Ubuntu
linux package

net.ipv4.tcp_syncookies is a unknown key (CONFIG_SYN_COOKIES=y missing in ARMEL build config)

Bug #346378 reported by Andy Rogers
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Low
Amit Kucheria
Ubuntu ubuntu-9.04
Jaunty
Fix Released
Low
Amit Kucheria
Ubuntu ubuntu-9.04

Bug Description

Binary package hint: procps

Since net.ipv4.tcp_syncookies was enabled as default in procps 3.2.7-11ubuntu1 18/03/2009 i have been getting a message of when procps is restarted, which is :-

 * Setting kernel variables (/etc/sysctl.conf)... [ OK ]
 * Setting kernel variables (/etc/sysctl.d/10-console-messages.conf)... [ OK ]
 * Setting kernel variables (/etc/sysctl.d/10-network-security.conf)...
 error: "net.ipv4.tcp_syncookies" is an unknown key
                                                                         [fail]

I am on the latest kernel of 2.6.28-11.36

This is the contents of my 10-network-security.conf

# prevent some spoofing attacks.
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1

# Turn on SYN-flood protections. Starting with 2.6.26, there is no loss
# of TCP functionality/features under normal conditions. When flood
# protections kick in under high unanswered-SYN load, the system
# should remain more stable, with a trade off of some loss of TCP
# functionality/features (e.g. TCP Window scaling).
net.ipv4.tcp_syncookies=1

This is also a possible occurance from enabling it by default when it was originally came from bug 50791 https://launchpad.net/bugs/57091 .

See original description
Revision history for this message
Andy Rogers (andy-rogers) wrote :
Andy Rogers (andy-rogers)
description: updated
Andy Rogers (andy-rogers)
Changed in procps:
assignee: nobody → kees
Revision history for this message
Kees Cook (kees) wrote :

Is CONFIG_SYN_COOKIES=y missing in the ARM build?

Changed in procps:
assignee: kees → nobody
status: New → Incomplete
Revision history for this message
Andy Rogers (andy-rogers) wrote : Re: net.ipv4.tcp_syncookies is a unknown key (CONFIG_SYN_COOKIES=y missing in build?)

Kees

How do I find out if this is missing in the ARM build?

Who should I pass this onto about this?

Thanks

Andy

Andy Rogers (andy-rogers)
Changed in linux:
status: Incomplete → Confirmed
Revision history for this message
Andy Rogers (andy-rogers) wrote :

It looks this CONFIG_SYN_COOKIES is not included in the kernel build for Armel, also effecting
mv78xx0, iop32x, versatile, imx51, ixp4xx builds is seems.

According to https://launchpad.net/ubuntu/jaunty/+source/linux/2.6.28-11.36/+files/linux_2.6.28-11.36.diff.gz it contains the following in the config options:-

+# CONFIG_SYN_COOKIES is not set
 when under i386, amd64 this is CONFIG_SYN_COOKIES=y

Should this also be included in the Armel builds?

Revision history for this message
Kees Cook (kees) wrote : Re: [Bug 346378] Re: net.ipv4.tcp_syncookies is a unknown key (CONFIG_SYN_COOKIES=y missing in build?)

grep CONFIG_SYS_COOKIES /boot/config-*

That should tell you how the installed kernels have been configured. The
kernel team should be able to help (they are already subscribed).

Revision history for this message
Andy Rogers (andy-rogers) wrote :

Attached is my boot/config-2.6.28-11-ixp4xx file

Changed in linux:
assignee: nobody → ubuntu-kernel-team
Andy Rogers (andy-rogers)
Changed in linux (Ubuntu):
assignee: ubuntu-kernel-team → timg-tpi
Amit Kucheria (amitk)
tags: added: arm
Revision history for this message
Amit Kucheria (amitk) wrote :

Please refrain from assigning the bug to specific kernel developers directly. We have a triage process through which they are assigned to developers.

Changed in linux (Ubuntu):
assignee: timg-tpi → amitk
status: Confirmed → In Progress
Revision history for this message
Tim Gardner (timg-tpi) wrote :

http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=commit;h=7314100905a183295ec6713565cbd3db3c76f857

Changed in linux (Ubuntu Jaunty):
importance: Undecided → Low
milestone: none → ubuntu-9.04
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.28-11.41

---------------
linux (2.6.28-11.41) jaunty; urgency=low

  [ Amit Kucheria ]

  * ixp4xx: Enabled TCP SYN_COOKIES
    - LP: #346378

  [ Brad Figg ]

  * Change LPIA configuration to compile with CONFIG_NETFILTER_XT_MATCH_RECENT
    - LP: #355291

  [ Kay Sievers ]

  * SAUCE: driver core: allow non-root users to listen to uevents
    - LP: #357124

  [ Manoj Iyer ]

  * SAUCE: Added quirk to recognize GE0301 3G modem as an interface.
    - LP: #348861

  [ Tim Gardner ]

  * Revert "SAUCE: [i915] allocate MCHBAR space & enable if necessary"
    Appears to cause hard locks in some cases.
    - LP: #349314

  [ Trond Myklebust ]

  * SAUCE: NFS: Fix the notifications when renaming onto an existing file
    - LP: #224642

  [ Upstream Kernel Changes ]

  * USB: option: add QUANTA HSDPA Data Card device ids
    - LP: #353321
  * hwmon: (abituguru3) Match partial DMI board name strings
    - LP: #298798
  * zd1211rw: adding Sitecom WL-603 (0df6:0036) to the USB id list
    - LP: #339631
  * USB: unusual dev for Option N.V. ZeroCD modems
    - LP: #348861

 -- Tim Gardner <email address hidden> Sat, 04 Apr 2009 08:42:14 -0600

Changed in linux (Ubuntu Jaunty):
status: Fix Committed → Fix Released
Revision history for this message
hamannp (hamann-paul) wrote :

The tutorial still links to the old kernel. Any chance there might be an updated kernel available for download somewhere?

https://wiki.ubuntu.com/ARM/RootfsFromScratch

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.