Re: Network tcp/iptables issue with XRDP

Tue, 24 Oct 2023 09:18:20 -0700 


> On 24 Oct 2023, at 16:33, Max Nikulin <maniku...@gmail.com> wrote:
> 
> On 24/10/2023 19:04, Henggi wrote:
>> - iptables on server are cleared/open (firewalld or other firewall 
>> frameworks are not used/installed).
> 
> Nowadays nft or iptables is not the only option to drop packets. Another one 
> is eBPF used e.g. by systemd.
> 
> I have the following link in my notes, but I have not tried the suggested tool
> 
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_and_managing_networking/capturing-network-packets_configuring-and-managing-networking
> 
> 44.1. Using xdpdump to capture network packets including packets dropped by 
> XDP programs
> 



Thanks… but xdpdump shows the same as tcpdump did before… which is printing all 
the tcp syn (seq) requests but NO tcp-ack (confirming tcp connection) going 
back from xrdp to client…

root@server:~# xdpdump -i eth0 -w - | tcpdump -r - port not 22 and host 
192.168.178.62
WARNING: Specified interface does not have an XDP program loaded,
         capturing in legacy mode!
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
reading from file -, link-type EN10MB (Ethernet), snapshot length 262144
17:49:41.215494 IP client.53915 > server.ms-wbt-server: Flags [S], seq 
589092217, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4267962705 
ecr 0,sackOK,eol], length 0
17:49:41.316585 IP client.53915 > server.ms-wbt-server: Flags [S], seq 
589092217, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4267962806 
ecr 0,sackOK,eol], length 0
17:49:41.417424 IP client.53915 > server.ms-wbt-server: Flags [S], seq 
589092217, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4267962907 
ecr 0,sackOK,eol], length 0
17:49:41.517658 IP client.53915 > server.ms-wbt-server: Flags [S], seq 
589092217, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4267963008 
ecr 0,sackOK,eol], length 0
17:49:41.618765 IP client.53915 > server.ms-wbt-server: Flags [S], seq 
589092217, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4267963109 
ecr 0,sackOK,eol], length 0
17:49:41.719768 IP client.53915 > server.ms-wbt-server: Flags [S], seq 
589092217, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4267963210 
ecr 0,sackOK,eol], length 0
17:49:41.920573 IP client.53915 > server.ms-wbt-server: Flags [S], seq 
589092217, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4267963410 
ecr 0,sackOK,eol], length 0
17:49:42.319819 IP client.53915 > server.ms-wbt-server: Flags [S], seq 
589092217, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4267963810 
ecr 0,sackOK,eol], length 0
17:49:43.120533 IP client.53915 > server.ms-wbt-server: Flags [S], seq 
589092217, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4267964610 
ecr 0,sackOK,eol], length 0
17:49:44.720237 IP client.53915 > server.ms-wbt-server: Flags [S], seq 
589092217, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4267966210 
ecr 0,sackOK,eol], length 0
17:49:47.921455 IP client.53915 > server.ms-wbt-server: Flags [S], seq 
589092217, win 65535, options [mss 1460,sackOK,eol], length 0
^C
74 packets captured
0 packets dropped by kernel



…while doing the same test from localhost (via „lo“ interface) shows tcp syn + 
ack correctly as expected:

root@server:~# xdpdump -i lo -w - | tcpdump -r - port 3389
WARNING: Specified interface does not have an XDP program loaded,
         capturing in legacy mode!
listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
reading from file -, link-type EN10MB (Ethernet), snapshot length 262144
17:57:51.931307 IP server.33514 > server.ms-wbt-server: Flags [S], seq 
2728692331, win 65495, options [mss 65495,sackOK,TS val 712510363 ecr 
0,nop,wscale 7], length 0
17:57:51.931365 IP server.ms-wbt-server > server.33514: Flags [S.], seq 
2692007133, ack 2728692332, win 65483, options [mss 65495,sackOK,TS val 
712510363 ecr 712510363,nop,wscale 7], length 0
17:57:51.931419 IP server.33514 > server.ms-wbt-server: Flags [.], ack 1, win 
512, options [nop,nop,TS val 712510363 ecr 712510363], length 0
17:57:51.931734 IP server.33514 > server.ms-wbt-server: Flags [F.], seq 1, ack 
1, win 512, options [nop,nop,TS val 712510363 ecr 712510363], length 0
17:57:51.933177 IP server.ms-wbt-server > server.33514: Flags [.], ack 2, win 
512, options [nop,nop,TS val 712510365 ecr 712510363], length 0
17:57:51.935228 IP server.ms-wbt-server > server.33514: Flags [F.], seq 1, ack 
2, win 512, options [nop,nop,TS val 712510367 ecr 712510363], length 0
17:57:51.935287 IP server.33514 > server.ms-wbt-server: Flags [.], ack 2, win 
512, options [nop,nop,TS val 712510367 ecr 712510367], length 0
^C
7 packets captured
0 packets dropped by kernel

Reply via email to