How frequently are you getting packets in out of order?
The normal pattern for debugger traffic is to send pairs of packets - an ack of the previous packet immediately followed by a data packet containing the requested data. Which is typically then immediately acked by the other side followed by another command packet. So you see 2 packets in sequence from each side, with the smaller one typically being the ACK. This is easy to watch using netmon or wireshark.
If the pair of packets come in swapped order, it usually should not break the debugger, because if the debugger gets an expected data packet without the preceding ack, it treats the ack as received, and processes the data packet. The following ACK is now out of order, and gets dropped by the encryption layer, but was already implicitly processed by the debugger.
So getting occasional out of order packets should not prevent the debugger from working.
If something in the pipe between you and the target is swapping the order on every set of packets sent, that could be a problem. We did not explicitly test that scenario.
A fix for a scenario like that will likely not be resolvable without a change to the debugger, which means you won’t see it for some time.
Furthermore, unless we can repro the problem here, I am not going to make any changes to KDNET to try to handle this. We have successfully used KDNET to debug machines on the other side of the world just fine.
It was part of what we tested when KDNET was first developed.
Now granted, that was on Microsoft’s internal corporate network, but we debugged machines in India from Redmond, without issue.
The first thing I would check is if something in your infrastructure (ie: NIC driver, or router/switch) is unnecessarily switching the order of packets.
The encryption layer in KDNET does not allow packets received out of order to be accepted. In order to prevent replay attacks.
Given that changing that behavior, raises potential security issues, makes me much less inclined to make changes that would enable acceptance of out of order packets.
Joe.
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Saturday, January 24, 2015 2:34 AM
To: Kernel Debugging Interest List
Subject: [windbg] Possible to kernel debug over the internet?
I am unable to debug a machine in another country. Below is the output from the kernel debugger (ip addresses omitted). Any suggestions on if this might be resolvable?
–
Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64 Copyright (c) Microsoft Corporation. All rights reserved.
Using NET for debugging
Opened WinSock 2.0
Waiting to reconnect…
Connected to target x.x.x.x on port 50000 on local IP y.y.y.y.
Connected to Windows 8 9600 x64 target at (…)), ptr64 TRUE Kernel Debugger connection established.
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred
SRV*c:\dev\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is:
SRV*c:\dev\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Received an out of order encrypted packet. Packet dropped.
Bad packet sent from x.x.x.x.
WINDBG is sponsored by OSR
OSR is hiring!! Info at http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer