Stephen Hemminger <step...@networkplumber.org> wrote: > Date: Tue, 15 Jan 2019 16:18:13 +0000 > From: bugzilla-dae...@bugzilla.kernel.org > To: step...@networkplumber.org > Subject: [Bug 202287] New: netfilter/iptales prevents Tor Browser from > closing cleanly > > https://bugzilla.kernel.org/show_bug.cgi?id=202287 > Created attachment 280501 > --> https://bugzilla.kernel.org/attachment.cgi?id=280501&action=edit > Tpr Browser and kernels run log > > Since kernel 4.20 there is a problem with Tor Browser (TB) on close. > The last good kernel was 4.19.12 . > - INVALID messages (ACK FIN and ACK PSH FIN) cought in OUTPUT chain of > iptables, > on lo interface, and logged to system log/journal. > -A OUTPUT -m conntrack --ctstate INVALID -j loginv
Can't reproduce this so far: :INPUT ACCEPT [225785:239821136] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [189532:100424913] [0:0] -A INPUT -i lo -m conntrack --ctstate INVALID [0:0] -A OUTPUT -o lo -m conntrack --ctstate INVALID this is with a different setup, do not know what TB might be doing differently. Can you do modprobe nf_log_ipv4 sysctl 'net.netfilter.nf_log.2=nf_log_ipv4' sysctl 'net.netfilter.nf_conntrack_log_invalid=6' and see what that might turn up for those 'invalid' packets? (should appear in dmesg/system log/journal).
