TCP is down, Diald is up

Robert de Bath Sat, 17 Oct 1998 17:53:01 -0400
I've extracted these lines from my syslog (debug 17) could somebody
explain why diald thinks the TCP connection is still alive ...

Oct 17 07:37:37 mayday diald[12068]: filter accepted rule 17 proto 6 len 44 seq 
2d9d6d6b ack 0 flags  SYN packet 194.153.8.241,1234 => 194.153.0.123,119
Oct 17 07:37:38 mayday diald[12068]: filter accepted rule 17 proto 6 len 44 seq 
1f7fcad6 ack 2d9d6d6c flags  SYN ACK packet 194.153.0.123,119 => 194.153.8.241,1234
Oct 17 07:37:38 mayday diald[12068]: filter ignored rule 21 proto 6 len 40 seq 
2d9d6d6c ack 1f7fcad7 flags  ACK packet 194.153.8.241,1234 => 194.153.0.123,119
Oct 17 07:37:38 mayday diald[12068]: filter accepted rule 35 proto 6 len 127 seq 
1f7fcad7 ack 2d9d6d6c flags  PUSH ACK packet 194.153.0.123,119 => 194.153.8.241,1234
Oct 17 07:37:38 mayday diald[12068]: filter ignored rule 21 proto 6 len 40 seq 
2d9d6d6c ack 1f7fcb2e flags  ACK packet 194.153.8.241,1234 => 194.153.0.123,119
Oct 17 07:37:38 mayday diald[12068]: filter accepted rule 34 proto 6 len 66 seq 
2d9d6d6c ack 1f7fcb2e flags  PUSH ACK packet 194.153.8.241,1234 => 194.153.0.123,119
Oct 17 07:37:38 mayday diald[12068]: filter ignored rule 21 proto 6 len 40 seq 
1f7fcb2e ack 2d9d6d86 flags  ACK packet 194.153.0.123,119 => 194.153.8.241,1234
Oct 17 07:37:38 mayday diald[12068]: filter accepted rule 35 proto 6 len 77 seq 
1f7fcb2e ack 2d9d6d86 flags  PUSH ACK packet 194.153.0.123,119 => 194.153.8.241,1234

    ... Lots of PUSH ACK lines, a few ACK lines ...


Oct 17 07:37:45 mayday diald[12068]: filter accepted rule 35 proto 6 len 296 seq 
1f7fdd4c ack 2d9d70e9 flags  ACK packet 194.153.0.123,119 => 194.153.8.241,1234
Oct 17 07:37:46 mayday diald[12068]: filter accepted rule 35 proto 6 len 296 seq 
1f7fde4c ack 2d9d70e9 flags  PUSH ACK packet 194.153.0.123,119 => 194.153.8.241,1234
Oct 17 07:37:46 mayday diald[12068]: filter ignored rule 21 proto 6 len 40 seq 
2d9d70e9 ack 1f7fdf4c flags  ACK packet 194.153.8.241,1234 => 194.153.0.123,119
Oct 17 07:37:46 mayday diald[12068]: filter accepted rule 35 proto 6 len 255 seq 
1f7fdf4c ack 2d9d70e9 flags  PUSH ACK packet 194.153.0.123,119 => 194.153.8.241,1234
Oct 17 07:37:46 mayday diald[12068]: filter ignored rule 21 proto 6 len 40 seq 
2d9d70e9 ack 1f7fe023 flags  ACK packet 194.153.8.241,1234 => 194.153.0.123,119
Oct 17 07:37:46 mayday diald[12068]: filter accepted rule 34 proto 6 len 52 seq 
2d9d70e9 ack 1f7fe023 flags  PUSH ACK packet 194.153.8.241,1234 => 194.153.0.123,119
Oct 17 07:37:46 mayday diald[12068]: filter accepted rule 35 proto 6 len 296 seq 
1f7fe023 ack 2d9d70f5 flags  ACK packet 194.153.0.123,119 => 194.153.8.241,1234
Oct 17 07:37:46 mayday diald[12068]: filter accepted rule 35 proto 6 len 296 seq 
1f7fe123 ack 2d9d70f5 flags  PUSH ACK packet 194.153.0.123,119 => 194.153.8.241,1234
Oct 17 07:37:46 mayday diald[12068]: filter ignored rule 21 proto 6 len 40 seq 
2d9d70f5 ack 1f7fe223 flags  ACK packet 194.153.8.241,1234 => 194.153.0.123,119
Oct 17 07:37:46 mayday diald[12068]: filter accepted rule 35 proto 6 len 296 seq 
1f7fe223 ack 2d9d70f5 flags  ACK packet 194.153.0.123,119 => 194.153.8.241,1234
Oct 17 07:37:46 mayday diald[12068]: filter accepted rule 35 proto 6 len 52 seq 
1f7fe323 ack 2d9d70f5 flags  PUSH ACK packet 194.153.0.123,119 => 194.153.8.241,1234
Oct 17 07:37:46 mayday diald[12068]: filter accepted rule 34 proto 6 len 46 seq 
2d9d70f5 ack 1f7fe32f flags  PUSH ACK packet 194.153.8.241,1234 => 194.153.0.123,119
Oct 17 07:37:46 mayday diald[12068]: filter accepted rule 35 proto 6 len 47 seq 
1f7fe32f ack 2d9d70fb flags  PUSH ACK packet 194.153.0.123,119 => 194.153.8.241,1234
Oct 17 07:37:46 mayday diald[12068]: filter ignored rule 21 proto 6 len 40 seq 
2d9d70fb ack 1f7fe336 flags  FIN ACK packet 194.153.8.241,1234 => 194.153.0.123,119
Oct 17 07:37:46 mayday diald[12068]: filter ignored rule 21 proto 6 len 40 seq 
1f7fe336 ack 2d9d70fb flags  FIN ACK packet 194.153.0.123,119 => 194.153.8.241,1234
Oct 17 07:37:46 mayday diald[12068]: filter ignored rule 21 proto 6 len 40 seq 
2d9d70fc ack 1f7fe337 flags  ACK packet 194.153.8.241,1234 => 194.153.0.123,119
Oct 17 07:37:46 mayday diald[12068]: filter ignored rule 21 proto 6 len 40 seq 
1f7fe337 ack 2d9d70fc flags  ACK packet 194.153.0.123,119 => 194.153.8.241,1234


 ... Well that's it the TCP has finished ...
 ... Send a SIGUSR2 and I get this line ...

Oct 17 07:38:10 mayday diald[12068]: ttl 96, 6 - 194.153.0.123/119 => 
194.153.8.241/1234 (tcp state ([1f7fe338,2d9d70fc] 3,2))

 ... WTH ?  ttl 96 ? That's 38:10 ... 96 ... 120 ... 37:46 

As I've got two rules like this:

    34  accept tcp 120 tcp.dest=tcp.nntp
    35  accept tcp 120 tcp.source=tcp.nntp

In front of this:

    36  accept tcp 600 any

It's only keeping a dead link open for 2 minutes instead of 10 ...


-- 
Rob.                          (Robert de Bath <http://www.cix.co.uk/~mayday>)
                                                <http://poboxes.com/rdebath>
-- Sorry, weekend email only ATM. (Urgent to [EMAIL PROTECTED])

PS: Rules ...

     1  accept icmp 60 ip.daddr&255.255.254.192=192.168.0.64,icmp.type=8
     2  accept icmp 60 ip.daddr=194.153.0.2,icmp.type=8
     3  accept icmp 60 ip.daddr=194.153.0.50,icmp.type=8
     4  ignore icmp any
     5  ignore any ip.protocol=89
     6  ignore any ip.daddr&255.255.0.0=192.168.0.0
     7  ignore any ip.daddr&255.240.0.0=172.16.0.0
     8  ignore any ip.daddr&255.0.0.0=10.0.0.0
     9  ignore any ip.saddr&255.255.0.0=192.168.0.0
    10  ignore any ip.saddr&255.240.0.0=172.16.0.0
    11  ignore any ip.saddr&255.0.0.0=10.0.0.0
restrict++
    12  impulse 160,55,5
    13  ignore tcp tcp.syn
    14  ignore udp any
    15  impulse 40,55,5
    16  impulse 100,55,5
restrict--
    17  accept tcp 15 tcp.syn
    18  ignore tcp tcp.dest=tcp.domain
    19  ignore tcp tcp.source=tcp.domain
    20  accept tcp 5 ip.tot_len=40,tcp.syn
    21  ignore tcp ip.tot_len=40,tcp.live
    22  accept tcp 120 tcp.dest=tcp.www
    23  accept tcp 120 tcp.source=tcp.www
    24  keepup tcp 5 !tcp.live
    25  ignore tcp !tcp.live
    26  accept tcp 120 tcp.dest=tcp.ftp
    27  accept tcp 120 tcp.source=tcp.ftp
    28  accept tcp 120 tcp.dest=tcp.ftp-data
    29  accept tcp 120 tcp.source=tcp.ftp-data
    30  accept tcp 120 tcp.dest=tcp.smtp
    31  accept tcp 120 tcp.source=tcp.smtp
    32  accept tcp 120 tcp.dest=tcp.pop-3
    33  accept tcp 120 tcp.source=tcp.pop-3
    34  accept tcp 120 tcp.dest=tcp.nntp
    35  accept tcp 120 tcp.source=tcp.nntp
    36  accept tcp 600 any
    37  ignore udp udp.dest=udp.who
    38  ignore udp udp.source=udp.who
    39  ignore udp udp.dest=udp.route
    40  ignore udp udp.source=udp.route
    41  ignore udp udp.dest=udp.ntp
    42  ignore udp udp.source=udp.ntp
    43  ignore udp udp.dest=udp.timed
    44  ignore udp udp.source=udp.timed
    45  ignore udp udp.dest=udp.domain,udp.source=udp.domain
    46  accept udp 30 udp.dest=udp.domain 
    47  accept udp 30 udp.source=udp.domain
    48  ignore udp udp.source=udp.netbios-ns,udp.dest=udp.netbios-ns
    49  accept udp 30 udp.dest=udp.netbios-ns
    50  accept udp 30 udp.source=udp.netbios-ns
    51  ignore udp tcp.dest=udp.route
    52  ignore udp tcp.source=udp.route
    53  accept udp 120 any
    54  accept any 30 any



-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
TCP is down, Diald is up

Reply via email to
