| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Jan 2019 15:37:52 +0100 From: Florian Westphal <fw@...len.de> To: Stephen Hemminger <stephen@...workplumber.org> Cc: netdev@...r.kernel.org Subject: Re: Fw: [Bug 202287] New: netfilter/iptales prevents Tor Browser from closing cleanly Stephen Hemminger <stephen@...workplumber.org> wrote: > Date: Tue, 15 Jan 2019 16:18:13 +0000 > From: bugzilla-daemon@...zilla.kernel.org > To: stephen@...workplumber.org > Subject: [Bug 202287] New: netfilter/iptales prevents Tor Browser from closing cleanly > > https://bugzilla.kernel.org/show_bug.cgi?id=202287 > Created attachment 280501 > --> https://bugzilla.kernel.org/attachment.cgi?id=280501&action=edit > Tpr Browser and kernels run log > > Since kernel 4.20 there is a problem with Tor Browser (TB) on close. > The last good kernel was 4.19.12 . > - INVALID messages (ACK FIN and ACK PSH FIN) cought in OUTPUT chain of > iptables, > on lo interface, and logged to system log/journal. > -A OUTPUT -m conntrack --ctstate INVALID -j loginv Can't reproduce this so far: :INPUT ACCEPT [225785:239821136] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [189532:100424913] [0:0] -A INPUT -i lo -m conntrack --ctstate INVALID [0:0] -A OUTPUT -o lo -m conntrack --ctstate INVALID this is with a different setup, do not know what TB might be doing differently. Can you do modprobe nf_log_ipv4 sysctl 'net.netfilter.nf_log.2=nf_log_ipv4' sysctl 'net.netfilter.nf_conntrack_log_invalid=6' and see what that might turn up for those 'invalid' packets? (should appear in dmesg/system log/journal).
Powered by blists - more mailing lists