lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5681B594.70304@iogearbox.net>
Date:	Mon, 28 Dec 2015 23:20:04 +0100
From:	Daniel Borkmann <daniel@...earbox.net>
To:	Doug Ledford <dledford@...hat.com>
CC:	David Miller <davem@...emloft.net>,
	David Miller <davem@...hat.com>,
	netdev <netdev@...r.kernel.org>
Subject: Re: 4.4-rc7 failure report

On 12/28/2015 10:53 PM, Doug Ledford wrote:
> The 4.4-rc7 kernel is failing for me.  In my case, all of my vlan
> interfaces are failing to obtain a dhcp address using dhclient.  I've
> tried a hand built 4.4-rc7, and the Fedora rawhide 4.4-rc7 kernel, both
> failed.  I've tried NetworkManager and the old SysV network service,
> both fail.  I tried a working dhclient from rhel7 on the Fedora rawhide
> install and it failed too.  Running tcpdump on the interface shows the
> dhcp request going out, and a dhcp response coming back in.  Running
> strace on dhclient shows that it writes the dhcp request, but it never
> recvs a dhcp response.  If I manually bring the interface up with a
> static IP address then I'm able to run typical IP traffic across the
> link (aka, ping).  It would seem that when dhclient registers a packet
> filter on the socket, that filter is preventing it from ever getting the
> dhcp response.  The same dhclient works on any non-vlan interfaces in
> the system, so the filter must work for non-vlan interfaces.  Aside from
> the fact that the interface is a vlan, we also use a priority egress map
> on the interface, and we use PFC flow control.  Let me know if you need
> anymore to debug the issue, or email me off list and I can get you
> logins to my reproducer machines.

When you say 4.4-rc7 kernel is failing for you, what latest kernel version
was working, where the socket filter was properly receiving the response on
your vlan iface? Are you reasonably sure that the skb is dropped at the BPF
filter attached to the dhcp's packet socket? Can you dump the BPF code of
the filter? Are there any vlan offloading settings the filter is not taking
into account (in the sense of classic BPF extensions, tcpdump/libpcap finally
managed to cope with this)?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ