lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANn89iKvG5cTNROyBF32958BzATfXysh4zLk5nRR6fgi08vumA@mail.gmail.com>
Date:   Thu, 30 Nov 2023 15:01:56 +0100
From:   Eric Dumazet <edumazet@...gle.com>
To:     Shachar Kagan <skagan@...dia.com>
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "kuba@...nel.org" <kuba@...nel.org>,
        Jason Gunthorpe <jgg@...dia.com>,
        Yishai Hadas <yishaih@...dia.com>, Ido Kalir <idok@...dia.com>,
        Topaz Uliel <topazu@...dia.com>,
        Shirly Ohnona <shirlyo@...dia.com>,
        Ziyad Atiyyeh <ziyadat@...dia.com>
Subject: Re: Bug report connect to VM with Vagrant

On Thu, Nov 30, 2023 at 2:55 PM Shachar Kagan <skagan@...dia.com> wrote:
>
> Hi Eric,
>
> I have an issue that bisection pointed at this patch:
> commit 0a8de364ff7a14558e9676f424283148110384d6
> tcp: no longer abort SYN_SENT when receiving some ICMP
>

Please provide tcpdump/pcap captures.

 It is hard to say what is going on just by looking at some application logs.


> Full commit message at [1].
>
> The issue appears while using Vagrant to manage nested VMs.
> The steps are:
> * create vagrant file
> * vagrant up
> * vagrant halt (VM is created but shut down)
> * vagrant up - fail
>
> Turn on a VM with ‘Vagrant up’ fails when the VM is in halt state. When the VM hasn't been created yet, 'Vagrant up' passes.
> The failure occurs in the Net-SSH connection to the VM step.
> Vagrant error is ‘Guest communication could not be established! This is usually because SSH is not running, the authentication information was changed, or some other networking issue.'
> We use a new version of vagrant-libvirt.
> Turn on the VM with virsh instead of vagrant works.
>
> Stdout[2] bellow.
>
> Any idea what may cause the error with your patch?
>
> Thanks,
> Shachar Kagan
>
> [1]
> commit 0a8de364ff7a14558e9676f424283148110384d6
> Author: Eric Dumazet <edumazet@...gle.com>
> Date:   Tue Nov 14 17:23:41 2023 +0000
>
>     tcp: no longer abort SYN_SENT when receiving some ICMP
>
>     Currently, non fatal ICMP messages received on behalf
>     of SYN_SENT sockets do call tcp_ld_RTO_revert()
>     to implement RFC 6069, but immediately call tcp_done(),
>     thus aborting the connect() attempt.
>
>     This violates RFC 1122 following requirement:
>
>     4.2.3.9  ICMP Messages
>     ...
>               o    Destination Unreachable -- codes 0, 1, 5
>
>                      Since these Unreachable messages indicate soft error
>                      conditions, TCP MUST NOT abort the connection, and it
>                      SHOULD make the information available to the
>                      application.
>
>     This patch makes sure non 'fatal' ICMP[v6] messages do not
>     abort the connection attempt.
>
>     It enables RFC 6069 for SYN_SENT sockets as a result.
>
>     Signed-off-by: Eric Dumazet <edumazet@...gle.com>
>     Cc: David Morley <morleyd@...gle.com>
>     Cc: Neal Cardwell <ncardwell@...gle.com>
>     Cc: Yuchung Cheng <ycheng@...gle.com>
>     Signed-off-by: David S. Miller <davem@...emloft.net>
>
> [2]
> Vagrant up stdout:
> Bringing machine 'player1' up with 'libvirt' provider...
> ==> player1: Creating shared folders metadata...
> ==> player1: Starting domain.
> ==> player1: Domain launching with graphics connection settings...
> ==> player1:  -- Graphics Port:      5900
> ==> player1:  -- Graphics IP:        127.0.0.1
> ==> player1:  -- Graphics Password:  Not defined
> ==> player1:  -- Graphics Websocket: 5700
> ==> player1: Waiting for domain to get an IP address...
> ==> player1: Waiting for machine to boot. This may take a few minutes...
>     player1: SSH address: 192.168.123.61:22
>     player1: SSH username: vagrant
>     player1: SSH auth method: private key
> ==> player1: Attempting graceful shutdown of VM...
> ==> player1: Attempting graceful shutdown of VM...
> ==> player1: Attempting graceful shutdown of VM...
>     player1: Guest communication could not be established! This is usually because
>     player1: SSH is not running, the authentication information was changed,
>     player1: or some other networking issue. Vagrant will force halt, if
>     player1: capable.
> ==> player1: Attempting direct shutdown of domain...
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ