lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130319101223.GA3672@localhost>
Date:	Tue, 19 Mar 2013 11:12:23 +0100
From:	Pablo Neira Ayuso <pablo@...filter.org>
To:	Fernando Luis Vázquez Cao 
	<fernando_b1@....ntt.co.jp>
Cc:	Michael Kerrisk <mtk.manpages@...il.com>,
	linux-man@...r.kernel.org, netdev@...r.kernel.org,
	netfilter-devel@...r.kernel.org, Patrick McHardy <kaber@...sh.net>,
	Hirotaka Sasaki <sasaki.hirotaka@....ntt.co.jp>
Subject: Re: [PATCH 2/2] man/send(2): document a long standing bug that can
 cause spurious EPERM errors

On Tue, Mar 19, 2013 at 03:52:40PM +0900, Fernando Luis Vázquez Cao wrote:
> Subject: [PATCH 2/2] man/send(2): document a long standing bug that can cause spurious EPERM errors
> 
> This bug has been known since early 2009 (the latest) and  discussed in
> netdev before:
> 
> http://marc.info/?l=linux-netdev&w=2&r=1&s=Possible+race+condition+in+conntracking+&q=b
> 
> It seems that a proper fix would be non trivial, so document the bug
> in the meantime.
>
> Reported-by: Hirotaka Sasaki <sasaki.hirotaka@....ntt.co.jp>
> Signed-off-by: Fernando Luis Vazquez Cao <fernando@....ntt.co.jp>
> ---
> 
> diff -urNp man-pages-3.50-orig/man2/send.2 man-pages-3.50/man2/send.2
> --- man-pages-3.50-orig/man2/send.2	2013-03-19 15:18:03.784306647 +0900
> +++ man-pages-3.50/man2/send.2	2013-03-19 15:30:40.788060426 +0900
> @@ -420,6 +420,11 @@ Linux may return
>  .B EPIPE
>  instead of
>  .BR ENOTCONN .
> +
> +Linux may return spurious
> +.B EPERM
> +errors when netfilter's conntrack module is loaded and two or more
> +UDP packets belonging to the same connection are processed in parallel.

The Connection tracking system may drop packets for different reasons
under rare circunstances, not only in this case.

I'd prefer if you only apply patch 1/2.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ