Displaying 20 results from an estimated 200 matches similar to: "[Bug 495] New: Netfilter Connection Tracking Race Condition in Kernel 2.4.x"
2003 Aug 02
0
[SECURITY] Netfilter Security Advisory: Conntrack list_del() DoS
--mYCpIKhGyMATD0i+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Netfilter Core Team Security Advisory
=20
CVE: CAN-2003-0187
Subject:
Netfilter / Connection Tracking Remote DoS
Released:
01 Aug 2003
Effects:
Any remote user may be able to DoS a machine
2002 Aug 23
0
Re: ip_conntrack_lock not readlocked (fwd)
Here is a message from Hareld Welte, the current Netfilter lead developer
about these messages. Sounds like he is interested in finding out more
information about occurences of these messages (or he was a month and a
half ago).
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net
---------- Forwarded message
2002 Jan 20
0
[ANNOUNCE] Bug in kernel == 2.4.10 causing netfilter problem
--AkbCVLjbJ9qUtAXD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi all!
On behalf of the netfilter core team I have the following announcement:
The following kernel versions habe a bug in include/linux/list.h, which
causes netfilter's connection tracking code to misbehave:
2.4.10-pre10
2.4.10-pre11
2.4.10-pre12
2.4.10
2007 Apr 18
1
[Bridge] [PATCH/RFC] Reduce call chain length in netfilter (take 2)
Hi,
This is a second try to fix the long chain call lengths in netfilter.
The difference with the previous patch is that I got rid of the extra
argument. I somehow didn't see it could be done without using the 'int
*ret2' argument.
A comment on the number of arguments to nf_hook_slow: I don't think the
number of arguments should be decreased. For the bridge-nf code, f.e.,
the
2001 May 21
1
Problems with Krb5/GSSAPI patches in FBSD 4.3
Hi,
I am trying to impliment OpenSSH v2.9p1 with the Krb5/GSSAPI patches at:
http://www.sxw.org.uk/computing/patches/openssh-2.9p1-gssapi.patch
On a FreeBSD 4.3-STABLE system (with both the integrated Heimdal libs and
the MIT Krb5 package from ports intstalled). I patched the src tree,
reconfigured, recompiled, installed, and it works - except for Krb5
passwords or Krb5 tickets. And I really
2002 Jun 25
0
[Bug 290] New: auth_method set incorrectly in mm_answer_keyverify()
http://bugzilla.mindrot.org/show_bug.cgi?id=290
Summary: auth_method set incorrectly in mm_answer_keyverify()
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2011 Jul 20
5
high performance open source DHCP solution?
The free DHCP solution, ISC, seems to be having scaling issues (i.e.
handling only about 200 DHCPDISCOVER and 20 DHCPRENEW requests), and I
was wondering if anyone had any open source suggestions of solutions
that could scale much better?
(Ideally, I could find a free version of a solution like Nominum, but
I know that's asking for much.)
Anyone have any suggestions?
--
Also on LinkedIn??
2012 Apr 25
1
forwarding packets to service in same host without using loopback network
This question is not about linux usage. But still i think user list
is a good crowd for linux programmer. So here it goes.
I have this libnetfilter_queue application which receives packets from
kernel based on some iptables rule. Before going straight to my
problem, i'm giving a sample workable code and other tools to set up a
test environment so that We problem definition and possible
2007 Aug 14
0
ebtables locking issue
Hi there,
I am new to ebtables code and looking for some help related to locking and atomicity. I am using Xen 3.0.4 in bridge mode and interested in looking into the packets intercepted by dom0 ebtables code, extract some information, pass this information to userspace, wait for userspace response and then pass the result back to ebtable code.
Everything seemed to be working fine until i
2007 Jan 09
0
[Bug 530] New: loading nf_nat verision of the iptable_nat module kills existing connections
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=530
Summary: loading nf_nat verision of the iptable_nat module kills
existing connections
Product: netfilter/iptables
Version: linux-2.6.x
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component:
2007 Apr 18
5
[Bridge] Any way of knowing a packet's been defragmented
Hello,
Due to a recent change in the bridge code, we now need a way of knowing if
a packet has been defragmented. The bridge code now checks on the packet
size and drops packets that are too big for the output port. Defragmented
packets will get refragmented later, so they shouldn't be dropped.
I've been reading the defragmentation code and can't find an easy way of
knowing if a
1999 Nov 11
0
CERT Advisory CA-99.14 - Multiple Vulnerabilities in BIND (fwd)
For those who are unaware...
[mod: This whole bind affair has gone a bit out of hand. Elias from
Bugtraq found "public" info indicating the problem. ISC/CERT were
working on releasing the bugfix together with the fix. Now everybody
is scurrying to get fixes out now that "the public" knows about this.
As far as I know, Red Hat (& Caldera) made a new RPM, based on the
most
2007 Apr 18
3
[Bridge] Re: do_IRQ: stack overflow: 872..
On Fri, 07 Jan 2005 17:05:59 +0000
David Woodhouse <dwmw2@infradead.org> wrote:
> On Sat, 2004-12-18 at 08:50 +0100, Andi Kleen wrote:
> > It's not really an oops, just a warning that stack space got quiet
> > tight.
> >
> > The problem seems to be that the br netfilter code is nesting far too
> > deeply and recursing several times. Looks like a design
2003 Mar 03
0
[Bug 59] New: sparc64 conntrack issue with expecting related connections, FTP
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=59
Summary: sparc64 conntrack issue with expecting related
connections, FTP
Product: netfilter/iptables
Version: linux-2.4.x
Platform: sparc64
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component:
2006 Nov 14
2
Benchmarking DNS and DHCP
Does anyone know of any FOSS tools that can assist in benchmarking ISC
DNS and DHCP services? I would like to simulate X number of users
attempting to pull an IP, resolve DNS names, etc. I would also like to
test TCP connections into a CentOS server. We have some software that
communicates with equipment via a TCP connection and I want to simulate
thousands of TCP connections coming into one
2007 Apr 18
4
[Bridge] [PATCH/RFC] Let {ip, arp}tables "see" bridged VLAN tagged {I, AR}P packets
Hi all,
The patch below does four trivial changes and one big change
Trivial changes, these are all in br_netfilter.c:
- check ar_pln==4 when giving bridged ARP packets to arptables
- delete unnecessary if in br_nf_local_in
- add more logging for the "Argh" message
- add some brag-comments in the file head comment
Big change: let {ip,arp}tables see VLAN tagged {I,AR}P packets.
This
2004 Feb 24
2
More than one auth method with dovevot 0.99.10.4 - how?
We're setting up a server with qmail/vpopmail and dovecot. In
addition to vpopmail users we want non-virtual, local users to be able
to authenticate and have them read the Maildir in their real $HOME.
vpopmail userdb/passwd works fine. Now how do I tell dovecot to use
passwd (or PAM) userdb/passdb authentication too?
/etc/dovecot.conf:
[...]
auth = default
auth_mechanisms = plain
2007 Apr 18
2
[Bridge] large packet size doesn't work
Hi,
I have just configured a Linux box with kernel 2.6.16.7 and configured two
ethernet interfaces (with MTU 1500) in bridge mode. CONFIG_BRIDGE_NETFILTER
is enabled.
The problem is that ping -s 1500 192.168.0.2 doesn't work from 192.168.0.1
if the systems are separated by the bridge. Normal ping with smaller packet
size works ok.
What is wrong?
Best Regards
Fulvio Ricciardi
2002 Jun 22
2
[Bug 284] Hostbased authentication erroneously reported
http://bugzilla.mindrot.org/show_bug.cgi?id=284
stevesk at pobox.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From stevesk at pobox.com 2002-06-23 09:11
2006 Jan 30
0
conntrack event/hook when ''expected'' connection terminates ?
Hello,
I need to understand how conntrack_core.c handles the termination
of ''expected'' connection; handling in the case when ''expected''
connection arrived, then terminates (In my conntrack module,
I need to specially handle the event of termination termination
of ''expected'' connection.)
In ip_conntrack_core.c, I can''t find the