| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9b85945.3cfb.178862aa787.Coremail.yacanliu@163.com>
Date: Wed, 31 Mar 2021 10:44:05 +0800 (CST)
From: 刘亚灿 <yacanliu@....com>
To: "Casey Schaufler" <casey@...aufler-ca.com>
Cc: "David S. Miller" <davem@...emloft.net>,
LKML <linux-kernel@...r.kernel.org>,
"Linux Security Module list" <linux-security-module@...r.kernel.org>
Subject: Re:Commit f211ac154577ec9ccf07c15f18a6abf0d9bdb4ab breaks Smack TCP
connections
Hi Casev:
A quote from the listen(2) man page on my Ubuntu system:
The backlog argument defines the maximum length to which
the queue of pending connections for sockfd may grow.
I think this implies that the 'backlog' must be greater than zero.
In the test source file (tools/smack-ipv4-tcp-peersec.c) Line 60
I found the following code:
if (listen(firstsock, 0) < 0) {
printf("%s-listen\n", argv[0]);
exit(1);
}
That means that sock will not accept any requests,
so client TCP connections hang with SYN_SENT.
In openssh case, it use SSH_LISTEN_BACKLOG as 128.
At 2021-03-30 23:42:04, "Casey Schaufler" <casey@...aufler-ca.com> wrote:
>Commit f211ac154577ec9ccf07c15f18a6abf0d9bdb4ab 'net: correct
>sk_acceptq_is_full()' breaks a system with the Smack LSM.
>Reverting this change results in a return to correct behavior.
>
>The Smack testsuite can be found at:
> https://github.com/smack-team/smack-testsuite.git
>
>The failing test is ipv4-tcp-local-peersec.sh, but it seems
>that most TCP connections hang with SYN_SENT. Oddly, ssh
>to 127.0.0.1 works, but other TCP connections timeout.
>
>
>
>
Powered by blists - more mailing lists