-
Story
-
Resolution: Done-Errata
-
Undefined
-
None
-
None
-
socat-1.7.4.1-8.el9
-
Moderate
-
rhel-stacks-web-servers
-
26
-
1
-
False
-
False
-
-
None
-
None
-
Pass
-
Automated
-
Unspecified
-
Unspecified
-
Unspecified
-
None
Noticed while analyzing nftables testsuite failures on RHEL9. Here's a reproducer:
#!/bin/bash
nft -f - <<EOF
table ip t {
chain c {
type filter hook input priority 0
iif lo tcp dport 27374 limit rate over 1/second burst 1 packets counter reject
iif lo tcp dport 27375 limit rate over 1/second burst 1 packets counter reject with tcp reset
counter accept
}
}
EOF
socat TCP-LISTEN:27374,reuseaddr,fork - &
socat_pid1=$!
socat TCP-LISTEN:27375,reuseaddr,fork - &
socat_pid2=$!
trap "kill $socat_pid1; kill $socat_pid2; nft flush ruleset" EXIT
sleep 1
for port in 27374 27375; do
socat -u - TCP:127.0.0.1:${port},reuseport,connect-timeout=1 <<< "foo"
echo "socat to port $port returned $?"
done
Both calls are supposed to return 1. In RHEL9 with socat-1.7.4.1-7.el9.x86_64, the first one returns 0 though. RHEL10 is fine, so upstream should be fixed. I can reproduce the issue with upstream tag-1.7.4.2, currently bisecting.
- links to
-
RHSA-2025:151932
socat update
