ISNs and 2.6.22, Was: Re: haproxy & linux firewall (netfilter)

From: Krzysztof Oledzki <ole#ans.pl>
Date: Sat, 20 Oct 2007 19:08:52 +0200 (CEST)

On Sat, 20 Oct 2007, Willy Tarreau wrote: <CUT>

>>> What is very strange is that linux uses random increments, so your ISNs
>>> should not wrap in a matter of a few seconds.
>>
>> Good point. I need to investigate this.
>
> netcat is very convenient for such tests. It's easy to bind it to a
> source port for consecutive tests while you run tcpdump in the background :
>
> $ echo bla | nc -p 1234 192.168.1.2 80
> $ echo bla | nc -p 1234 192.168.1.2 80
>
> Also, please try this with tcp_timestamps enabled and disabled to see if it
> changes anything.

Interesting... :|

2.6.20: 

18:52:33.558379 IP 192.168.0.33.3333 > 212.77.100.101.80: S 3708509816:3708509816(0) win 5840 <mss 1460,sackOK,timestamp 1884090256 0,nop,wscale 1>
18:52:33.882129 IP 192.168.0.33.3333 > 212.77.100.101.80: S 3708833567:3708833567(0) win 5840 <mss 1460,sackOK,timestamp 1884090580 0,nop,wscale 1>
18:52:34.084000 IP 192.168.0.33.3333 > 212.77.100.101.80: S 3709035437:3709035437(0) win 5840 <mss 1460,sackOK,timestamp 1884090782 0,nop,wscale 1>

2.6.21: 

18:58:36.074969 IP 192.168.0.66.3333 > 212.77.100.101.80: S 110585153:110585153(0) win 5840 <mss 1460,sackOK,timestamp 112007046 0,nop,wscale 5>
18:58:36.440084 IP 192.168.0.66.3333 > 212.77.100.101.80: S 110950271:110950271(0) win 5840 <mss 1460,sackOK,timestamp 112007412 0,nop,wscale 5>
18:58:36.830141 IP 192.168.0.66.3333 > 212.77.100.101.80: S 111340328:111340328(0) win 5840 <mss 1460,sackOK,timestamp 112007802 0,nop,wscale 5>

2.6.22: 

18:59:34.525097 IP 192.168.0.7.3333 > 212.77.100.101.80: S 3303295586:3303295586(0) win 5840 <mss 1460,sackOK,timestamp 1111842 0,nop,wscale 6>
18:59:34.942104 IP 192.168.0.7.3333 > 212.77.100.101.80: S 3720303240:3720303240(0) win 5840 <mss 1460,sackOK,timestamp 1112259 0,nop,wscale 6>
18:59:35.412229 IP 192.168.0.7.3333 > 212.77.100.101.80: S 4190427367:4190427367(0) win 5840 <mss 1460,sackOK,timestamp 1112729 0,nop,wscale 6>

2.6.22+tcp_timestamps=0: 

19:00:38.285554 IP 192.168.0.7.3333 > 212.77.100.101.80: S 2639244549:2639244549(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
19:00:39.448675 IP 192.168.0.7.3333 > 212.77.100.101.80: S 3802363348:3802363348(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
19:00:43.003850 IP 192.168.0.7.3333 > 212.77.100.101.80: S 3062574559:3062574559(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>
19:00:45.950863 IP 192.168.0.7.3333 > 212.77.100.101.80: S 1714619373:1714619373(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6>

So it seems that ISNs are not randomly incremented but rather randomly generated. Adding netdev#vger.kernel.org to the CC list.

Best regards,

                                 Krzysztof Olędzki Received on 2007/10/20 19:08

This archive was generated by hypermail 2.2.0 : 2007/11/04 19:21 CET