Bug 111751 - Kernel send tcp reset when receive icmp redirect
Summary: Kernel send tcp reset when receive icmp redirect
Status: RESOLVED CODE_FIX
Alias: None
Product: Networking
Classification: Unclassified
Component: IPV4 (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: Stephen Hemminger
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-02 11:42 UTC by Petr Novopashenniy
Modified: 2016-03-15 12:51 UTC (History)
2 users (show)

See Also:
Kernel Version: 4.4.0
Subsystem:
Regression: No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Petr Novopashenniy 2016-02-02 11:42:41 UTC 
Network scheme:

          server1
router----eth0------buggy-linux-box

router ip          - 192.168.113.246/30

server1 ip on eth0 - 192.168.113.245/30, 192.168.113.158/27 (aliases), default to 192.168.113.246

buggy-linux-box ip - 192.168.113.133/27

When I try telnet (or ssh, for example) to 192.168.113.133 from 192.168.113.115, I receive tcp reset:

13:55:22.341015 IP (tos 0x10, ttl 62, id 54936, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.113.115.33160 > 192.168.113.133.23: Flags [S], cksum 0x681c (correct), seq 1552183701, win 5840, options [mss 1460,sackOK,TS val
 1739695885 ecr 0,nop,wscale 9], length 0

13:55:22.341039 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.113.133.23 > 192.168.113.115.33160: Flags [S.], cksum 0x6ac8 (incorrect -> 0x4221), seq 1195050131, ack 1552183702, win 28960, o
ptions [mss 1460,sackOK,TS val 337210292 ecr 1739695885,nop,wscale 7], length 0

13:55:22.341188 IP (tos 0xc0, ttl 64, id 29828, offset 0, flags [none], proto 
ICMP (1), length 88)
    192.168.113.158 > 192.168.113.133: ICMP redirect 192.168.113.115 to host 192.168.113.246, length 68
        IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.113.133.23 > 192.168.113.115.33160: Flags [S.], cksum 0x4221 (correct), seq 1195050131, ack 1552183702, win 28960, options [mss
1460,sackOK,TS val 337210292 ecr 1739695885,nop,wscale 7], length 0

13:55:22.341264 IP (tos 0x10, ttl 62, id 54937, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.113.115.33160 > 192.168.113.133.23: Flags [.], cksum 0xe201 (correct), seq 1, ack 1, win 12, options [nop,nop,TS val 1739695885
ecr 337210292], length 0

13:55:22.341281 IP (tos 0x10, ttl 64, id 28000, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.113.133.23 > 192.168.113.115.33160: Flags [R], cksum 0x77d8 (correct), seq 1195050132, win 0, length 0

13:55:22.341284 IP (tos 0x10, ttl 62, id 54938, offset 0, flags [DF], proto TCP (6), length 76)
    192.168.113.115.33160 > 192.168.113.133.23: Flags [P.], cksum 0x8590 (correct), seq 1:25, ack 1, win 12, options [nop,nop,TS val 1739695
885 ecr 337210292], length 24 [telnet DO SUPPRESS GO AHEAD, WILL TERMINAL TYPE, WILL NAWS, WILL TSPEED, WILL LFLOW, WILL LINEMODE, WILL NEW-
ENVIRON, DO STATUS]

13:55:22.341289 IP (tos 0x10, ttl 64, id 28001, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.113.133.23 > 192.168.113.115.33160: Flags [R], cksum 0x77d8 (correct), seq 1195050132, win 0, length 0
^C
7 packets captured
7 packets received by filter
0 packets dropped by kernel

If I turn off sending redirects on server1, or reject incoming ICMP with iptables (on buggy-box), the problem is gone.

Looks like kernel 4.1.15 without this problem.
Comment 1 Eric Dumazet 2016-02-03 02:34:01 UTC 
Thanks for the report. I will send a fix.
Comment 2 Eric Dumazet 2016-02-03 03:31:56 UTC 
Could you try following patch ? Thanks !

https://patchwork.ozlabs.org/patch/577705/
Comment 3 Petr Novopashenniy 2016-02-03 10:18:21 UTC 
Work fine for me. Thanks, Eric!
Note You need to log in before you can comment on or make changes to this bug.