lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 5 Aug 2018 16:39:19 -0400
From:   Satish Patel <satish.txt@...il.com>
To:     Florian Westphal <fw@...len.de>
Cc:     netdev@...r.kernel.org
Subject: Re: Linux kernel error stack

Florian,

I have removed those port 80 CHECKSUM rules and everything looks good
i didn't see kernel WARN mesg.

Thank you so much! You just nailed it :)

On Sun, Aug 5, 2018 at 4:15 PM, Satish Patel <satish.txt@...il.com> wrote:
> Florian,
>
> It seems those rules coming from here
> https://github.com/openstack/openstack-ansible-os_neutron/blob/master/files/post-up-metadata-checksum
>
> On Sun, Aug 5, 2018 at 4:09 PM, Satish Patel <satish.txt@...il.com> wrote:
>> Yes this is openstack-ansible deployment tool which set them up. I am
>> wondering where are these rules saved? I believe openstack-ansible use
>> LXC container to deploy services so must be part of LXC startup
>> scripts.
>>
>> I have checked there is no firewalld and iptables service running on system..
>>
>> You think i should get rid of all CHEKSUM option in iptables rules? Am i right?
>>
>>
>> On Sun, Aug 5, 2018 at 4:02 PM, Florian Westphal <fw@...len.de> wrote:
>>> Satish Patel <satish.txt@...il.com> wrote:
>>>> > [84166:59495417] -A POSTROUTING -p tcp -m tcp --sport 80 -j CHECKSUM
>>>> > --checksum-fill
>>>> > [68739:5153476] -A POSTROUTING -p tcp -m tcp --sport 8000 -j CHECKSUM
>>>> > --checksum-fill
>>>
>>> These rules make no sense to me, and are also source of your backtrace.
>>> Who set this up?
>>>
>>> If this is coming from openstack, I suggest asking openstack developers
>>> WTH this is supposed to do.
>>>
>>>> > [755:275452] -A POSTROUTING -s 10.0.3.0/24 -o lxcbr0 -p udp -m udp
>>>> > --dport 68 -j CHECKSUM --checksum-fill
>>>
>>> This was needed to work around dhcpd issues w. checksum offloading but I
>>> guess that DCHCP will work fine without this rule too nowadays.
>>>
>>> So I suggest you simply get rid of these rules.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ