Skip to content

brb/conntrack-race

1 Branch0 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

brbbrb
Update instructions
Jul 9, 2018
0643bfd · Jul 9, 2018

History

4 Commits
log
log
Jul 7, 2018
patch
patch
Jul 7, 2018
src
src
Jul 7, 2018
README.md
README.md
Jul 9, 2018

Repository files navigation

conntrack race

Discussion: http://patchwork.ozlabs.org/patch/937963/

Reproducing

  1. Apply nfct_debug.patch on top of the proposed patch ^^.
  2. Enable the dynamic debug: echo -n 'file net/netfilter/nf_conntrack_core.c +p' > /sys/kernel/debug/dynamic_debug/control.
  3. Compile and run server.c: gcc server.c -o server && ./server 8000.
  4. Compile and run client.c: gcc -lpthread client.c -o client && for i in $(seq 1 10); do ./client 127.0.0.1 8000; done.
  5. Observe clashes: dmesg | grep nf_ct_resolve_clash.

Logs

No NAT

logs

  • No NAT rules, but NAT null-bindings enabled.
  • Client and server communicates over lo.

DNAT

logs

  • DNAT rules are installed.
  • Client and server communicates over lo.

SNAT

logs

  • SNAT rules are installed by Docker.
  • Client runs in a container network namespace, and its IPv4 addr is 172.17.0.2.
  • Communicates with 172.28.128.3 (remote) via 172.28.128.1 (gw).

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

6 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages