[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: synproxy problems



On Mon, May 17, 2004 at 07:19:16PM +0200, Johan Fredin wrote:
..
[snip]
..
 > with synproxy state:
 > ------
 > 18:49:46.866829 0:a0:c5:36:79:15 0:0:e:9c:b0:62 0800 78: 130.240.202.203.16876 > 192.168.2.2.80: S [tcp sum ok] 1377846560:1377846560(0) win 16384 <mss 1400,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 556263650 0> (DF) [tos 0x10] (ttl 51, id 26876)
 > 18:49:46.866978 0:0:e:9c:b0:62 0:a0:c5:36:79:15 0800 58: 192.168.2.2.80 > 130.240.202.203.16876: S [tcp sum ok] 105315117:105315117(0) ack 1377846561 win 0 <mss 1414> (DF) [tos 0x10] (ttl 64, id 7089)
What makes me wonder is advertisement of window size 0 that host
192.168.2.2 sended back. I don't know it's regal to send SYN|ACK
with window size 0 during the handshake.
And I didn't check possible packet loss cases while performing
the handshake with passive endpoint yet.
Maybe Daniel knows what happened here.
 > 18:49:46.892013 0:a0:c5:36:79:15 0:0:e:9c:b0:62 0800 60: 130.240.202.203.16876 > 192.168.2.2.80: . [tcp sum ok] ack 1 win 16384 (DF) [tos 0x10] (ttl 51, id 8141)
 > 18:50:07.368803 0:a0:c5:36:79:15 0:0:e:9c:b0:62 0800 60: 130.240.202.203.16876 > 192.168.2.2.80: . [tcp sum ok] 1:2(1) ack 1 win 16384 (DF) [tos 0x10] (ttl 51, id 62188)
 > 18:50:12.368527 0:a0:c5:36:79:15 0:0:e:9c:b0:62 0800 60: 130.240.202.203.16876 > 192.168.2.2.80: . [tcp sum ok] 1:2(1) ack 1 win 16384 (DF) [tos 0x10] (ttl 51, id 24746)
 > 18:50:17.367890 0:a0:c5:36:79:15 0:0:e:9c:b0:62 0800 60: 130.240.202.203.16876 > 192.168.2.2.80: . [tcp sum ok] 1:2(1) ack 1 win 16384 (DF) [tos 0x10] (ttl 51, id 58011)
 > 18:50:25.367766 0:a0:c5:36:79:15 0:0:e:9c:b0:62 0800 60: 130.240.202.203.16876 > 192.168.2.2.80: . [tcp sum ok] 1:2(1) ack 1 win 16384 (DF) [tos 0x10] (ttl 51, id 41100)
 > 18:50:25.367942 0:0:e:9c:b0:62 0:a0:c5:36:79:15 0800 54: 192.168.2.2.80 > 130.240.202.203.16876: R [tcp sum ok] 1:1(0) ack 2 win 0 (DF) [tos 0x10] (ttl 64, id 16877)
 > 
 > The telnet session I used on 130.240.202.203 just drops with
 > "Connection closed by foreign host." after this.
 > 
Pyun YongHyeon
-- 
Pyun YongHyeon <http://www.kr.freebsd.org/~yongari>