lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 06 Sep 2010 22:44:33 +0200
From:	Krzysztof Olędzki <ole@....pl>
To:	Eric Dumazet <eric.dumazet@...il.com>
CC:	netdev@...r.kernel.org
Subject: Re: 2.6.34: Problem with UDP traffic on lo + poll(?)

On 2010-09-06 22:29, Eric Dumazet wrote:
> Le lundi 06 septembre 2010 à 21:55 +0200, Krzysztof Olędzki a écrit :
>
>> Yes, conntrack is one of possibilities. However, this problem only
>> manifests on 2.6.34 and never on 2.6.31 where iptables and conntrack
>> configurations are identically. And of course, each time it is a
>> different port.
>>
>> Please also note that this problem only exists when communication is
>> handled over a loopback interface - I'm not able to trigger this from a
>> remote host even if I run the test on two hosts (local&  remote)
>> simultaneously.
>>
>
> No particular error shown in "netstat -s" ?

No... :(

Udp:
     8542243 packets received
     489605 packets to unknown port received.
     1 packet receive errors
     4254527 packets sent
     RcvbufErrors: 1

> port randomization on UDP changed in the past, and conntracking changed
> a bit too ;)

I know but AFAIR all important changs were alredy included in 2.6.31. 
And again: there is no problem in quering DNS from a remote host:
  [client 2.6.24.6] <-ethernet-> [server 2.6.34.6]

BTW: I have been able to reproduce this problem on a different, less 
critical host after upgrading its kernel to 2.6.34.6. Unfortunately I'm 
still not able to do in on my lab environment. :( Anyway, I'll try to 
catch "conntrack -E" output and see what conntrack thinks about such 
packets.

Best regards,

			Krzysztof Olędzki
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ