Summary
When there is an existing issue in your network traffic, the "TCP hash error" event is recorded in the Linux log file:
Jun 30 20:38:38 web06 kernel: net.module/1 | TCP hash error | drivers/common/conntrack/conntrack.c:2549 Jun 30 20:38:38 web06 kernel: net.module/1 | TCP hash error | drivers/common/conntrack/conntrack.c:1696
Details
Deep Security will hash the TCP's source or destination IP/port. The hash value will be used to lookup the internal connection table.
The error above appears due to one of these possible reasons:
- Something is wrong in Deep Security hash function.
- The hash result is "0".
Thus, there is no firewall or DPI protection in the network connection.
To verify the root cause:
- Enable the Deep Security Agent trace debug logs.
- Open the trace log.
- If you find the log below, it means the hash value is "0". This is a special condition as not every TCP port will have "0" value.
conn: hash_err: 0
If there is no such log, it means the hash function is broken.
To resolve the issue, collect and submit the following logs to Trend Micro Technical Support:
- Packet trace log
- /var/log/messages*
- DSA diagnostic package
