Okey, I found out with commit introduced this behaviour:
commit d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738)
Can someone explain this in more technical details?
I tried to find more data about it but there are more articles
about Padding Oracle Attack that with (I belive) is not the case here.
Why this was done that way? Can it be done better?
I am not really sure what lingering TCP connection would even
achieve here.
---------- Original message ----------
From: borg at uu3.net
To: tinc-devel at tinc-vpn.org
Subject: Problems with control (TCP) connections
Date: Thu, 28 Feb 2019 21:59:37 +0100 (CET)
Hello.
Im running tinc from long time, but recently I noticed that
tinc TCP connections are not closed correctly (timeout).
They seem to linger around like this:
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 80 0 xxx.x.x.xx:58801 xx.xxx.xxx.xx:*** ESTABLISHED
tcp 515 0 xxx.x.x.xx:45422 xx.xxx.xxx.xxx:*** ESTABLISHED
tcp 0 0 xxx.x.x.xx:34066 xx.xxx.xxx.xxx:*** CLOSE_WAIT
tcp 0 0 xxx.x.x.xx:37178 xx.xxx.xxx.xxx:*** CLOSE_WAIT
tcp 0 0 xxx.x.x.xx:58106 xx.xxx.xxx.xxx:*** CLOSE_WAIT
tcp 515 0 xxx.x.x.xx:43048 xx.xxx.xxx.xx:*** ESTABLISHED
tcp 0 0 xxx.x.x.xx:57942 xx.xxx.xxx.xxx:*** CLOSE_WAIT
Anyone else noticed this? Im running tinc version 1.0.35
Regards,
Borg
_______________________________________________
tinc-devel mailing list
tinc-devel at tinc-vpn.org
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc-devel