TCP packets ignored on ESTABLISHED connection

Solution Verified - Updated -

Issue

  • TCP SYN packets ignored on ESTABLISHED connection
  • When an external system is rebooted and tries to re-establish a TCP connection by re-using an existing port or tuple, the SYN packets are silently discarded. As per RFC 5961 section 4.2, RHEL should respond with a Challenge ACK.
  • TCP SYN handling changed in RHEL 6.6
  • The handling for receiving a SYN on an established socket. SYN is now discarded vs previously ACK (with current seq # of the old TCP conn from the client) would have been sent, which triggers RST from client as the sequence number is not expected.
  • The backport of upstream kernel commit c3ae62af8e755 (tcp: should drop incoming frames without ACK flag set) to the RHEL 6.6 kernel breaks RFC5961-compliant behavior for SYN packets, potentially causing problems with CLOSE_WAIT sockets.
  • tcp: Restore RFC5961-compliant behavior for SYN packets
  • The tcp connection is not closed properly and remains in LAST_ACK state
  • Solaris NFS Client cannot mount from RHEL NFS server after the client is powered off unexpectedly. Restarting the NFS Server allows the client to mount again.

Environment

  • Red Hat Enterprise Linux 6.6 with kernel-2.6.32-504.el6 to 2.6.32-504.27.el6
  • Red Hat Enterprise Linux 7.0 or 7.1 with kernel-3.10.0-123.el7 or kernel-3.10.0-229.el7 series
  • TCP port numbers reused on existing TCP session

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content