Skip to content
This repository was archived by the owner on May 20, 2020. It is now read-only.
This repository was archived by the owner on May 20, 2020. It is now read-only.

Possible incorrect TCP Flag SYN processing #36

Open
Open
Possible incorrect TCP Flag SYN processing#36
@amurchick

Description

@amurchick
amurchick
opened on Jan 17, 2020

In my system TCP connect to this stack established in this way:

07:57:49.408070 IP 10.16.2.10.25972 > 10.16.2.1.5202: Flags [SEW], seq 1569462573, win 25760, options [mss 1288,sackOK,TS val 1388526775 ecr 0,nop,wscale 11], length 0
        0x0000:  0004 fffe 0000 0000 0000 0000 0000 0800  ................
        0x0010:  4500 003c aca7 4000 4006 75ea 0a10 020a  E..<..@.@.u.....
        0x0020:  0a10 0201 6574 1452 5d8c 192d 0000 0000  ....et.R]..-....
        0x0030:  a0c2 64a0 4b23 0000 0204 0508 0402 080a  ..d.K#..........
        0x0040:  52c3 3cb7 0000 0000 0103 030b            R.<.........
07:57:50.422943 IP 10.16.2.10.25972 > 10.16.2.1.5202: Flags [S], seq 1569462573, win 25760, options [mss 1288,sackOK,TS val 1388527790 ecr 0,nop,wscale 11], length 0
        0x0000:  0004 fffe 0000 0000 0000 0000 0000 0800  ................
        0x0010:  4500 003c aca8 4000 4006 75e9 0a10 020a  E..<..@.@.u.....
        0x0020:  0a10 0201 6574 1452 5d8c 192d 0000 0000  ....et.R]..-....
        0x0030:  a002 64a0 47ec 0000 0204 0508 0402 080a  ..d.G...........
        0x0040:  52c3 40ae 0000 0000 0103 030b            R.@.........
07:57:50.423528 IP 10.16.2.1.5202 > 10.16.2.10.25972: Flags [S.], seq 66191750, ack 1569462574, win 25600, options [mss 1288,nop,nop,TS val 3691788284 ecr 1388527790,nop,wscale 9], length 0
        0x0000:  0000 fffe 0000 0000 0000 0000 0000 0800  ................
        0x0010:  4500 003c 0000 0000 4006 6292 0a10 0201  E..<....@.b.....
        0x0020:  0a10 020a 1452 6574 03f2 0186 5d8c 192e  .....Ret....]...
        0x0030:  a012 6400 31fd 0000 0204 0508 0101 080a  ..d.1...........
        0x0040:  dc0c 37fc 52c3 40ae 0103 0309            ..7.R.@.....
07:57:50.423611 IP 10.16.2.10.25972 > 10.16.2.1.5202: Flags [.], ack 1, win 13, options [nop,nop,TS val 1388527791 ecr 3691788284], length 0
        0x0000:  0004 fffe 0000 0000 0000 0000 0000 0800  ................
        0x0010:  4500 0034 aca9 4000 4006 75f0 0a10 020a  E..4..@.@.u.....
        0x0020:  0a10 0201 6574 1452 5d8c 192e 03f2 0187  ....et.R].......
        0x0030:  8010 000d c110 0000 0101 080a 52c3 40af  ............R.@.
        0x0040:  dc0c 37fc                                ..7.

As you see, first packet with SYN flag set ignored, because in https://github.com/google/netstack/blob/master/tcpip/transport/tcp/accept.go#L423 we are see this:

case s.flags == header.TCPFlagSyn:

After 1 sec (!) OS resend packet - so time to establish TCP connect is too much.

May will be better do check SYN flag like this?

case s.flags&header.TCPFlagSyn == header.TCPFlagSyn && s.flags&header.TCPFlagAck == 0:

I am try this change - connection established without resend SYN and waiting for 1 sec:

08:01:09.411939 IP 10.16.2.10.26008 > 10.16.2.1.5202: Flags [SEW], seq 2510860144, win 25760, options [mss 1288,sackOK,TS val 1388726858 ecr 0,nop,wscale 11], length 0
        0x0000:  0004 fffe 0000 0000 0000 0000 0000 0800  ................
        0x0010:  4500 003c d7ab 4000 4006 4ae6 0a10 020a  E..<..@.@.J.....
        0x0020:  0a10 0201 6598 1452 95a8 af70 0000 0000  ....e..R...p....
        0x0030:  a0c2 64a0 6f09 0000 0204 0508 0402 080a  ..d.o...........
        0x0040:  52c6 4a4a 0000 0000 0103 030b            R.JJ........
08:01:09.544343 IP 10.16.2.10.26008 > 10.16.2.1.5202: Flags [.], ack 1, win 13, options [nop,nop,TS val 1388726991 ecr 3682267655], length 0 
        0x0000:  0004 fffe 0000 0000 0000 0000 0000 0800  ................
        0x0010:  4500 0034 d7ac 4000 4006 4aed 0a10 020a  E..4..@.@.J.....
        0x0020:  0a10 0201 6598 1452 95a8 af71 169b 9430  ....e..R...q...0
        0x0030:  8010 000d 899d 0000 0101 080a 52c6 4acf  ............R.J.
        0x0040:  db7a f207                                .z..
08:01:09.744942 IP 10.16.2.1.5202 > 10.16.2.10.26008: Flags [.], ack 1, win 40960, options [nop,nop,TS val 3682267855 ecr 1388726991], length 0
        0x0000:  0000 fffe 0000 0000 0000 0000 0000 0800  ................
        0x0010:  4500 0034 0000 0000 4006 629a 0a10 0201  E..4....@.b.....
        0x0020:  0a10 020a 1452 6598 169b 9430 95a8 af71  .....Re....0...q
        0x0030:  8010 a000 e8e1 0000 0101 080a db7a f2cf  .............z..
        0x0040:  52c6 4acf                                R.J.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions