"TCP hash error" event appears in Linux log file

Product / Version includes:

Deep Security 9.6 , Deep Security 10.2 , Deep Security 10.1 , Deep Security 10.0 , Deep Security 10.3

Last updated: 2025/05/08

Solution ID: KA-0006577

Category: Troubleshoot

Summary

When there is an existing issue in your network traffic, the "TCP hash error" event is recorded in the Linux log file:

Jun 30 20:38:38 web06 kernel: net.module/1  | TCP hash error | drivers/common/conntrack/conntrack.c:2549  Jun 30 20:38:38 web06 kernel: net.module/1  | TCP hash error | drivers/common/conntrack/conntrack.c:1696

Deep Security will hash the TCP's source or destination IP/port. The hash value will be used to lookup the internal connection table.

The error above appears due to one of these possible reasons:

Something is wrong in Deep Security hash function.
The hash result is "0".

Thus, there is no firewall or DPI protection in the network connection.

To verify the root cause:

Enable the Deep Security Agent trace debug logs.
Open the trace log.
If you find the log below, it means the hash value is "0". This is a special condition as not every TCP port will have "0" value.
conn: hash_err: 0

If there is no such log, it means the hash function is broken.

To resolve the issue, collect and submit the following logs to Trend Micro Technical Support:

Packet trace log
/var/log/messages*
DSA diagnostic package

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

"TCP hash error" event appears in Linux log file

"TCP hash error" event appears in Linux log file

Product / Version includes:

Summary