lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 2 Feb 2008 15:44:28 +0100 (CET)
From:	Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>
To:	Jeff Chua <jeff.chua.linux@...il.com>
cc:	Patrick McHardy <kaber@...sh.net>,
	lkml <linux-kernel@...r.kernel.org>,
	Krzysztof Piotr Oledzki <ole@....pl>,
	"David S. Miller" <davem@...emloft.net>,
	cups-bugs <cups-bugs@...ysw.com>,
	Netfilter Development Mailinglist 
	<netfilter-devel@...r.kernel.org>
Subject: Re: cups slow on linux-2.6.24

Hi Jeff,

On Fri, 1 Feb 2008, Jeff Chua wrote:

> I recaptured it again, and attached are the logs.
[...]

Thank you! One can see a plain connection-initiating SYN, which triggers 
the message. No reply from the server, then three seconds later comes a 
retransmitted SYN and immediately after the SYN/ACK reply. What makes it 
interesting is that the first SYN was let through by the conntrack: it was 
*not* blocked at all.

In the dump file there is no other previous connection between 
127.0.0.1:1021 -> 127.0.0.1:515. But there must be a previous connection 
which was not captured by tcpdump.

Could I ask you to make two another tests? (I have been unable to 
reproduce the bug so far, but it must be my fault.) In both cases enable 
loggin invalid messages as Patrick wrote in a previous mail:

# modprobe ipt_LOG
# echo 255 >/proc/sys/net/netfilter/nf_conntrack_log_invalid

In the first case run the unpatched 2.4.24 kernel and before doing 
any printing, start dumping all the traffic at the 515 port so that we 
won't miss any connection and send the dump file:

# tcpdump -i lo -s 0 -w dump.pcap tcp port 515 

In the second case run the patched kernel and just start printing: do you 
get any 'nf_ct_tcp: invalid SYN' kernel message?

Best regards,
Jozsef
-
E-mail  : kadlec@...ckhole.kfki.hu, kadlec@...serv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ