lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20181128061715epcms1p18e21f112dea8cdf67481c35af52419bd@epcms1p1>
Date:   Wed, 28 Nov 2018 15:17:15 +0900
From:   배석진 <soukjin.bae@...sung.com>
To:     Eric Dumazet <eric.dumazet@...il.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "lorenzo@...gle.com" <lorenzo@...gle.com>
CC:     유금환 <geumhwan.yu@...sung.com>,
        배석진 <soukjin.bae@...sung.com>
Subject: RE:(2) FW: [Resource Leak] Suggesting patch for tcp_close

>> we saw hundreds of not closed tcp session with FIN_WAIT1 and LAST_ACK.
> 
> These sessions should have a timer, and eventually disappear.

FIN_WAIT2 and TIME_WAIT have a timer.
but FIN_WAIT1 and LAST_ACK are have too?

> Do you have a test to demonstrate the issue ?
>  
> I know Lorenzo wrote tests, so presumably new tests are needed.

yes, i had a test myself, and attached the result.
step is easy, with android device.

1. remove simcard (no mobile online)
2. connect wifi and check tcp sessions
3. disconnect wifi and check again.
4. repeat step 2~3

as i said, gms make this problem often at port 443 or 5228. 
i've confirm session owner is them by pid, when session was ESTABLISH state.
and i found this at speedguide.net

- Port(s)  : 5228
- Protocol : tcp,udp
- Service  : android
- Details  : Port 5228 is used by the Google Playstore (Android market). 
             Google talk also uses ports 443, 5222 and 5228. 
             Google Chrome user settings sync (facorites, history, passwords) uses port 5228. 
- Related ports : 443 5222


below is report we have received.
i omitted full list shortly. its list up to 900 line.

------ NETSTAT (netstat -npWae) ------
Active Internet connections (established and servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       User  Inode   PID/Program Name
tcp   0      0      127.0.0.1:5037              0.0.0.0:*                   LISTEN      0     617046  2768/adbd
tcp   0      1      192.168.0.112:53828         211.231.100.211:443         FIN_WAIT1   0     0       -
tcp   0      1      192.168.0.112:33908         27.0.236.141:443            FIN_WAIT1   0     0       -
tcp   0      1      192.168.0.112:58480         183.111.43.14:443           LAST_ACK    0     0       -
tcp   0      1      192.168.0.112:56558         203.133.167.207:443         FIN_WAIT1   0     0       -
...                                                                                                  
tcp6  0     32      ::ffff:192.168.0.112:50072  ::ffff:74.125.203.188:5228  FIN_WAIT1   0     0       -
tcp6  0      1      ::ffff:192.168.1.5:59744    ::ffff:216.58.197.238:443   FIN_WAIT1   0     0       -
tcp6  0     32      ::ffff:192.168.0.112:40512  ::ffff:108.177.125.188:5228 FIN_WAIT1   0     0       -
tcp6  0     32      ::ffff:192.168.0.112:46560  ::ffff:108.177.97.188:5228  FIN_WAIT1   0     0       -


> BTW your patch title is confusing.
> You are changing tcp_abort(), not tcp_close()

yes right, i meant tcp session close as title.
but my finger put the underbar himself :o

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ