I have a problem with reaching linux hosts through my home network, and I'd be glad for someone to point me in the right direction. I have a main wifi and wired router running DHCP. All IP addresses are statically assigned in the DHCP server tied to the machines' MAC addresses. Computer A has a wired connection to the main wifi router. There is a secondary wifi router connected to the main one (via a wired link). It doesn't do NAT or DHCP, it is an access point. I notice that when computer B is connected to the main router via wifi, I can reach it using its static IP from computer A. However, when it is connected to the secondary wifi access point, then sometimes(!) I cannot, even though it gets the correct IP from the DHCP server. I remember that in these cases the error message is that no routes were found to the IP address, but I cannot reproduce it at the moment to run traceroute etc.

So, I want to use an SSH tunnel proxy _occasionally_. But I don't want to fire it up manually every time. And this is a laptop so if I just start the SSH tunnel at startup it might die of an occasional network change or sleep. I guess I could use autossh to keep it alive. But ideally I would rather just have it fire up automatically when I try to access it. I was thinking of the good old autofs principle of "mounting oт attempted access". So, have something listen on port A, check if port B is responding (it's all localhost so I don't need long timeouts), if port B is not responding, run a script. When port B is responding, just transparently tunnel the connection from fort A to port B. However, I a not very experienced at writing socket code, and on top of that I'd probably have to do it in C, as my usual scripting tool, Python, might overuse CPU if tunneling a high speed connection chunk by chunk (watching a video/downloading a big file over the proxy). Is there any ready tool for this kind of thing, or failing that a ready code sample? (I mean, it would be even better if a tool could monitor specifically for refused connections on the proxy port, without having to tunnel one port to another after starting the SSH process)

Digging into tcpdump implementation, I can see that it actually loads the libpcap.so dynamic library in userspace. However, by use of strace, I can't see any occurrence of calls to any function exported by libpcap. Is the above an expected behaviour of tcpdump? Thank you. root@eve-ng02:~# tcpdump --help tcpdump version 4.9.2 libpcap version 1.7.4 OpenSSL 1.0.2g 1 Mar 2016 Edit: from received comments I tried with ltrace but it seems no call to dynamic library is done as well. root@eve-ng02:~# ltrace tcpdump -i lo tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes ^C--- SIGINT (Interrupt) --- 0 packets captured 126 packets received by filter 98 packets dropped by kernel +++ exited (status 0) +++ root@eve-ng02:~#

I have a virtual machine (Linux) installed in my PC (Windows) and I was wondering the reachability of the IP address assigned to the virtual machine. According to ipconfig on Windows and ifconfig on Linux: for the **host machine**: - IP address is 192.168.1.208 - subnet masking is 255.255.255.0 for the **virtual machine**: - IP address is 192.168.124.130 - subnet masking is 255.255.255.0 I was wondering how to make the virtual machine a part of the LAN so that other devices on the LAN can access it. Update: The issue is resolved after I changed the VM network adapter to **Bridged**.

I made some network application. It is a client-server solution using the TCP/IP protocol. Clients connect to the server. They make several connections every second. Communication consists of units of bytes that are read and written interleaved several hundred times in each connection. And here is a problem in my application. As the connection length (in bytes) increases, communication becomes unbearably slow (one request lasts 5 seconds). I think the problem is with interleaving reading and writing of short pieces of data (about 8 bytes). My program looks like this:

fd = socket(AF_INET, SOCK_STREAM, 0);

if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (void *)&reuse, (socklen_t)sizeof(reuse)) < 0) {
	// ...
}

if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, (void *)&reuse, (socklen_t)sizeof(reuse)) < 0) {
	// ...
}

init_sockaddr(&server_addr, serverport);

if (bind(fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) < 0) {
	// ...
}

if (listen(fd, 2048) < 0) {
	// ...
}

while (1) {
	int cl_fd = accept(fd, &sockaddr_in, &sockaddr_len);

	if (read_message(cl_fd, 0, ipv4) < 0) {
		// ...
	}
}

In the read_message function, the problematic code is something like this:

if (write_uint64(fd, n) < 0) {
	// ...
}

if (write_uint64(fd, TASK_SIZE) < 0) {
	// ...
}

if (read_uint64(fd, &clid) < 0) {
	// ...
}

The write_uint64 sends 8 bytes, whereas read_uint64 receives 8 bytes. This code is typically repeated 128 times in a function for one connection. My question is why interleaving reading and writing small pieces of data slows me down so much? Is turning on TCP_NODELAY a bad idea? What should be set on the TCP/IP connection so that writes and reads do not wait? The full code is available [here](https://github.com/xbarin02/collatz/blob/master/src/server/server.c) .

I'm reading the Linux kernel implementation of the TCP/IP stack. Everything was ok till I encounter this figure
while reading TCP/IP architecture, design and implementation in Linux As you may see there the author tries to describe the interaction between VFS and the socket layer on Linux. That left me with ton of doubts: On the image it's shown a socket as a part of a file struct under a particular inode, thing is: that relationship doesn't exist anymore! (and tbh doesn't makes a ton of sense since only netlink and unix domain sockets might have inodes associated but not inet sockets isn't it?). See struct file definition; f_dentry dissapeared and while greping you can find > Documentation/filesystems/porting.rst 570: f_dentry is gone; use f_path.dentry, or, better yet, see if you can avoid it Now same struct above does have a reachable dentry (as mentioned in docs) through **f_path** field but **dentry** is described as a two purpose struct, fist for describing a directory entry and second as a file system directory cache, so even if the relationship had not disappeared (as described in picture) this does not make a lot of sense to me, why to put the socket within an object that is intended to be ephemereal, see Dcache (maybe I'm misunderstanding dentry/dcache?). Continuing looking at the code you can see socket struct definition. We can see that it still has the old **file** struct as field (makes more sense to clear VFS -> TCP/IP relationship but conserve TCP/IP -> VFS relationship in those directions for the reason above), but, question is, does it really dissapeared? I'm not seeing anything stopping for fd creation at any kind of socket, see sock_map_fd - sock_alloc_file - alloc_file_pseudo as well. Also this particular **inode** object socket->file->inode) should be existent only in memory since does not pertain to any device filesystem, but, who is its superblock?, see indode.sb . This is not entirely TCP/IP-VFS interaction exactly, but, I can get an inode either from file->f_inode or through file->f_path->d_inode , what is the relation between both inodes?. If someone can help me to understand it would be awesome folks, thanks in advance.

For testing purposes I need to create a shell script that connects with a remote IP>Port and sends a simple text TCPIP Socket message.

tshark get data from interface or pcap files. When it read data from interface, user has to write filter with -f (accortding to pcap-filter(7)) and when read from file user has to write filter with -Y (according to wireshark-filter(4)) **My scenario:** I have to read pcap files, So I have to use wireshark-filter syntax.
I have src address, dst address, src port and dst port. But I don't know type of session(TCP or UDP). wireshark syntax has the following options for port: tcp.dstport tcp.srcport udp.dstport udp.srcport tcp.port udp.port I don't know my packets are TCP or UDP, and I need to write filter according to dst port and src port. How to implement with tshark and -Y?

My ISP/AS/NAT is problematic since I think it blocks some transfer-layer protocols. I want to check whether my connection to my domain behind a CDN (e.g. cloudflare) supports HTTP/2, gRPC, QUIC or WebSocket etc. How can I do this provided that I have ssh access to server? Is there , like, a "HTTP analysis tool" for this? The way I see it, I should run a HTTPS server on remote on port 443. Then run some "benchmarking" tool on local against the remote HTTPS server. But how can I enforce a transfer-layer protocol? Sorry I don't have networking knowledge and I don't know the proper technical phrases for these. Bottom-line is **I want a tool like iperf3 to quantify the performance of different transfer-layer protocols in my connection which is behind a NAT/ISP/AS**.

I created a tcp server listening at [IP1:PORT1] and connect to it via a client using [IP2]. On both the client and server, SO_KEEPALIVE and TCP_USER_TIMEOUT are enabled with below config values. TCP_KEEPIDLE = 1 TCP_KEEPINTVL = 1 TCP_KEEPCNT = 4 TCP_USER_TIMEOUT = 5000 In the TCPdump that I captured, I see the following: 1. 3 way handshake happening between client and server in the beginning(syn-synack-ack). 2. Keepalive packets being generated from both client and server after every 1 second, and the respective peer sending the ack in response. Everything is happening as per my expectations. However now I deleted the server IP(IP1) using the below command: /sbin/ip addr del IP1 dev DEV After deleting the IP, this is what I observe in the trace: 1. Keepalive packets continue to be sent from both the entities(client and server). The server is surprisingly still sending keepalive packets, even when the underlying IP has been deleted! 2. The client is responding with acks for the keepalive packets sent by the server. 3. The server is not sending acks for any keepalive packets sent by the client. 4. After about 4 seconds, server IP(IP1) sends [RST,ACK] to the client after which no further packet exchange happens. So 2 things I didn't understand from above: 1. How come communication continued happening for some time even when the server IP was deleted? 2. Why was the server able to send Keepalive packets to the client but not able to send keepalive acks to the client? > OS: Red Hat Enterprise Linux release 8.3

I have a *number* of servers to SSH into, and some of them, being behind different NATs, may require an SSH tunnel. Right now I'm using a single VPS for that purpose. When that *number* reaches [65535 - 1023 = 64512](https://serverfault.com/questions/103626/what-is-the-maximum-port-number) , and the VPS runs out of ports to attach tunnels to, do I spin up another VPS, or do I simply attach an additional IP address to the existing VPS? In other words, is a 65535 limit set per a Linux machine, or per a network interface? [This answer](https://superuser.com/questions/251596/is-there-a-hard-limit-of-65536-open-tcp-connections-per-ip-address-on-linux) seems to say it's per an IP address in general, and per IPv4 address specifically. So does a *5-tuple* mean that introducing a new IP address will warrant a new tuple, therefore resetting the limit? And if IPv4 is the case, is it different for IPv6?

Here is how to reproduce this problem: 1. Start a listen service on port 80: nc -l 80 -k 2. Access this service using curl: curl 127.0.0.1 --interface eth0 3. Capture the packet using tcpdump both on eth0 and lo: tcpdump -i eth0 port 80 -nn -v, tcpdump -i lo port 80 -nn -v The tcpdump output shows that the SYN packet was sent from eth0 and didn't get any reply, the tcp client just retransmit SYN until reach the retransmission limits. However when I changed the destination ip to 192.168.16.4 (also a local ip which is bounded to eth0), accessing succeeded, and the tcpdump output shows that the SYN packet was sent from lo. Here is the ifconfig output:

eth0: flags=4163  mtu 1500
        inet 192.168.16.4  netmask 255.255.240.0  broadcast 192.168.31.255
        inet6 fe80::f820:20ff:fe16:588c  prefixlen 64  scopeid 0x20
        ether fa:20:20:16:58:8c  txqueuelen 1000  (Ethernet)
        RX packets 16248748  bytes 2161348902 (2.0 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 15203841  bytes 4648786129 (4.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 4832071  bytes 2872871764 (2.6 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4832071  bytes 2872871764 (2.6 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

And the route table content:

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.16.1    0.0.0.0         UG    100    0        0 eth0
169.254.169.254 192.168.16.2    255.255.255.255 UGH   100    0        0 eth0
192.168.16.0    0.0.0.0         255.255.240.0   U     100    0        0 eth0

$ ip route show table local
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1 
broadcast 192.168.16.0 dev eth0 proto kernel scope link src 192.168.16.4 
local 192.168.16.4 dev eth0 proto kernel scope host src 192.168.16.4 
broadcast 192.168.31.255 dev eth0 proto kernel scope link src 192.168.16.4

I use strace to record the systemcall log when curl, it shows that --interface eth0 option means: setsockopt(3, SOL_SOCKET, SO_BINDTODEVICE, "eth0\0", 5) I have seen the discussion in https://github.com/iputils/iputils/issues/198 (the ping -I does in the same way) and https://stackoverflow.com/questions/46036667/route-between-network-interfaces-ubuntu I'm wondering: 1. Why curl 127.0.0.1 --interface eth0 can't access the service, what happened to the SYN packet and when it's dropped? 2. Why curl 192.168.16.4 --interface eth0 is using lo interface to communicate but curl 127.0.0.1 --interface eth0 using eth0 3. What I should do if I want curl 127.0.0.1 --interface eth0 can work. ---------- **Update:** ----------- The Linux Kernel version I'm using is 4.18.0. And for curl 192.168.16.4 --interface eth0, the tcpdump -i lo output is:

$ tcpdump -i lo port 80 -nn
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
09:15:38.915880 IP 192.168.16.4.40850 > 192.168.16.4.80: Flags [S], seq 1020241664, win 43690, options [mss 65495,sackOK,TS val 2673572844 ecr 0,nop,wscale 7], length 0
09:15:38.915891 IP 192.168.16.4.80 > 192.168.16.4.40850: Flags [S.], seq 3808229193, ack 1020241665, win 43690, options [mss 65495,sackOK,TS val 2673572844 ecr 2673572844,nop,wscale 7], length 0
09:15:38.915900 IP 192.168.16.4.40850 > 192.168.16.4.80: Flags [.], ack 1, win 342, options [nop,nop,TS val 2673572844 ecr 2673572844], length 0
09:15:38.915928 IP 192.168.16.4.40850 > 192.168.16.4.80: Flags [P.], seq 1:77, ack 1, win 342, options [nop,nop,TS val 2673572844 ecr 2673572844], length 76: HTTP: GET / HTTP/1.1
09:15:38.915931 IP 192.168.16.4.80 > 192.168.16.4.40850: Flags [.], ack 77, win 342, options [nop,nop,TS val 2673572844 ecr 2673572844], length 0

I have a ubuntu machine with two interfaces (eth0 and eth1). Eth0 interface has a dhcp address and eth1 has apipa (169.254.x.x) address. eth1 is not connected and eth0 is connected to a local network. From my desktop, which is also connected to the same network, i can ping 169.254.x.x address and can do scp, etc. How this is possible? No routing is enabled.

I'm trying to connect a TCP/IP device over ethernet adapter via ethernet cable. The connection is being seen in Network Manager and I can get output of ping command at least and I can't access a built-in web page of device. I am getting error "Connection refused" for telnet command. But, this problems are not in another operating system non-linux. So, I think I should change iptables, firewall or proxy settings. What should I do to connect web page of device and device itself via its default open port that is 8003? Thanks for your help in the future. Several outputs: (the *s is added by me.) $ ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff inet 169.254.227.2/16 brd 169.254.255.255 scope link noprefixroute eth0 valid_lft forever preferred_lft forever inet6 ****:****:****:****:****/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: wlan0: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff inet 80.***.**.***/23 brd 80.***.**.255 scope global dynamic noprefixroute wlan0 valid_lft 1626sec preferred_lft 1626sec inet6 ****:****:****:****:****/64 scope link noprefixroute valid_lft forever preferred_lft forever $ ping 169.254.227.2 PING 169.254.227.2 (169.254.227.2) 56(84) bytes of data. 64 bytes from 169.254.227.2: icmp_seq=1 ttl=64 time=0.065 ms 64 bytes from 169.254.227.2: icmp_seq=2 ttl=64 time=0.079 ms 64 bytes from 169.254.227.2: icmp_seq=3 ttl=64 time=0.083 ms 64 bytes from 169.254.227.2: icmp_seq=4 ttl=64 time=0.079 ms 64 bytes from 169.254.227.2: icmp_seq=5 ttl=64 time=0.095 ms 64 bytes from 169.254.227.2: icmp_seq=6 ttl=64 time=0.081 ms ^C --- 169.254.227.2 ping statistics --- 6 packets transmitted, 6 received, 0% packet loss, time 103ms rtt min/avg/max/mdev = 0.065/0.080/0.095/0.011 ms $ telnet 169.254.227.2 8003 Trying 169.254.227.2... telnet: Unable to connect to remote host: Connection refused There are extra some informations. I can configure device's IP address by hand on its panel (default 169.254.227.2) and its MAC address is 00:19:F9:18:02:E2. And to be able to device, I'm configuring ethernet connection on Network Manager that cover infos (this informations is included device's manual): - The Method: by hand - Adress: 169.254.227.2 - Net Mask: 255.255.0.0 - Gateway: 0.0.0.0 - DNS: 0.0.0.0 But the MAC address is **:**:**:**:**:** that belonging to eth0 an I can't change this situation. Actually, I tried to use DHCP but my trying it fails. Can you suggestion how I configure dhcpd.conf file and network connections. Finally, I attached the last outputs. $ ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff inet 169.254.227.2/16 brd 169.254.255.255 scope link noprefixroute eth0 valid_lft forever preferred_lft forever inet6 ****:****:****:****:****/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: wlan0: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff inet 80.***.**.***/23 brd 80.***.**.255 scope global dynamic noprefixroute wlan0 valid_lft 1277sec preferred_lft 1277sec inet6 ****:****:****:****:****/64 scope link noprefixroute valid_lft forever preferred_lft forever $ less /etc/network/interfaces # interfaces(5) file used by ifup(8) and ifdown(8) # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet dhcp $ less /etc/dhcp/dhcpd.conf default-lease-time 600; max-lease-time 7200; authoritative; subnet 192.168.1.1 netmask 255.255.0.0 { range 192.168.1.100 192.168.1.200; option routers 192.168.1.254; option domain-name-servers 192.168.1.1, 192.168.1.2; #option domain-name "mydomain.example"; } host archmachine { hardware ethernet 00:19:F9:18:02:E2; fixed-address 192.168.1.20; }

The highest TCP port number is 65535. If a router doing NAT uses an ephemeral port for each connection made to the internet on behalf of the hosts on the internal network, does this mean that it is possible for the router to run out of ports? What is going to happen when the router runs out of ports?

I have two services listening on TCP/IPv6 sockets, ssh and mysql. ss shows this:

$ ss -tl6
State     Recv-Q    Send-Q    Local Address:Port    Peer Address:Port               
LISTEN    0         128       [::]:ssh              [::]:*                     
LISTEN    0         80        *:mysql               *:*

Why is the "Local Address" and "Peer Address" displayed differently for ssh and mysql? I.e. what if anything is the meaning behind "[::]" vs "*"? Note netstat shows no difference ("::" for both):

sudo netstat -natlp6
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address  Foreign Address  State      PID/Program name    
tcp6       0      0 :::22          :::*             LISTEN     26240/sshd          
tcp6       0      0 :::3306        :::*             LISTEN     23933/mysqld

--- **UPDATE** As @Amir pointed to in comments, there is actually a difference between the two services: sshd has two open sockets one for ipv4 only and one for ipv6, where as mysqld only has one ipv6 socket:

$ pgrep mysqld
23933
$ pgrep sshd
26240
$ sudo lsof -a -p 23933 -i
COMMAND   PID  USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
mysqld  23933 mysql   27u  IPv6 6062236      0t0  TCP *:mysql (LISTEN)
$ sudo lsof -a -p 26240 -i
COMMAND   PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
sshd    26240 root    3u  IPv4 6106855      0t0  TCP *:ssh (LISTEN)
sshd    26240 root    4u  IPv6 6106857      0t0  TCP *:ssh (LISTEN)

I disabled ipv4 in SSH config and ss still displays the two differently, but it maybe different type of ipv6 / ipv4 support as @Amir mentioned?

Our company has 2 proxy servers that are running a vendor proprietary OS that is built on top of FreeBSD 11.2, we are having incidents on our business peak hours where proxy server stops accepting new client TCP connections when it reach limit of 60K TCP connections, the vendor is claiming that the proxy can accept 120K connections, we dont have any access to root level of the system and so we cant see any kernel configurations, the only way to validate this is by re-producing the issue out of business hours by initiating "dump" tcp connections from 2-3 other freebsd test machine toward the proxy server to confirm if it will really stop accepting connections when number reachs 60k or not. is there any tool that i can use on freebsd that would create bulk tcp connections toward certain ip address?

for studying purposes about TCP/IP, we should run a DNS server, i did the advised configuration, the server is runing without any erros, but when i request the server for the configured domain name with dig or nslookup command, i get nothing. Here are the settings: system : centos 7. installation of bind package :

install bind

configuration of /etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
	listen-on port 53 { any; };
	listen-on-v6 port 53 { any; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	recursing-file  "/var/named/data/named.recursing";
	secroots-file   "/var/named/data/named.secroots";
	allow-query     { any; };

	/* 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
	   recursion. 
	 - If your recursive DNS server has a public IP address, you MUST enable access 
	   control to limit queries to your legitimate users. Failing to do so will
	   cause your server to become part of large scale DNS amplification 
	   attacks. Implementing BCP38 within your network would greatly
	   reduce such attack surface 
	*/
	recursion yes;

	dnssec-enable yes;
	dnssec-validation yes;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.root.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "mydomaine.fr" IN {
	file "/var/named/mydomaine.zone";
	type master;
	allow-update {none;};
};

configuration of /var/named/mydomaine.zone

$TTL 1D

mydomaine.fr.	IN	SOA	ns1.mydomaine.fr.	root.mydomaine.fr.(
0; serial
1D; refresh
1H; retry
1W; expire
3H; minimum
)

mydomaine.fr.	IN	NS	ns1.mydomaine.fr.
ns1	IN	A	192.168.10.1

when i run

status named.service -l

● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-01-28 19:19:32 CET; 11min ago
  Process: 3597 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 3594 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 3599 (named)
    Tasks: 5
   CGroup: /system.slice/named.service
           └─3599 /usr/sbin/named -u named -c /etc/named.conf -4

Jan 28 19:19:32 localhost.localdomain named: zone mydomaine.fr/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named: zone localhost.localdomain/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named: zone localhost/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named: all zones loaded
Jan 28 19:19:32 localhost.localdomain named: running
Jan 28 19:19:32 localhost.localdomain systemd: Started Berkeley Internet Name Domain (DNS).
Jan 28 19:19:32 localhost.localdomain named: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Jan 28 19:19:32 localhost.localdomain named: resolver priming query complete

and

mydomaine.fr

gives me :

G 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.8 > mydomaine.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23167
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mydomaine.fr.			IN	A

;; Query time: 7 msec
;; SERVER: 192.168.132.190#53(192.168.132.190)
;; WHEN: Fri Jan 28 19:20:25 CET 2022
;; MSG SIZE  rcvd: 30

and the command

mydomaine.fr

gives me :

Server:		192.1...
Address:	192.1...#53

** server can't find mydomaine.fr: NXDOMAIN

I can't figure out why the tcp_adv_win_scale and tcp_app_win variables coexist in Linux.  The information from tcp(7) says: For tcp_adv_win_scale: > *tcp_adv_win_scale* (integer; default: 2; since Linux 2.4)

> > Count buffering overhead as *bytes/2^tcp_adv_win_scale*, if > *tcp_adv_win_scale* is greater than 0; or > *bytes-bytes/2^(-tcp_adv_win_scale)*, if *tcp_adv_win_scale* is less than > or equal to zero. > > The socket receive buffer space is shared between the > application and kernel.  TCP maintains part of the buffer as the TCP > window, this is the size of the receive window advertised to the > other end.  The rest of the space is used as the "application" > buffer, used to isolate the network from scheduling and > application latencies.  The *tcp_adv_win_scale* default value of 2 > implies that the space used for the application buffer is one > fourth that of the total.

And for tcp_app_win: >*tcp_app_win* (integer; default: 31; since Linux 2.4)

This variable defines how many bytes of the TCP window are reserved for buffering overhead. > >A maximum of (*window/2^tcp_app_win*, mss) bytes in the window are reserved for the application buffer.  A value of 0 implies that no amount is reserved.

So I'm not sure of understanding what does tcp_app_win exactly change.  It seems to me that both variables can be used to tweak the TCP application buffer, therefore there is no need of changing them together. I am correct?

I am testing my Debian Server with some Nmap port Scanning. My Debian is a Virtual Machine running on a bridged connection. Classic port scanning using TCP SYN request works fine and detects port 80 as open (which is correct) : nmap -p 80 192.168.1.166 Starting Nmap 6.47 ( http://nmap.org ) at 2016-02-10 21:36 CET Nmap scan report for 192.168.1.166 Host is up (0.00014s latency). PORT STATE SERVICE 80/tcp open http MAC Address: xx:xx:xx:xx:xx:xx (Cadmus Computer Systems) Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds But when running UDP port scan, it fails and my Debian server answers with an **ICMP : Port unreachable** error : nmap -sU -p 80 192.168.1.166 Starting Nmap 6.47 ( http://nmap.org ) at 2016-02-10 21:39 CET Nmap scan report for 192.168.1.166 Host is up (0.00030s latency). PORT STATE SERVICE 80/udp closed http MAC Address: xx:xx:xx:xx:xx:xx (Cadmus Computer Systems) Nmap done: 1 IP address (1 host up) scanned in 0.52 seconds Wireshark record : ---------- How is that possible ? My port 80 is open, how come that Debian answers with an **ICMP : Port unreachable** error ? Is that a security issue?