• Uncategorized

About c : Running-my-code-that-creates-TUN-interface-And-simulating-TCP-listening-port-in-my-code-So-received-SYN-packet-responded-with-SYNACK-in-the-code

Question Detail

I have simple server that reads IP packets from TUN0 interface. And in this code I am trying to Simulate behavior of TCP listening port at port 80 so call it a server. So if I get SYN requests then I respond it with SYN+ACK response.

I am repeatedly checking that my code SYN+ACK packets are getting ignored and I am keep getting retransmission of SYN packets. Why is this the case?

My SYN+ACK packet seems to be perfectly fine. Someone else checked it too, see below for the full packet capture if needed.
But my client is ignoring my server code’s SYN+ACK packet response of its TCP SYN packet.

I checked netstat with

$ netstat --interfaces
Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eno1      1500     9524      0      0 0          9813      0      0      0 BMRU
lo       65536     2110      0      0 0          2110      0      0      0 LRU
tun0      1500       28      0      0 0       

I also disabled Linux Reverse’s Path filtering with

echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter ;
echo 0 > /proc/sys/net/ipv4/conf/tun0/rp_filter    ;

But my netstat is not showing any dropped packets. So what might be the other reason why my client is simply ignoring my server’s SYN+ACK packet. and I keep getting retransmission of SYN packet from client. Is there some magic work that’s done in Linux kernel that rejects SYN+ACK packets and no-one knows about it. Do I need iptable to configure or something too, I did not think this initially needed but what else I can do.

This is hex dump of intial SYN and SYN+ACK

0000   45 00 00 3c 27 20 40 00 40 06 7e 28 c0 a8 0a 14
0010   c0 a8 0a 0f b3 b0 00 50 51 26 ee f7 00 00 00 00
0020   a0 02 fa f0 c2 46 00 00 02 04 05 b4 04 02 08 0a
0030   68 c4 98 71 00 00 00 00 01 03 03 07

SYN+ACK

0000   45 00 00 28 00 64 40 00 40 06 a4 f8 c0 a8 0a 0f
0010   c0 a8 0a 14 00 50 b3 b0 00 01 00 00 51 26 ee f7
0020   50 12 fa f0 2b 4e 00 00

A packet capture shows:

 3 7.708817335 192.168.10.20 → 192.168.10.15 TCP 60 48332 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2667509633 TSecr=0 WS=128
 4 7.708913705 192.168.10.15 → 192.168.10.20 TCP 40 80 → 48332 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0
 5 8.736000043 192.168.10.20 → 192.168.10.15 TCP 60 [TCP Retransmission] 48332 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2667510660 TSecr=0 WS=128
 6 8.736098933 192.168.10.15 → 192.168.10.20 TCP 40 [TCP Retransmission] 80 → 48332 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0
 7 10.751997741 192.168.10.20 → 192.168.10.15 TCP 60 [TCP Retransmission] 48332 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2667512676 TSecr=0 WS=128
 8 10.752078320 192.168.10.15 → 192.168.10.20 TCP 40 [TCP Retransmission] 80 → 48332 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0
 9 14.847991184 192.168.10.20 → 192.168.10.15 TCP 60 [TCP Retransmission] 48332 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2667516772 TSecr=0 WS=128
10 14.848068483 192.168.10.15 → 192.168.10.20 TCP 40 [TCP Retransmission] 80 → 48332 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0
11 23.040001163 192.168.10.20 → 192.168.10.15 TCP 60 [TCP Retransmission] 48332 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2667524964 TSecr=0 WS=128
12 23.040081745 192.168.10.15 → 192.168.10.20 TCP 40 [TCP Retransmission] 80 → 48332 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0
13 39.167998575 192.168.10.20 → 192.168.10.15 TCP 60 [TCP Retransmission] 48332 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2667541092 TSecr=0 WS=128
14 39.168081088 192.168.10.15 → 192.168.10.20 TCP 40 [TCP Retransmission] 80 → 48332 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0

And this is full packet capture:

https://drive.google.com/file/d/1hF8FeQcZqGvAZzxHHRRtO2BOl8Y1Yymn/view?usp=sharing

Kernel version: kernel 5.13.0-22-generic

Question Answer

No answer for now.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.