lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <MN2PR12MB44863139E562A59329E89DBEB982A@MN2PR12MB4486.namprd12.prod.outlook.com> Date: Thu, 30 Nov 2023 13:55:06 +0000 From: Shachar Kagan <skagan@...dia.com> To: "edumazet@...gle.com" <edumazet@...gle.com> CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "kuba@...nel.org" <kuba@...nel.org>, Jason Gunthorpe <jgg@...dia.com>, Yishai Hadas <yishaih@...dia.com>, Ido Kalir <idok@...dia.com>, Topaz Uliel <topazu@...dia.com>, Shirly Ohnona <shirlyo@...dia.com>, Ziyad Atiyyeh <ziyadat@...dia.com> Subject: Bug report connect to VM with Vagrant Hi Eric, I have an issue that bisection pointed at this patch: commit 0a8de364ff7a14558e9676f424283148110384d6 tcp: no longer abort SYN_SENT when receiving some ICMP Full commit message at [1]. The issue appears while using Vagrant to manage nested VMs. The steps are: * create vagrant file * vagrant up * vagrant halt (VM is created but shut down) * vagrant up - fail Turn on a VM with ‘Vagrant up’ fails when the VM is in halt state. When the VM hasn't been created yet, 'Vagrant up' passes. The failure occurs in the Net-SSH connection to the VM step. Vagrant error is ‘Guest communication could not be established! This is usually because SSH is not running, the authentication information was changed, or some other networking issue.' We use a new version of vagrant-libvirt. Turn on the VM with virsh instead of vagrant works. Stdout[2] bellow. Any idea what may cause the error with your patch? Thanks, Shachar Kagan [1] commit 0a8de364ff7a14558e9676f424283148110384d6 Author: Eric Dumazet <edumazet@...gle.com> Date: Tue Nov 14 17:23:41 2023 +0000 tcp: no longer abort SYN_SENT when receiving some ICMP Currently, non fatal ICMP messages received on behalf of SYN_SENT sockets do call tcp_ld_RTO_revert() to implement RFC 6069, but immediately call tcp_done(), thus aborting the connect() attempt. This violates RFC 1122 following requirement: 4.2.3.9 ICMP Messages ... o Destination Unreachable -- codes 0, 1, 5 Since these Unreachable messages indicate soft error conditions, TCP MUST NOT abort the connection, and it SHOULD make the information available to the application. This patch makes sure non 'fatal' ICMP[v6] messages do not abort the connection attempt. It enables RFC 6069 for SYN_SENT sockets as a result. Signed-off-by: Eric Dumazet <edumazet@...gle.com> Cc: David Morley <morleyd@...gle.com> Cc: Neal Cardwell <ncardwell@...gle.com> Cc: Yuchung Cheng <ycheng@...gle.com> Signed-off-by: David S. Miller <davem@...emloft.net> [2] Vagrant up stdout: Bringing machine 'player1' up with 'libvirt' provider... ==> player1: Creating shared folders metadata... ==> player1: Starting domain. ==> player1: Domain launching with graphics connection settings... ==> player1: -- Graphics Port: 5900 ==> player1: -- Graphics IP: 127.0.0.1 ==> player1: -- Graphics Password: Not defined ==> player1: -- Graphics Websocket: 5700 ==> player1: Waiting for domain to get an IP address... ==> player1: Waiting for machine to boot. This may take a few minutes... player1: SSH address: 192.168.123.61:22 player1: SSH username: vagrant player1: SSH auth method: private key ==> player1: Attempting graceful shutdown of VM... ==> player1: Attempting graceful shutdown of VM... ==> player1: Attempting graceful shutdown of VM... player1: Guest communication could not be established! This is usually because player1: SSH is not running, the authentication information was changed, player1: or some other networking issue. Vagrant will force halt, if player1: capable. ==> player1: Attempting direct shutdown of domain...
Powered by blists - more mailing lists