lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20230112234503.GB19463@breakpoint.cc>
Date:   Fri, 13 Jan 2023 00:45:03 +0100
From:   Florian Westphal <fw@...len.de>
To:     "Russell King (Oracle)" <linux@...linux.org.uk>
Cc:     netdev@...r.kernel.org, netfilter-devel@...r.kernel.org,
        coreteam@...filter.org
Subject: Re: 6.1: possible bug with netfilter conntrack?

Russell King (Oracle) <linux@...linux.org.uk> wrote:
> Given the packet counts as per my example above, it looks like
> conntrack only saw:
> 
> src=180.173.2.183 dst=78.32.30.218	SYN
> src=78.32.30.218 dst=180.173.2.183	SYN+ACK
> src=180.173.2.183 dst=78.32.30.218	ACK
> 
> and I suspect at that point, the connection went silent - until
> Exim timed out and closed the connection, as does seem to be the
> case:
> 
> 2023-01-11 21:32:04 no host name found for IP address 180.173.2.183
> 2023-01-11 21:33:05 SMTP command timeout on connection from [180.173.2.183]:64332 I=[78.32.30.218]:25
> 
> but if Exim closed the connection, why didn't conntrack pick it up?

Yes, thats the question.  Exim closing the connection should have
conntrack at least pick up a fin packet from the mail server (which
should move the entry to the 2 minute fin timeout).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ