With UFW enabled, kernel reports SYN flooding
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw (Ubuntu) |
Invalid
|
Medium
|
Unassigned |
Bug Description
So, this is a fun one.
I have an Epson XP-610 multifunction scanner/
Anyway, if you have UFW disabled, it works. If you enable UFW, however it works intermittently and takes forever to start up. Checking my syslog, I find:
Oct 6 22:48:00 hiro kernel: [48176.543355] TCP: request_sock_TCP: Possible SYN flooding on port 40796. Dropping request. Check SNMP counters.
A wireshark capture shows two things:
1.) It is communicating on that port on the "lo" interface, not any real interface.
2.) There's one SYN. Not a lot. Just a single SYN. And then TCP retries. And then eventually it works. Sometimes.
Anyway, if I edit /etc/ufw/
Oct 7 20:26:18 hiro kernel: [13666.745140] TCP: request_sock_TCP: Possible SYN flooding on port 42751. Sending cookies. Check SNMP counters.
Now, to be clear, I think the syncookies is a workaround for a more serious problem. Namely, why does the kernel think it's under attack to begin with?
Anyway, I'm not certain this is really a UFW bug, but I'm starting here because UFW seems to make it worse. Feel free to reclassify as a kernel bug.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: ufw 0.35-0ubuntu2
ProcVersionSign
Uname: Linux 4.4.0-38-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: XFCE
Date: Fri Oct 7 20:20:00 2016
PackageArchitec
SourcePackage: ufw
UpgradeStatus: Upgraded to xenial on 2016-09-30 (7 days ago)
mtime.conffile.
Changed in ufw (Ubuntu): | |
importance: | Undecided → Medium |
Oh, relevant tickets from UFW and procps: /bugs.launchpad .net/ubuntu/ +source/ procps/ +bug/57091 /bugs.launchpad .net/ubuntu/ +source/ ufw/+bug/ 189565
https:/
https:/