| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Mar 2023 17:23:43 +0100
From: Pablo Neira Ayuso <pablo@...filter.org>
To: Hangbin Liu <liuhangbin@...il.com>
Cc: netfilter-devel@...r.kernel.org, Yi Chen <yiche@...hat.com>,
Florian Westphal <fw@...len.de>, netdev@...r.kernel.org,
linux-kselftest@...r.kernel.org
Subject: Re: [PATCH nf] selftests: nft_nat: ensuring the listening side is up
before starting the client
On Mon, Feb 27, 2023 at 05:36:46PM +0800, Hangbin Liu wrote:
> The test_local_dnat_portonly() function initiates the client-side as
> soon as it sets the listening side to the background. This could lead to
> a race condition where the server may not be ready to listen. To ensure
> that the server-side is up and running before initiating the
> client-side, a delay is introduced to the test_local_dnat_portonly()
> function.
>
> Before the fix:
> # ./nft_nat.sh
> PASS: netns routing/connectivity: ns0-rthlYrBU can reach ns1-rthlYrBU and ns2-rthlYrBU
> PASS: ping to ns1-rthlYrBU was ip NATted to ns2-rthlYrBU
> PASS: ping to ns1-rthlYrBU OK after ip nat output chain flush
> PASS: ipv6 ping to ns1-rthlYrBU was ip6 NATted to ns2-rthlYrBU
> 2023/02/27 04:11:03 socat[6055] E connect(5, AF=2 10.0.1.99:2000, 16): Connection refused
> ERROR: inet port rewrite
>
> After the fix:
> # ./nft_nat.sh
> PASS: netns routing/connectivity: ns0-9sPJV6JJ can reach ns1-9sPJV6JJ and ns2-9sPJV6JJ
> PASS: ping to ns1-9sPJV6JJ was ip NATted to ns2-9sPJV6JJ
> PASS: ping to ns1-9sPJV6JJ OK after ip nat output chain flush
> PASS: ipv6 ping to ns1-9sPJV6JJ was ip6 NATted to ns2-9sPJV6JJ
> PASS: inet port rewrite without l3 address
Applied, thanks
Powered by blists - more mailing lists