Extra RST packets??

[lonegd]

I have a 2.6.21-gentoo-r4 kernel thats causing problems sitting behind a PIX firewall. Each connection outbound appears to be getting a RST of two after the final FIN which the firewall is dropping and logging as a problem.

Any idea's?? seeing the same from a debian 2.6.18-8.1.1.el5 kernel.


09:25:36.909888 IP 1.1.1.1.34380 > 2.2.2.2.443: S 3646257682:3646257682(0) win 5840 <mss 1380,sackOK,timestamp 1168608572 0,nop,wscale 5>
09:25:36.909919 IP 2.2.2.2.443 > 1.1.1.1.34380: S 1112398336:1112398336(0) ack 3646257683 win 5792 <mss 1460,sackOK,timestamp 1467973936 1168608572,nop,wscale 2>
09:25:37.009589 IP 1.1.1.1.34380 > 2.2.2.2.443: . ack 1 win 183 <nop,nop,timestamp 1168608597 1467973936>
09:25:37.040305 IP 1.1.1.1.34380 > 2.2.2.2.443: P 1:109(108) ack 1 win 183 <nop,nop,timestamp 1168608604 1467973936>
09:25:37.040330 IP 2.2.2.2.443 > 1.1.1.1.34380: . ack 109 win 1448 <nop,nop,timestamp 1467973949 1168608604>
09:25:37.044376 IP 2.2.2.2.443 > 1.1.1.1.34380: P 1:963(962) ack 109 win 1448 <nop,nop,timestamp 1467973949 1168608604>
09:25:37.146095 IP 1.1.1.1.34380 > 2.2.2.2.443: . ack 963 win 273 <nop,nop,timestamp 1168608631 1467973949>
09:25:37.162579 IP 1.1.1.1.34380 > 2.2.2.2.443: P 109:307(198) ack 963 win 273 <nop,nop,timestamp 1168608635 1467973949>
09:25:37.165445 IP 2.2.2.2.443 > 1.1.1.1.34380: P 963:1022(59) ack 307 win 1716 <nop,nop,timestamp 1467973961 1168608635>
09:25:37.285145 IP 1.1.1.1.34380 > 2.2.2.2.443: P 307:520(213) ack 1022 win 273 <nop,nop,timestamp 1168608665 1467973961>
09:25:37.297227 IP 2.2.2.2.443 > 1.1.1.1.34380: P 1022:1304(282) ack 520 win 1984 <nop,nop,timestamp 1467973974 1168608665>
09:25:37.398326 IP 1.1.1.1.34380 > 2.2.2.2.443: P 520:557(37) ack 1304 win 334 <nop,nop,timestamp 1168608694 1467973974>
09:25:37.398541 IP 2.2.2.2.443 > 1.1.1.1.34380: P 1304:1341(37) ack 557 win 1984 <nop,nop,timestamp 1467973984 1168608694>
09:25:37.398625 IP 2.2.2.2.443 > 1.1.1.1.34380: F 1341:1341(0) ack 557 win 1984 <nop,nop,timestamp 1467973984 1168608694>
09:25:37.399418 IP 1.1.1.1.34380 > 2.2.2.2.443: F 557:557(0) ack 1304 win 334 <nop,nop,timestamp 1168608694 1467973974>
09:25:37.399427 IP 2.2.2.2.443 > 1.1.1.1.34380: . ack 558 win 1984 <nop,nop,timestamp 1467973985 1168608694>
09:25:37.497956 IP 1.1.1.1.34380 > 2.2.2.2.443: R 3646258239:3646258239(0) win 0
09:25:37.498144 IP 1.1.1.1.34380 > 2.2.2.2.443: R 3646258239:3646258239(0) win 0
09:25:37.688663 IP 2.2.2.2.443 > 1.1.1.1.34380: P 1304:1341(37) ack 558 win 1984 <nop,nop,timestamp 1467974014 1168608694>
09:25:38.288646 IP 2.2.2.2.443 > 1.1.1.1.34380: P 1304:1341(37) ack 558 win 1984 <nop,nop,timestamp 1467974074 1168608694>
09:25:39.488660 IP 2.2.2.2.443 > 1.1.1.1.34380: P 1304:1341(37) ack 558 win 1984 <nop,nop,timestamp 1467974194 1168608694>
09:25:41.888646 IP 2.2.2.2.443 > 1.1.1.1.34380: P 1304:1341(37) ack 558 win 1984 <nop,nop,timestamp 1467974434 1168608694>
09:25:46.688651 IP 2.2.2.2.443 > 1.1.1.1.34380: P 1304:1341(37) ack 558 win 1984 <nop,nop,timestamp 1467974914 1168608694>
09:25:56.288662 IP 2.2.2.2.443 > 1.1.1.1.34380: P 1304:1341(37) ack 558 win 1984 <nop,nop,timestamp 1467975874 1168608694>
09:26:15.488645 IP 2.2.2.2.443 > 1.1.1.1.34380: P 1304:1341(37) ack 558 win 1984 <nop,nop,timestamp 1467977794 1168608694>
09:26:53.888673 IP 2.2.2.2.443 > 1.1.1.1.34380: P 1304:1341(37) ack 558 win 1984 <nop,nop,timestamp 1467981634 1168608694>
_________________
Mark Cooper
http://pvrhw.goldfish.org/ - Open Source PVR Hardware Database

[manaka]

It seems the client is closing the connection before the server. The last data packet from the server is rejected because the client thinks the connection is closed.

The server keeps trying sending the last data packet, but the client never acknowledges it.

As for the cause, difficult to tell . I would suggest debugging the communication using nc or socat...
_________________
Javier Miqueleiz

"Listen to your heart. It knows all things, because it came from the Soul of the World, and it will one day return there."