环境
- Red Hat Enterprise Linux
问题
- Found following logs in var/log/messages file.
Oct 6 21:01:05 mplttaxsx101 kernel: tcp_parse_options: Illegal window scaling value 15 >14 received.
Oct 6 21:01:05 mplttaxsx101 kernel: tcp_parse_options: Illegal window scaling value 15 >14 received.
Oct 7 10:57:22 mplttaxsx101 kernel: tcp_parse_options: Illegal window scaling value 15 >14 received.
Oct 7 10:57:23 mplttaxsx101 kernel: tcp_parse_options: Illegal window scaling value 15 >14 received.
决议
-
This is caused if the system is receiving a packet with a Window Scale TCP option value greater than 14, in this case it appears to be 15. The problem seems with the remote host. Note that the connection is still accepted, the system just uses 14 for the scale value.
-
We can use tcpdump to capture a packet trace to identify the host sending the packets.
根源
-
The TCP window scale is defined to be at most 14 in RFC1323:
/* Maximal number of window scale according to RFC1323 */ #define TCP_MAX_WSCALE 14U
-
In
tcp_parse_options
this option is parsed and tested for the needed conditions. If the scale factor is higher than the max scale and all other conditions match, the system outputs the message, sets the scale factor to the maximal scale factor, and accepts the option.void tcp_parse_options(const struct net *net, const struct sk_buff *skb, struct tcp_options_received *opt_rx, int estab, struct tcp_fastopen_cookie *foc) { ... case TCPOPT_WINDOW: if (opsize == TCPOLEN_WINDOW && th->syn && !estab && net->ipv4.sysctl_tcp_window_scaling) { __u8 snd_wscale = *(__u8 *)ptr; opt_rx->wscale_ok = 1; if (snd_wscale > TCP_MAX_WSCALE) { net_info_ratelimited("%s: Illegal window scaling value %d > %u received\n", __func__, snd_wscale, TCP_MAX_WSCALE); snd_wscale = TCP_MAX_WSCALE; } opt_rx->snd_wscale = snd_wscale; } break; ...
-
The system may or may not accept the connection depending on other factors.