[Planetlab-users] Suppressing RST from kernel for packets sent over raw sockets

Sapan Bhatia sapanb at CS.Princeton.EDU
Mon Feb 2 11:17:50 EST 2009 

Hi Malveeka,

Currently, TCP RST packets cannot be suppressed through RAW sockets.
However, this is a feature that has been brought up a few times recently, so
we might build support for it soon.

Sapan

On Mon, Feb 2, 2009 at 10:59 AM, Malveeka Tewari <mtewari at mpi-sws.mpg.de>wrote:

> Hi
>
> We are trying to use raw sockets on PL nodes.
> Our application sends out TCP-SYN packets through raw socket (bound to a
> particular port) and expects a response from the destination IP.
>
> When the SYN-ACK response comes it is read through the raw socket but the
> PL node kernel seeing an unexpected SYN-ACK response sends a RST packet to
> the destination IP and as a result the connection is closed.
>
> Is there a way that such RST packets sent by the kernel can be suppressed?
>
> The PL doc says that PL kernel should not actually send the RST packets
> but this is contrary to what we observed.
> http://www.planet-lab.org/doc/vnet#id267659
>
> We also tried binding a regular TCP SOCK_STREAM socket to the port instead
> of binding raw the socket hoping it would set up state in the kernel to
> accept the SYN-ACK packets but since there was no connection
> establishment, the RSTs were still sent by the kernel.
>
> http://lists.planet-lab.org/pipermail/users/2008-November/003037.html
> The above post indicates that safe raw sockets  are no longer supported
> but we could drop the RST packets using iptables. But the iptables do not
> seem to be usable on PL nodes.  We get an error as follows.
>
> $sudo /sbin/iptables -L
> FATAL: Could not load
> /lib/modules/2.6.22.19-vs2.3.0.34.28.planetlab/modules.dep: No such file
> or directory
> iptables v1.4.1.1: can't initialize iptables table `filter': Permission
> denied (you must be root)
> Perhaps iptables or your kernel needs to be upgraded.
>
> Could anyone give us some ideas how to use iptables for this purpose or
> some other possible solution.
>
> Thanks!
> Malveeka
>
>
> _______________________________________________
> Users mailing list: Users at lists.planet-lab.org
> https://lists.planet-lab.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.planet-lab.org/pipermail/users/attachments/20090202/d460cc4f/attachment-0001.html

More information about the Users mailing list