From: Pablo Neira Ayuso <pablo@netfilter.org>
To: pda Pfeil Daniel <pda@keba.com>
Cc: "netfilter-devel@vger.kernel.org" <netfilter-devel@vger.kernel.org>
Subject: Re: AW: [PATCH] conntrackd: helpers/rpc: Don't add expectation table entry for portmap port
Date: Wed, 19 Jun 2024 15:08:20 +0200 [thread overview]
Message-ID: <ZnLYRJkOuJhBIvrM@calendula> (raw)
In-Reply-To: <DUZPR07MB9841985506C0E34204093904CDCF2@DUZPR07MB9841.eurprd07.prod.outlook.com>
Patch is applied, thanks
On Wed, Jun 19, 2024 at 11:29:37AM +0000, pda Pfeil Daniel wrote:
> Hi Pablo,
>
> the portmap port must be opened via static iptables/nftables rule anyway, so adding an expectation table entry for the portmap port is unnecessary.
>
> BR Daniel
>
> -----Ursprüngliche Nachricht-----
> Von: Pablo Neira Ayuso <pablo@netfilter.org>
> Gesendet: Mittwoch, 19. Juni 2024 13:08
> An: pda Pfeil Daniel <pda@keba.com>
> Cc: netfilter-devel@vger.kernel.org
> Betreff: Re: [PATCH] conntrackd: helpers/rpc: Don't add expectation table entry for portmap port
>
> ACHTUNG: Das Mail kommt von einer anderen Organisation ! Links nicht anklicken und Anhänge nicht öffnen, außer der Absender ist bekannt und der Inhalt der Anlage ist sicher. Im Zweifelsfall bitte mit der <https://collaboration.keba.com/trustedurls> Liste vertrauenswürdiger Absender<https://collaboration.keba.com/trustedurls> gegenprüfen, oder den KEBA IT-Servicedesk kontaktieren!
>
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. In case of doubt please verify with the <https://collaboration.keba.com/trustedurls> list of trustworthy senders<https://collaboration.keba.com/trustedurls>, or contact the IT-Servicedesk!
>
> On Wed, Jun 19, 2024 at 01:03:20PM +0200, Pablo Neira Ayuso wrote:
> > On Thu, Apr 25, 2024 at 12:13:11PM +0000, pda Pfeil Daniel wrote:
> > > After an RPC call to portmap using the portmap program number
> > > (100000), subsequent RPC calls are not handled correctly by connection tracking.
> > > This results in client connections to ports specified in RPC replies
> > > failing to operate.
> >
> > Applied, thanks
>
> Wait, program 100000 usually runs on the portmapper port (tcp,udp/111), which is the one where you install the helper to add
> expectations:
>
> 100000 2 tcp 111 portmapper
> 100000 2 udp 111 portmapper
>
> How is this working?
prev parent reply other threads:[~2024-06-19 13:08 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-25 12:13 [PATCH] conntrackd: helpers/rpc: Don't add expectation table entry for portmap port pda Pfeil Daniel
2024-06-19 7:48 ` AW: " pda Pfeil Daniel
2024-06-19 11:03 ` Pablo Neira Ayuso
2024-06-19 11:08 ` Pablo Neira Ayuso
2024-06-19 11:29 ` AW: " pda Pfeil Daniel
2024-06-19 13:08 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZnLYRJkOuJhBIvrM@calendula \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pda@keba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).