lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 30 Nov 2023 13:55:06 +0000
From: Shachar Kagan <skagan@...dia.com>
To: "edumazet@...gle.com" <edumazet@...gle.com>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>, "kuba@...nel.org"
	<kuba@...nel.org>, Jason Gunthorpe <jgg@...dia.com>, Yishai Hadas
	<yishaih@...dia.com>, Ido Kalir <idok@...dia.com>, Topaz Uliel
	<topazu@...dia.com>, Shirly Ohnona <shirlyo@...dia.com>, Ziyad Atiyyeh
	<ziyadat@...dia.com>
Subject: Bug report connect to VM with Vagrant

Hi Eric,

I have an issue that bisection pointed at this patch:
commit 0a8de364ff7a14558e9676f424283148110384d6
tcp: no longer abort SYN_SENT when receiving some ICMP

Full commit message at [1].
    
The issue appears while using Vagrant to manage nested VMs.
The steps are:
* create vagrant file
* vagrant up
* vagrant halt (VM is created but shut down)
* vagrant up - fail

Turn on a VM with ‘Vagrant up’ fails when the VM is in halt state. When the VM hasn't been created yet, 'Vagrant up' passes.
The failure occurs in the Net-SSH connection to the VM step.
Vagrant error is ‘Guest communication could not be established! This is usually because SSH is not running, the authentication information was changed, or some other networking issue.'
We use a new version of vagrant-libvirt.
Turn on the VM with virsh instead of vagrant works.

Stdout[2] bellow.

Any idea what may cause the error with your patch?

Thanks,
Shachar Kagan

[1]
commit 0a8de364ff7a14558e9676f424283148110384d6
Author: Eric Dumazet <edumazet@...gle.com>
Date:   Tue Nov 14 17:23:41 2023 +0000

    tcp: no longer abort SYN_SENT when receiving some ICMP
    
    Currently, non fatal ICMP messages received on behalf
    of SYN_SENT sockets do call tcp_ld_RTO_revert()
    to implement RFC 6069, but immediately call tcp_done(),
    thus aborting the connect() attempt.
    
    This violates RFC 1122 following requirement:
    
    4.2.3.9  ICMP Messages
    ...
              o    Destination Unreachable -- codes 0, 1, 5
    
                     Since these Unreachable messages indicate soft error
                     conditions, TCP MUST NOT abort the connection, and it
                     SHOULD make the information available to the
                     application.
    
    This patch makes sure non 'fatal' ICMP[v6] messages do not
    abort the connection attempt.
    
    It enables RFC 6069 for SYN_SENT sockets as a result.
    
    Signed-off-by: Eric Dumazet <edumazet@...gle.com>
    Cc: David Morley <morleyd@...gle.com>
    Cc: Neal Cardwell <ncardwell@...gle.com>
    Cc: Yuchung Cheng <ycheng@...gle.com>
    Signed-off-by: David S. Miller <davem@...emloft.net>

[2]
Vagrant up stdout:
Bringing machine 'player1' up with 'libvirt' provider...
==> player1: Creating shared folders metadata...
==> player1: Starting domain.
==> player1: Domain launching with graphics connection settings...
==> player1:  -- Graphics Port:      5900
==> player1:  -- Graphics IP:        127.0.0.1
==> player1:  -- Graphics Password:  Not defined
==> player1:  -- Graphics Websocket: 5700
==> player1: Waiting for domain to get an IP address...
==> player1: Waiting for machine to boot. This may take a few minutes...
    player1: SSH address: 192.168.123.61:22
    player1: SSH username: vagrant
    player1: SSH auth method: private key
==> player1: Attempting graceful shutdown of VM...
==> player1: Attempting graceful shutdown of VM...
==> player1: Attempting graceful shutdown of VM...
    player1: Guest communication could not be established! This is usually because
    player1: SSH is not running, the authentication information was changed,
    player1: or some other networking issue. Vagrant will force halt, if
    player1: capable.
==> player1: Attempting direct shutdown of domain...


Powered by blists - more mailing lists