lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Y/98D2kGsPYW5/X4@salvia>
Date:   Wed, 1 Mar 2023 17:23:43 +0100
From:   Pablo Neira Ayuso <pablo@...filter.org>
To:     Hangbin Liu <liuhangbin@...il.com>
Cc:     netfilter-devel@...r.kernel.org, Yi Chen <yiche@...hat.com>,
        Florian Westphal <fw@...len.de>, netdev@...r.kernel.org,
        linux-kselftest@...r.kernel.org
Subject: Re: [PATCH nf] selftests: nft_nat: ensuring the listening side is up
 before starting the client

On Mon, Feb 27, 2023 at 05:36:46PM +0800, Hangbin Liu wrote:
> The test_local_dnat_portonly() function initiates the client-side as
> soon as it sets the listening side to the background. This could lead to
> a race condition where the server may not be ready to listen. To ensure
> that the server-side is up and running before initiating the
> client-side, a delay is introduced to the test_local_dnat_portonly()
> function.
> 
> Before the fix:
>   # ./nft_nat.sh
>   PASS: netns routing/connectivity: ns0-rthlYrBU can reach ns1-rthlYrBU and ns2-rthlYrBU
>   PASS: ping to ns1-rthlYrBU was ip NATted to ns2-rthlYrBU
>   PASS: ping to ns1-rthlYrBU OK after ip nat output chain flush
>   PASS: ipv6 ping to ns1-rthlYrBU was ip6 NATted to ns2-rthlYrBU
>   2023/02/27 04:11:03 socat[6055] E connect(5, AF=2 10.0.1.99:2000, 16): Connection refused
>   ERROR: inet port rewrite
> 
> After the fix:
>   # ./nft_nat.sh
>   PASS: netns routing/connectivity: ns0-9sPJV6JJ can reach ns1-9sPJV6JJ and ns2-9sPJV6JJ
>   PASS: ping to ns1-9sPJV6JJ was ip NATted to ns2-9sPJV6JJ
>   PASS: ping to ns1-9sPJV6JJ OK after ip nat output chain flush
>   PASS: ipv6 ping to ns1-9sPJV6JJ was ip6 NATted to ns2-9sPJV6JJ
>   PASS: inet port rewrite without l3 address

Applied, thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ