diff --git a/kmod/src/net.c b/kmod/src/net.c index 613cf169..fdf335e0 100644 --- a/kmod/src/net.c +++ b/kmod/src/net.c @@ -1278,6 +1278,17 @@ restart: set_conn_fl(acc, reconn_freeing); spin_unlock(&conn->lock); if (!test_conn_fl(conn, shutting_down)) { + /* + * If we haven't seen a vg for this connection, don't bother fencing + * it - instead just drop it. If this was a real client, it will try + * again to connect. + */ + if (!test_conn_fl(acc, valid_greeting)) { + /* delete the conn */ + list_del_init(&acc->accepted_head); + goto restart; + } + scoutfs_info(sb, "client "SIN_FMT" reconnect timed out, fencing", SIN_ARG(&acc->last_peername)); ret = scoutfs_fence_start(sb, acc->rid, diff --git a/tests/golden/portscan b/tests/golden/portscan new file mode 100644 index 00000000..4b7509b2 --- /dev/null +++ b/tests/golden/portscan @@ -0,0 +1,7 @@ +== empty packets +Ncat: Connection refused. +Ncat: Connection refused. +== find portscan in connections + +== find portscan in connections + diff --git a/tests/sequence b/tests/sequence index 18eff7cf..17ed27e3 100644 --- a/tests/sequence +++ b/tests/sequence @@ -57,4 +57,5 @@ archive-light-cycle.sh block-stale-reads.sh inode-deletion.sh renameat2-noreplace.sh +portscan.sh xfstests.sh diff --git a/tests/tests/portscan.sh b/tests/tests/portscan.sh new file mode 100644 index 00000000..f3ed2910 --- /dev/null +++ b/tests/tests/portscan.sh @@ -0,0 +1,24 @@ +# +# portscan tests - assure malformed packets do not cause issues +# + +t_require_commands scoutfs nc + +echo "== empty packets" +sleep 1 +echo " " | nc -p 33033 127.0.0.1 42000 +echo " " | nc -p 33133 127.0.0.1 42001 +echo " " | nc -p 33233 127.0.0.1 42002 + +echo "== find portscan in connections" +L=$(grep 'peer 127.0.0.1:33.33' /sys/kernel/debug/scoutfs/*/connections) +echo $L + +# wait for fencing timeout (20s) +sleep 30 + +echo "== find portscan in connections" +L=$(grep 'peer 127.0.0.1:33.33' /sys/kernel/debug/scoutfs/*/connections) +echo $L + +t_pass