC
[Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=464 ------- Additional Comments From holm@theorie.physik.uni-goettingen.de 2006-07-13 11:20 MET ------- (In reply to comment #25)> Jurgen: what kernel revision are you on? It seems to be having problems with > SACK packets from the trace, and if you are on 2.6.1[234], it could be a problem > with the TCP window tracking code.Sorry, but this trace was produced under 2.6.16-1mdksmp. As I mentioned before, 2.6.8.1-26mdksmp (now on my firewall) has no such problems. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
Apparently Analagous Threads
- [Bug 464] state match sometimes failes RELATED,ESTABLISHED matches
- [Bug 36866] New: blank screen with my card/chipset combination
- significant anova but no distinct groups ?
- [LLVMdev] [PATCH] Seh exceptions on Win64
- [LLVMdev] [PATCH] Seh exceptions on Win64