Support Center > Search Results > SecureKnowledge Details
"fwconn_chain_is_data_conn" errors in /var/log/messages file
Symptoms
  • /var/log/messages files show repeatedly:
    kernel: FW-1: fwconn_chain_is_data_conn: get flags failed
    kernel: fwx_get_original_conn: fwconn_chain_is_data_conn failed
    kernel: FW-1: fwconnoxid_get_connoxid_data: fwconn_chain_get_opaque failed
    kernel: FW-1: lost 74035 debug messages
    kernel: FW-1: fwconn_conn_get_opaque: invalid id -1
Cause

Incomplete validation of the length of ICMP Error packets

ICMP Error packets are as described on page 38 of RFC1122 (Requirements for Internet Hosts - Communication Layers)
3. INTERNET LAYER PROTOCOLS -
3.2 PROTOCOL WALK-THROUGH -
3.2.2 Internet Control Message Protocol -- ICMP :
ICMP Type 3 "Destination Unreachable"
ICMP Type 4 "Source Quench"
ICMP Type 5 "Redirect"
ICMP Type 11 "Time Exceeded"
ICMP Type 12 "Parameter Problem"


Solution
Note: To view this solution you need to Sign In .