Different behaviours btw Ubuntu & CentOS loopback interfaces

Issues related to configuring your network
Post Reply
ltedev
Posts: 1
Joined: 2014/07/28 18:41:28

Different behaviours btw Ubuntu & CentOS loopback interfaces

Post by ltedev » 2014/07/28 18:57:00

Hi All,
I have a small program that creates a raw socket and sends a packet over the socket. This is what the program looks like (or its usage):

Code: Select all

$> ./tcp4 lo 127.0.0.214 127.0.0.194
What is doing by this program is as follows:
  • create a raw socket and bind the socket to the interface "lo" (loopback);
  • compose a TCP packet with src ip 127.0.0.214 and dst ip 127.0.0.194;
  • sends the TCP packet to 127.0.0.194
The source code is based on the example tcp4.c here: http://www.pdbuchan.com/rawsock/rawsock.html. I made some small modifications based on the source code.

Since the packet is a TCP SYN with a dst port which is not opened in my computer, the OS will respond an RST/ACK packet. Now it is the response packet that confuses me. When I ran the same program respectively on Ubuntu 14.04 and Centos 6.4, I observed that, in the RST/ACK packet,
1) On Ubuntu 14.04, the src ip and the dst ip are 127.0.0.194 and 127.0.0.214 respectively, as shown in figure 1.
2) On CentoS 6.4, the src ip and the dst ip are both 127.0.0.194, as shown in figure 2. It seems the OS didn't use as the dst ip the SYN packet's src ip, which is sent by my program.

Is it possible to make CentoS behave like Ubuntu 14.04? I mean, I want CeontOS to use the SYN packet's src ip as the RST/ACK packet's dst ip, and not ot modify it.
figure 1
figure 1
figure1.png (64.65 KiB) Viewed 943 times
figure 2
figure 2
figure2.png (45.17 KiB) Viewed 943 times
Thanks,

Don
Posts: 13
Joined: 2014/07/16 02:00:48
Location: West Lafayette, IN, USA

Re: Different behaviours btw Ubuntu & CentOS loopback interf

Post by Don » 2014/07/29 04:20:44

Interesting. I get the same thing under CentOS 6.5. It "seems" to be using the wrong IP… That looks like a bug to me… but it depends on what the RFCs say. Typically when using the lo interface you are just using the 127.0.0.1 address. IPv6 on has one loopback address… ::1. It's not a whole range like IPv4.

Under CentOS 7.0 I get the following:

Code: Select all

[root@centos7gui ~]# tcpdump -ni lo
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
00:17:30.383304 IP 127.0.0.214.60 > 127.0.0.194.http: Flags [S], seq 0, win 65535, length 0
00:17:30.383328 IP 127.0.0.194.http > 127.0.0.214.60: Flags [R.], seq 0, ack 1, win 0, length 0
That is the behavior we expect.

For what it's worth, I get the following tcpdump under CentOS 6.5 with a stock httpd running, listening on 0.0.0.0:80

Code: Select all

[root@www ~]# tcpdump -ni lo
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
23:43:50.221098 IP 127.0.0.214.60 > 127.0.0.194.http: Flags [S], seq 0, win 65535, length 0
23:43:50.221130 IP 127.0.0.194.http > 127.0.0.214.60: Flags [S.], seq 2326454597, ack 1, win 32792, options [mss 16396], length 0
23:43:50.221146 IP 127.0.0.214.60 > 127.0.0.194.http: Flags [R], seq 1, win 0, length 0
In this case the OS tries to accept the connection here and uses the correct IP.

--Don

Post Reply

Return to “CentOS 6 - Networking Support”