ltp icon indicating copy to clipboard operation
ltp copied to clipboard

Published 20 hours ago verified publisher icon linux-test-project

Write tests for TCP SACK vunerabilities

Open metan-ucw opened this issue 6 years ago • 2 comments

There are three CVEs connected to the TCP SACK kernel handling, the most important is remote panic CVE-2019-11477 then there are two denials of service CVE-2019-11478 and CVE-2019-11479.

See also: https://lwn.net/Articles/791409/

metan-ucw avatar Jul 09 '19 10:07 metan-ucw

There is also a socket hang regression related to the CVE bugfix which should be tested. See packetdrill script that can reproduce the issue on incorrectly patched kernels (e.g. 4.12.14-197.7.1 on SLE 15-SP1) and explanation of the script in poo#54122.

The regression test is whether or not kernel will try to resend possibly dropped packets. Minimalistic userspace TCP stack which allows you to control ACKs would probably work better than BPF.

mdoucha avatar Sep 12 '19 13:09 mdoucha

Also maybe http://netsniff-ng.org/ trafgen has the parts needed for that. There is a package for netsniff-ng at least. I have no idea if that allows control of ACKs.

richiejp avatar Jul 27 '21 10:07 richiejp