Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: ufw (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1631553
Title:
With UFW enabled, kernel reports SYN flooding
Status in ufw package in Ubuntu:
Confirmed
Bug description:
So, this is a fun one.
I have an Epson XP-610 multifunction
scanner/printer/coffeemaker/whiskey distillery. It uses an XSane
plugin, which spawns an intermediary network app
(/usr/lib/iscan/network) which detects and talks to the scanner. These
packages can all be obtained from here:
http://support.epson.net/linux/en/iscan_c.html.
Anyway, if you have UFW disabled, it works. If you enable UFW, however
it works intermittently and takes forever to start up. Checking my
syslog, I find:
Oct 6 22:48:00 hiro kernel: [48176.543355] TCP: request_sock_TCP:
Possible SYN flooding on port 40796. Dropping request. Check SNMP
counters.
A wireshark capture shows two things:
1.) It is communicating on that port on the "lo" interface, not any real
interface.
2.) There's one SYN. Not a lot. Just a single SYN. And then TCP retries. And
then eventually it works. Sometimes.
Anyway, if I edit /etc/ufw/sysctl.conf, and set
net/ipv4/tcp_syncookies=1, and then disable and reenable UFW, it
works, with the following syslog entry:
Oct 7 20:26:18 hiro kernel: [13666.745140] TCP: request_sock_TCP:
Possible SYN flooding on port 42751. Sending cookies. Check SNMP
counters.
Now, to be clear, I think the syncookies is a workaround for a more
serious problem. Namely, why does the kernel think it's under attack
to begin with?
Anyway, I'm not certain this is really a UFW bug, but I'm starting
here because UFW seems to make it worse. Feel free to reclassify as a
kernel bug.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: ufw 0.35-0ubuntu2
ProcVersionSignature: Ubuntu 4.4.0-38.57-generic 4.4.19
Uname: Linux 4.4.0-38-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: XFCE
Date: Fri Oct 7 20:20:00 2016
PackageArchitecture: all
SourcePackage: ufw
UpgradeStatus: Upgraded to xenial on 2016-09-30 (7 days ago)
mtime.conffile..etc.ufw.sysctl.conf: 2016-10-06T23:11:58.680226
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1631553/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
