aMule Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

We're back! (IN POG FORM)

Author Topic: TCP Treason  (Read 3552 times)

GilesBathgate

  • Approved Newbie
  • *
  • Karma: 2
  • Offline Offline
  • Posts: 10
TCP Treason
« on: May 20, 2009, 02:46:56 PM »
I have noticed lots of lines like this in my system log.

Code: [Select]
[330896.844059] TCP: Treason uncloaked! Peer 217.235.66.247:37253/39253 shrinks window 199201847:199203878. Repaired.
[330905.932056] TCP: Treason uncloaked! Peer 217.235.66.247:37253/39253 shrinks window 199201847:199203878. Repaired.
[330924.108063] TCP: Treason uncloaked! Peer 217.235.66.247:37253/39253 shrinks window 199201847:199203878. Repaired.

It only occours whilst running amule.

I am currently using amule (2.2.4)

What is it? Is it normal? Is it a bug?

I don't like it so I wrote this script that generates ipfilter.dat based on messages found in kern.log

Code: [Select]
#!/bin/sh

grep "reason" /var/log/kern.log | sed "s/.*Peer \(.*\):.*shrinks window.*:.*/\1/" | sort -n | uniq | while read line
do
echo "$line - $line, 000, \"TCP Treason\""
done
« Last Edit: May 20, 2009, 02:49:22 PM by GilesBathgate »
Logged

gav616

  • Guest
Re: TCP Treason
« Reply #1 on: May 20, 2009, 03:26:56 PM »
sorry but, don't they have google were you come from? first result!!

as for the script, you could place all the IP's that needed to be repaired into amules 'ipfilter_static.dat'

but why make a ban script if you don't even know what the outputs are ?
so i've come to the conclusion that you do actually know, but just what to promote a ban script.
« Last Edit: May 20, 2009, 03:40:37 PM by gav616 »
Logged

Kry

  • Ex-developer
  • Retired admin
  • Hero Member
  • *****
  • Karma: -665
  • Offline Offline
  • Posts: 5795
Re: TCP Treason
« Reply #2 on: May 20, 2009, 06:02:37 PM »
This is good reading:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2ad41065d9fe518759b695fc2640cf9c07261dd2

But yeah, some googling before asking kernel questions here would be a good idea.
Logged

gav616

  • Guest
Re: TCP Treason
« Reply #3 on: May 20, 2009, 09:08:07 PM »
i think its a good idea adding such a cron script to add Treason IP's to 'ipfilter_static.dat'
Logged

Kry

  • Ex-developer
  • Retired admin
  • Hero Member
  • *****
  • Karma: -665
  • Offline Offline
  • Posts: 5795
Re: TCP Treason
« Reply #4 on: May 20, 2009, 09:59:14 PM »
You can't be serious.
Logged

GilesBathgate

  • Approved Newbie
  • *
  • Karma: 2
  • Offline Offline
  • Posts: 10
Re: TCP Treason
« Reply #5 on: May 21, 2009, 04:26:41 PM »
Yes we do have google as a matter of fact, and yes I did google this before blindly posting to the forum.

However I can see how you might have thought that I hadn't even bothered to look since i didn't metntion in my original post that:


While I understand how those messages can appear in my kernel log, I was actually interested in how they related to usage of amule specifically.

Is it because:

1) Amule/emule clients typically reduce their window size as a part of normal bandwidth throttling operations.
2) These are spurious packets sent by evil-doers scanning ports on any computer.
3) Something else.

I also searched through the forum to see if anyone else had asked about this, and thought this thread could be a good place to dispell any myths for future users with similar confusion.

Quote from: Kry on May 20, 2009, 06:02:37 PM
This is good reading:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2ad41065d9fe518759b695fc2640cf9c07261dd2

But yeah, some googling before asking kernel questions here would be a good idea.

I believe this bug was fixed in 2.6.14. I am  running  on 2.6.26
« Last Edit: May 21, 2009, 04:52:34 PM by GilesBathgate »
Logged

gav616

  • Guest
Re: TCP Treason
« Reply #6 on: May 21, 2009, 06:03:05 PM »
Quote from: Kry on May 20, 2009, 09:59:14 PM
You can't be serious.

;)

@GilesBathgate

ah
Logged