Skip to content
This repository has been archived by the owner on May 20, 2020. It is now read-only.

Possible incorrect TCP Flag SYN processing #36

Open
amurchick opened this issue Jan 17, 2020 · 0 comments
Open

Possible incorrect TCP Flag SYN processing #36

amurchick opened this issue Jan 17, 2020 · 0 comments

Comments

@amurchick
Copy link

amurchick commented Jan 17, 2020
edited
Loading

In my system TCP connect to this stack established in this way:

07:57:49.408070 IP 10.16.2.10.25972 > 10.16.2.1.5202: Flags [SEW], seq 1569462573, win 25760, options [mss 1288,sackOK,TS val 1388526775 ecr 0,nop,wscale 11], length 0
        0x0000:  0004 fffe 0000 0000 0000 0000 0000 0800  ................
        0x0010:  4500 003c aca7 4000 4006 75ea 0a10 020a  E..<..@[email protected].....
        0x0020:  0a10 0201 6574 1452 5d8c 192d 0000 0000  ....et.R]..-....
        0x0030:  a0c2 64a0 4b23 0000 0204 0508 0402 080a  ..d.K#..........
        0x0040:  52c3 3cb7 0000 0000 0103 030b            R.<.........
07:57:50.422943 IP 10.16.2.10.25972 > 10.16.2.1.5202: Flags [S], seq 1569462573, win 25760, options [mss 1288,sackOK,TS val 1388527790 ecr 0,nop,wscale 11], length 0
        0x0000:  0004 fffe 0000 0000 0000 0000 0000 0800  ................
        0x0010:  4500 003c aca8 4000 4006 75e9 0a10 020a  E..<..@[email protected].....
        0x0020:  0a10 0201 6574 1452 5d8c 192d 0000 0000  ....et.R]..-....
        0x0030:  a002 64a0 47ec 0000 0204 0508 0402 080a  ..d.G...........
        0x0040:  52c3 40ae 0000 0000 0103 030b            R.@.........
07:57:50.423528 IP 10.16.2.1.5202 > 10.16.2.10.25972: Flags [S.], seq 66191750, ack 1569462574, win 25600, options [mss 1288,nop,nop,TS val 3691788284 ecr 1388527790,nop,wscale 9], length 0
        0x0000:  0000 fffe 0000 0000 0000 0000 0000 0800  ................
        0x0010:  4500 003c 0000 0000 4006 6292 0a10 0201  E..<[email protected].....
        0x0020:  0a10 020a 1452 6574 03f2 0186 5d8c 192e  .....Ret....]...
        0x0030:  a012 6400 31fd 0000 0204 0508 0101 080a  ..d.1...........
        0x0040:  dc0c 37fc 52c3 40ae 0103 0309            ..7.R.@.....
07:57:50.423611 IP 10.16.2.10.25972 > 10.16.2.1.5202: Flags [.], ack 1, win 13, options [nop,nop,TS val 1388527791 ecr 3691788284], length 0
        0x0000:  0004 fffe 0000 0000 0000 0000 0000 0800  ................
        0x0010:  4500 0034 aca9 4000 4006 75f0 0a10 020a  E..4..@[email protected].....
        0x0020:  0a10 0201 6574 1452 5d8c 192e 03f2 0187  ....et.R].......
        0x0030:  8010 000d c110 0000 0101 080a 52c3 40af  ............R.@.
        0x0040:  dc0c 37fc                                ..7.

As you see, first packet with SYN flag set ignored, because in https://github.com/google/netstack/blob/master/tcpip/transport/tcp/accept.go#L423 we are see this:

case s.flags == header.TCPFlagSyn:

After 1 sec (!) OS resend packet - so time to establish TCP connect is too much.

May will be better do check SYN flag like this?

case s.flags&header.TCPFlagSyn == header.TCPFlagSyn && s.flags&header.TCPFlagAck == 0:

I am try this change - connection established without resend SYN and waiting for 1 sec:

08:01:09.411939 IP 10.16.2.10.26008 > 10.16.2.1.5202: Flags [SEW], seq 2510860144, win 25760, options [mss 1288,sackOK,TS val 1388726858 ecr 0,nop,wscale 11], length 0
        0x0000:  0004 fffe 0000 0000 0000 0000 0000 0800  ................
        0x0010:  4500 003c d7ab 4000 4006 4ae6 0a10 020a  E..<..@[email protected].....
        0x0020:  0a10 0201 6598 1452 95a8 af70 0000 0000  ....e..R...p....
        0x0030:  a0c2 64a0 6f09 0000 0204 0508 0402 080a  ..d.o...........
        0x0040:  52c6 4a4a 0000 0000 0103 030b            R.JJ........
08:01:09.544343 IP 10.16.2.10.26008 > 10.16.2.1.5202: Flags [.], ack 1, win 13, options [nop,nop,TS val 1388726991 ecr 3682267655], length 0 
        0x0000:  0004 fffe 0000 0000 0000 0000 0000 0800  ................
        0x0010:  4500 0034 d7ac 4000 4006 4aed 0a10 020a  E..4..@[email protected].....
        0x0020:  0a10 0201 6598 1452 95a8 af71 169b 9430  ....e..R...q...0
        0x0030:  8010 000d 899d 0000 0101 080a 52c6 4acf  ............R.J.
        0x0040:  db7a f207                                .z..
08:01:09.744942 IP 10.16.2.1.5202 > 10.16.2.10.26008: Flags [.], ack 1, win 40960, options [nop,nop,TS val 3682267855 ecr 1388726991], length 0
        0x0000:  0000 fffe 0000 0000 0000 0000 0000 0800  ................
        0x0010:  4500 0034 0000 0000 4006 629a 0a10 0201  [email protected].....
        0x0020:  0a10 020a 1452 6598 169b 9430 95a8 af71  .....Re....0...q
        0x0030:  8010 a000 e8e1 0000 0101 080a db7a f2cf  .............z..
        0x0040:  52c6 4acf                                R.J.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@amurchick