Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

"TCP hash error" event appears in Linux log file

    • Updated:
    • 16 Aug 2016
    • Product/Version:
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • N/A N/A
Summary

When there is an existing issue in your network traffic, the "TCP hash error" event is recorded in the Linux log file:

Jun 30 20:38:38 web06 kernel: net.module/1  | TCP hash error | drivers/common/conntrack/conntrack.c:2549
Jun 30 20:38:38 web06 kernel: net.module/1  | TCP hash error | drivers/common/conntrack/conntrack.c:1696
Details
Public

Deep Security will hash the TCP's source or destination IP/port. The hash value will be used to lookup the internal connection table.

The error above appears due to one of these possible reasons:

  • Something is wrong in Deep Security hash function.
  • The hash result is "0".

Thus, there is no firewall or DPI protection in the network connection.

To verify the root cause:

  1. Enable the Deep Security Agent trace debug logs.
  2. Open the trace log.
  3. If you find the log below, it means the hash value is "0". This is a special condition as not every TCP port will have "0" value.

    conn: hash_err: 0

    If there is no such log, it means the hash function is broken.

To resolve the issue, collect and submit the following logs to Trend Micro Technical Support:

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1115019
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.