[Openswan dev] KLIPS 2.4.x set tcp window to 0 (fwd)

Paul Wouters paul at xelerance.com
Fri Nov 25 18:53:11 CET 2005 

It seems KLIPS changed between 2.3.x and 2.4.x, breaking compatibility with
ancient stacks. I am not sure what should be causing that, as I am not aware
of changes to KLIPS that would do this....

Paul

---------- Forwarded message ----------
Date: Thu, 24 Nov 2005 12:14:53 +0100
From: Marco Berizzi <pupilla at hotmail.com>
To: users at openswan.org
Subject: [Openswan Users] KLIPS 2.4.x set tcp window to 0

Hello.
I have a problem with KLIPS 2.4.4 (static compiled) on linux vanilla 2.4.4
My network schema:

nt4.0 wks ----- KLIPS 2.4.4 ----- the internet ----- KLIPS 2.05 ----- windows NT
4.0 Terminal server
                   ------------------------tunnel ipsec-----------------------

Tunnel is 3DES/IPComp.

I'm try to establish a TCP socket from my windows NT wks 4.0sp6 machine to the
windows NT 4.0 terminal server but it doesn't work. Ping packet flow: any size
(I tried with 32 and 1300 bytes.)
I see only SYN SENT. This is a tcpdump capture on the ipsec0 device on the KLIPS
2.4.4 system:

11:09:29.546831 IP (tos 0x0, ttl 127, id 32257, offset 0, flags [DF], proto: TCP
(6), length: 44) 10.1.3.1.1045 > 172.18.1.13.3389: S, cksum 0xd751 (correct),
54625:54625(0) win 8192 <mss 1460>
11:09:29.569664 IP (tos 0x0, ttl 127, id 28621, offset 0, flags [DF], proto: TCP
(6), length: 44) 172.18.1.13.3389 > 10.1.3.1.1045: S, cksum 0x7271 (correct),
1815475809:1815475809(0) ack 54626 win 8760 <mss 1460>
11:09:29.570137 IP (tos 0x0, ttl 127, id 32513, offset 0, flags [none], proto:
TCP (6), length: 40) 10.1.3.1.1045 > 172.18.1.13.3389: R, cksum 0x39a8
(correct), 54626:54626(0) win 0
11:09:32.529402 IP (tos 0x0, ttl 127, id 32769, offset 0, flags [DF], proto: TCP
(6), length: 44) 10.1.3.1.1045 > 172.18.1.13.3389: S, cksum 0xd751 (correct),
54625:54625(0) win 8192 <mss 1460>
11:09:32.551083 IP (tos 0x0, ttl 127, id 34765, offset 0, flags [DF], proto: TCP
(6), length: 44) 172.18.1.13.3389 > 10.1.3.1.1045: S, cksum 0x8e07 (correct),
1816320702:1816320702(0) ack 54626 win 8760 <mss 1460>
11:09:32.551457 IP (tos 0x0, ttl 127, id 33025, offset 0, flags [none], proto:
TCP (6), length: 40) 10.1.3.1.1045 > 172.18.1.13.3389: R, cksum 0x39a8
(correct), 54626:54626(0) win 0

As you can see tcp window is set to 0. This happens with KLIPS 2.4.4
This problem does not happen with KLIPS 2.3.1. This is the tcpdump caputure
(KLIPS 2.3.1):

11:26:25.137331 IP (tos 0x0, ttl 127, id 21250, offset 0, flags [DF], proto: TCP
(6), length: 44) 10.1.3.1.1049 > 172.18.1.13.3389: S, cksum 0xd729 (correct),
54661:54661(0) win 8192 <mss 1460>
11:26:25.158408 IP (tos 0x0, ttl 127, id 59353, offset 0, flags [DF], proto: TCP
(6), length: 44) 172.18.1.13.3389 > 10.1.3.1.1049: S, cksum 0x7c43 (correct),
2077547720:2077547720(0) ack 54662 win 8760 <mss 1460>
11:26:25.158831 IP (tos 0x0, ttl 127, id 21506, offset 0, flags [DF], proto: TCP
(6), length: 40) 10.1.3.1.1049 > 172.18.1.13.3389: ., cksum 0x9400 (correct),
ack 1 win 8760
11:26:25.159583 IP (tos 0x0, ttl 127, id 21762, offset 0, flags [DF], proto: TCP
(6), length: 51) 10.1.3.1.1049 > 172.18.1.13.3389: P, cksum 0x8a02 (correct),
1:12(11) ack 1 win 8760
11:26:25.200239 IP (tos 0x0, ttl 127, id 59609, offset 0, flags [DF], proto: TCP
(6), length: 51) 172.18.1.13.3389 > 10.1.3.1.1049: P, cksum 0x77de (correct),
1:12(11) ack 12 win 8749
11:26:25.200893 IP (tos 0x0, ttl 127, id 22018, offset 0, flags [DF], proto: TCP
(6), length: 316) 10.1.3.1.1049 > 172.18.1.13.3389: P 12:288(276) ack 12 win
8749
11:26:25.256395 IP (tos 0x0, ttl 127, id 59865, offset 0, flags [DF], proto: TCP
(6), length: 365) 172.18.1.13.3389 > 10.1.3.1.1049: P 12:337(325) ack 288 win
8473
11:26:25.257150 IP (tos 0x0, ttl 127, id 22274, offset 0, flags [DF], proto: TCP
(6), length: 52) 10.1.3.1.1049 > 172.18.1.13.3389: P, cksum 0x0acd (correct),
288:300(12) ack 337 win 8424
11:26:25.257352 IP (tos 0x0, ttl 127, id 22530, offset 0, flags [DF], proto: TCP
(6), length: 48) 10.1.3.1.1049 > 172.18.1.13.3389: P, cksum 0x0ca5 (correct),
300:308(8) ack 337 win 8424
11:26:25.291194 IP (tos 0x0, ttl 127, id 60121, offset 0, flags [DF], proto: TCP
(6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1049: ., cksum 0x92b0 (correct),
ack 308 win 8453
11:26:25.291703 IP (tos 0x0, ttl 127, id 60377, offset 0, flags [DF], proto: TCP
(6), length: 51) 172.18.1.13.3389 > 10.1.3.1.1049: P, cksum 0x0974 (correct),
337:348(11) ack 308 win 8453
11:26:25.292251 IP (tos 0x0, ttl 127, id 22786, offset 0, flags [DF], proto: TCP
(6), length: 52) 10.1.3.1.1049 > 172.18.1.13.3389: P, cksum 0x0896 (correct),
308:320(12) ack 348 win 8413
11:26:25.314487 IP (tos 0x0, ttl 127, id 60633, offset 0, flags [DF], proto: TCP
(6), length: 55) 172.18.1.13.3389 > 10.1.3.1.1049: P, cksum 0x3149 (correct),
348:363(15) ack 320 win 8441
11:26:25.315054 IP (tos 0x0, ttl 127, id 23042, offset 0, flags [DF], proto: TCP
(6), length: 52) 10.1.3.1.1049 > 172.18.1.13.3389: P, cksum 0x088b (correct),
320:332(12) ack 363 win 8398
11:26:25.338551 IP (tos 0x0, ttl 127, id 60889, offset 0, flags [DF], proto: TCP
(6), length: 55) 172.18.1.13.3389 > 10.1.3.1.1049: P, cksum 0x333a (correct),
363:378(15) ack 332 win 8429
11:26:25.342732 IP (tos 0x0, ttl 127, id 23298, offset 0, flags [DF], proto: TCP
(6), length: 134) 10.1.3.1.1049 > 172.18.1.13.3389: P 332:426(94) ack 378 win
8383
11:26:25.343413 IP (tos 0x0, ttl 127, id 23554, offset 0, flags [DF], proto: TCP
(6), length: 126) 10.1.3.1.1049 > 172.18.1.13.3389: P 426:512(86) ack 378 win
8383
11:26:25.368572 IP (tos 0x0, ttl 127, id 61145, offset 0, flags [DF], proto: TCP
(6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1049: ., cksum 0x9287 (correct),
ack 512 win 8249
11:26:25.390593 IP (tos 0x0, ttl 127, id 61401, offset 0, flags [DF], proto: TCP
(6), length: 377) 172.18.1.13.3389 > 10.1.3.1.1049: P 378:715(337) ack 512 win
8249
11:26:25.407587 IP (tos 0x0, ttl 127, id 23810, offset 0, flags [DF], proto: TCP
(6), length: 207) 10.1.3.1.1049 > 172.18.1.13.3389: P 512:679(167) ack 715 win
8046
11:26:25.453308 IP (tos 0x0, ttl 127, id 61657, offset 0, flags [DF], proto: TCP
(6), length: 74) 172.18.1.13.3389 > 10.1.3.1.1049: P, cksum 0xf642 (correct),
715:749(34) ack 679 win 8082
11:26:25.513813 IP (tos 0x0, ttl 127, id 61913, offset 0, flags [DF], proto: TCP
(6), length: 337) 172.18.1.13.3389 > 10.1.3.1.1049: P 749:1046(297) ack 679 win
8082

Running Windows XPsp2 instead of windows NT 4.0sp6 "resolve" the problem (with
KLIPS 2.4.4)
Here is the tcpdump capture (KLIPS 2.4.4):

11:42:20.575811 IP (tos 0x0, ttl 127, id 150, offset 0, flags [none], proto: TCP
(6), length: 48) 10.1.3.1.1047 > 172.18.1.13.3389: S, cksum 0x0b2a (correct),
1463375375:1463375375(0) win 65535 <mss 1260,nop,nop,sackOK>
11:42:20.598786 IP (tos 0x0, ttl 127, id 8283, offset 0, flags [DF], proto: TCP
(6), length: 44) 172.18.1.13.3389 > 10.1.3.1.1047: S, cksum 0xb890 (correct),
2324347336:2324347336(0) ack 1463375376 win 8820 <mss 1460>
11:42:20.599256 IP (tos 0x0, ttl 127, id 151, offset 0, flags [none], proto: TCP
(6), length: 40) 10.1.3.1.1047 > 172.18.1.13.3389: ., cksum 0xf2c1 (correct),
ack 1 win 65535
11:42:20.599639 IP (tos 0x0, ttl 127, id 152, offset 0, flags [none], proto: TCP
(6), length: 79) 10.1.3.1.1047 > 172.18.1.13.3389: P, cksum 0xae81 (correct),
1:40(39) ack 1 win 65535
11:42:20.627847 IP (tos 0x0, ttl 127, id 8539, offset 0, flags [DF], proto: TCP
(6), length: 51) 172.18.1.13.3389 > 10.1.3.1.1047: P, cksum 0xb42b (correct),
1:12(11) ack 40 win 8781
11:42:20.628366 IP (tos 0x0, ttl 127, id 153, offset 0, flags [none], proto: TCP
(6), length: 128) 10.1.3.1.1047 > 172.18.1.13.3389: . 40:128(88) ack 12 win
65524
11:42:20.628655 IP (tos 0x0, ttl 127, id 154, offset 0, flags [none], proto: TCP
(6), length: 128) 10.1.3.1.1047 > 172.18.1.13.3389: . 128:216(88) ack 12 win
65524
11:42:20.628874 IP (tos 0x0, ttl 127, id 155, offset 0, flags [none], proto: TCP
(6), length: 128) 10.1.3.1.1047 > 172.18.1.13.3389: . 216:304(88) ack 12 win
65524
11:42:20.656918 IP (tos 0x0, ttl 127, id 8795, offset 0, flags [DF], proto: TCP
(6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1047: ., cksum 0xd042 (correct),
ack 216 win 8605
11:42:20.657328 IP (tos 0x0, ttl 127, id 156, offset 0, flags [none], proto: TCP
(6), length: 128) 10.1.3.1.1047 > 172.18.1.13.3389: . 304:392(88) ack 12 win
65524
11:42:20.657571 IP (tos 0x0, ttl 127, id 157, offset 0, flags [none], proto: TCP
(6), length: 100) 10.1.3.1.1047 > 172.18.1.13.3389: P 392:452(60) ack 12 win
65524
11:42:20.680498 IP (tos 0x0, ttl 127, id 9051, offset 0, flags [DF], proto: TCP
(6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1047: ., cksum 0xd042 (correct),
ack 392 win 8429
11:42:20.700238 IP (tos 0x0, ttl 127, id 9307, offset 0, flags [DF], proto: TCP
(6), length: 365) 172.18.1.13.3389 > 10.1.3.1.1047: P 12:337(325) ack 452 win
8369
11:42:20.700825 IP (tos 0x0, ttl 127, id 158, offset 0, flags [none], proto: TCP
(6), length: 52) 10.1.3.1.1047 > 172.18.1.13.3389: P, cksum 0x679a (correct),
452:464(12) ack 337 win 65535
11:42:20.701029 IP (tos 0x0, ttl 127, id 159, offset 0, flags [none], proto: TCP
(6), length: 48) 10.1.3.1.1047 > 172.18.1.13.3389: P, cksum 0x6972 (correct),
464:472(8) ack 337 win 65535
11:42:20.722763 IP (tos 0x0, ttl 127, id 9563, offset 0, flags [DF], proto: TCP
(6), length: 40) 172.18.1.13.3389 > 10.1.3.1.1047: ., cksum 0xcefd (correct),
ack 472 win 8349
11:42:20.723360 IP (tos 0x0, ttl 127, id 9819, offset 0, flags [DF], proto: TCP
(6), length: 51) 172.18.1.13.3389 > 10.1.3.1.1047: P, cksum 0x45c1 (correct),
337:348(11) ack 472 win 8349
11:42:20.723755 IP (tos 0x0, ttl 127, id 160, offset 0, flags [none], proto: TCP
(6), length: 52) 10.1.3.1.1047 > 172.18.1.13.3389: P, cksum 0x6563 (correct),
472:484(12) ack 348 win 65524
11:42:20.746448 IP (tos 0x0, ttl 127, id 10075, offset 0, flags [DF], proto: TCP
(6), length: 55) 172.18.1.13.3389 > 10.1.3.1.1047: P, cksum 0x6d96 (correct),
348:363(15) ack 484 win 8337
11:42:20.747029 IP (tos 0x0, ttl 127, id 161, offset 0, flags [none], proto: TCP
(6), length: 52) 10.1.3.1.1047 > 172.18.1.13.3389: P, cksum 0x6558 (correct),
484:496(12) ack 363 win 65509
11:42:20.768097 IP (tos 0x0, ttl 127, id 10331, offset 0, flags [DF], proto: TCP
(6), length: 55) 172.18.1.13.3389 > 10.1.3.1.1047: P, cksum 0x6f87 (correct),
363:378(15) ack 496 win 8325
11:42:20.769291 IP (tos 0x0, ttl 127, id 162, offset 0, flags [none], proto: TCP
(6), length: 128) 10.1.3.1.1047 > 172.18.1.13.3389: . 496:584(88) ack 378 win
65494

Any feedback are welcome.


_______________________________________________
Users mailing list
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users

More information about the Dev mailing list