search for: ack_seq

.... > > So overall, it is difficult to understand the motivation for this request. > And even more difficult would be actually implementing it. That's the difficulty that userspace programs such as tcpkill, killcx, cutter, snort, and similar have to face. The kernel manages the seq and ack_seq counters itself, so it doesn't have to try: It issues a reset, rather than injecting it. -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=696 --- Comment #4 from Phil Oester <netfilter at linuxace.com> 2013-06-21 20:09:31 CEST --- > The kernel manages the seq and > ack_seq counters itself, so it doesn't have to try ...for locally terminated connections, yes. But what about forwarded traffic? That is where the difficulty comes in. Netfilter would need to be able to manage both local sockets and forwarded traffic. -- Configure bugmail: https://bugzilla.netfil...

https://bugzilla.netfilter.org/show_bug.cgi?id=696 --- Comment #5 from Alessandro Vesely <vesely at tana.it> 2013-06-22 10:05:55 CEST --- (In reply to comment #4) >> The kernel manages the seq and ack_seq counters itself, so it doesn't have >> to try > > ...for locally terminated connections, yes. But what about forwarded traffic? > That is where the difficulty comes in. Netfilter would need to be able to > manage both local sockets and forwarded traffic. That sounds corre...

...{ I have done that already. It is not really helpful as it floods the log with messages about packages it is ignoring. Within one minute of log I got >7000 of them, e.g. Feb 13 17:36:08 <server> ctdb-eventd[29607]: 10.interface.debug: Ignoring packet: z.z.139.15:2049 z.z.155.1:720, seq=0, ack_seq=0, rst=0, window=1234 Feb 13 17:36:08 <server> ctdb-eventd[29607]: 10.interface.debug: reset_connections_capture_tcp_handler: Ignoring packet for unknown connection: z.z.139.34:4739 z.z.139.14:41437 > For Samba 4.18, a new script variable CTDB_KILLTCP_DEBUGLEVEL has > been added f...

...have done that already. It is not really helpful as it floods the log with messages about packages it is ignoring. Within one minute of log I got >7000 of them, e.g. > Feb 13 17:36:08 <server> ctdb-eventd[29607]: 10.interface.debug: Ignoring packet: z.z.139.15:2049 z.z.155.1:720, seq=0, ack_seq=0, rst=0, window=1234 > Feb 13 17:36:08 <server> ctdb-eventd[29607]: 10.interface.debug: reset_connections_capture_tcp_handler: Ignoring packet for unknown connection: z.z.139.34:4739 z.z.139.14:41437 Fair enough... but a whole minute is a long time to be running ctdb_killtcp during failo...

Hi Uli, [Sorry for slow response, life is busy...] On Mon, 13 Feb 2023 15:06:26 +0000, Ulrich Sibiller via samba <samba at lists.samba.org> wrote: > we are using ctdb 4.15.5 on RHEL8 (Kernel > 4.18.0-372.32.1.el8_6.x86_64) to provide NFS v3 (via tcp) to RHEL7/8 > clients. Whenever an ip takeover happens most clients report > something like this: > [Mon Feb 13 12:21:22