Re: bind() udp behavior 2.6.8.1

From: Jan Engelhardt
Date: Tue Dec 14 2004 - 11:46:27 EST

Next message: Greg KH: "kernel BUG at mm/rmap.c:480 in 2.6.10-rc3-bk7"
Previous message: Adam Denenberg: "Re: bind() udp behavior 2.6.8.1"
In reply to: Adam Denenberg: "Re: bind() udp behavior 2.6.8.1"
Next in thread: Adam Denenberg: "Re: bind() udp behavior 2.6.8.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>sorry "closed" was the wrong term here. We are using a PIX Firewall
>Module and it keeps a state table of all connections (tcp and udp).
>Thus when a new udp connection comes in with same high numbered source

UDP does not know connections. As such, _nobody_ can tell whether an UDP
packet belongs to a logically existing "connection" or not.

>port and the firewall has not removed that connection from its state
>table, the firewall drops the packet. The firewall needs about 60ms in
>order to clear that connection from the state table, so if a second udp
>request with the same high number port/ip comes thru before the firewall
>clears the connection from the state table, it will drop the connection
>(which is what we are seeing).
>
>FreeBSD seems to increment future udp requests which prevents this
>problem. It just seems strange that the kernel would not randomize or
>increment these source ports for udp requests.

The kernel does not have problems with UDP, it's probably your firewall.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "kernel BUG at mm/rmap.c:480 in 2.6.10-rc3-bk7"
Previous message: Adam Denenberg: "Re: bind() udp behavior 2.6.8.1"
In reply to: Adam Denenberg: "Re: bind() udp behavior 2.6.8.1"
Next in thread: Adam Denenberg: "Re: bind() udp behavior 2.6.8.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]