Hi,
When we play stream from OpenWebif from network dmesg inform that is tcp flood:
TCP: request_sock_TCP: Possible SYN flooding on port 8001. Sending cookies. Check SNMP counters.
Its posible to fix this bug?
Thanks!
Posted 17 February 2019 - 15:01
It is not a bug, it is the kernel's response to a high volume of TCP SYN packets, and happens when the client doesn't keep a connection open to fetch the next data, but constantly creates new connections.
Because it happens is rapid succession, the kernel perpares itself for a possible SYN flood attack (which never happens, a normal client would always complete the SYN,SYN-ACK,ACK handshake.
So it's a sign of a lousy client. Just ran 10 minutes of stream to VLC, only one SYN packet, to start the connection.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Posted 17 February 2019 - 20:48
Hi,
Thanks for reply.
I try several boxes on all (mutant hd51) same problem. When i start stream from vlc one line i dmesg with flood is added. After that we can close vlc and start again more flood messages does not apear, only first time after reboot openpli think that flood arive from VLC. tcpdump does show any flood, only two lines of sync is added:
Before flood message:
.....
It is not a bug, it is the kernel's response to a high volume of TCP SYN packets, and happens when the client doesn't keep a connection open to fetch the next data, but constantly creates new connections.
Because it happens is rapid succession, the kernel perpares itself for a possible SYN flood attack (which never happens, a normal client would always complete the SYN,SYN-ACK,ACK handshake.
So it's a sign of a lousy client. Just ran 10 minutes of stream to VLC, only one SYN packet, to start the connection.
Posted 17 February 2019 - 22:26
I think its openpli bug, something wrong with enigma2 process. I think some kernel limits must be rised.
What part of "it is not a bug" did you miss?
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Posted 17 February 2019 - 22:39
Hi,
" it is the kernel's response to a high volume of TCP SYN packets" But i do not see with tcpdump high volumes of tcp syn? Why dmesg error is displayed? You can try to play stream from web you will see one line of flood will be registered to dmesg. Did you sure its correct?
Posted 18 February 2019 - 13:04
The HD51 runs kernel 4.10.12, and so do 20 other boxes we make images for (all mutants, all zgemma's, the axas, the vimastecs). It is quite a recent kernel, I doubt it has bugs in something as established as syn flood protection.
We don't inject any custom sysctl tuning commands. You can check the current kernel values in /proc/sys/net/ipv4/tcp_*. Interestingly, on my Duo4K I seem to miss the tcp_syncookies setting, but an Amiko (which runs 4.10.6) has got it, and it is enabled.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Posted 18 February 2019 - 16:05
Hi,
Yes i know about sysctl tunning i try change many values, but nothing helps.
Wihout net.ipv4.tcp_syncookies = 1 we cannot connect to 8001 at all.
Now current value is net.ipv4.tcp_syncookies = 1
I try modifty:
The HD51 runs kernel 4.10.12, and so do 20 other boxes we make images for (all mutants, all zgemma's, the axas, the vimastecs). It is quite a recent kernel, I doubt it has bugs in something as established as syn flood protection.
We don't inject any custom sysctl tuning commands. You can check the current kernel values in /proc/sys/net/ipv4/tcp_*. Interestingly, on my Duo4K I seem to miss the tcp_syncookies setting, but an Amiko (which runs 4.10.6) has got it, and it is enabled.
Posted 18 February 2019 - 19:31
I doubt this is causing that. If the kernel reports syn flooding (the default counters are quite low), chances are there is, and you have an issue elsewhere.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
0 members, 3 guests, 0 anonymous users