Commit f211ac154577ec9ccf07c15f18a6abf0d9bdb4ab breaks Smack TCP connections
刘亚灿
yacanliu at 163.com
Wed Mar 31 02:44:05 UTC 2021
Hi Casev:
A quote from the listen(2) man page on my Ubuntu system:
The backlog argument defines the maximum length to which
the queue of pending connections for sockfd may grow.
I think this implies that the 'backlog' must be greater than zero.
In the test source file (tools/smack-ipv4-tcp-peersec.c) Line 60
I found the following code:
if (listen(firstsock, 0) < 0) {
printf("%s-listen\n", argv[0]);
exit(1);
}
That means that sock will not accept any requests,
so client TCP connections hang with SYN_SENT.
In openssh case, it use SSH_LISTEN_BACKLOG as 128.
At 2021-03-30 23:42:04, "Casey Schaufler" <casey at schaufler-ca.com> wrote:
>Commit f211ac154577ec9ccf07c15f18a6abf0d9bdb4ab 'net: correct
>sk_acceptq_is_full()' breaks a system with the Smack LSM.
>Reverting this change results in a return to correct behavior.
>
>The Smack testsuite can be found at:
> https://github.com/smack-team/smack-testsuite.git
>
>The failing test is ipv4-tcp-local-peersec.sh, but it seems
>that most TCP connections hang with SYN_SENT. Oddly, ssh
>to 127.0.0.1 works, but other TCP connections timeout.
>
>
>
>
More information about the Linux-security-module-archive
mailing list