Hi Casev: A quote from the listen(2) man page on my Ubuntu system: The backlog argument defines the maximum length to which the queue of pending connections for sockfd may grow. I think this implies that the 'backlog' must be greater than zero. In the test source file (tools/smack-ipv4-tcp-peersec.c) Line 60 I found the following code: if (listen(firstsock, 0) < 0) { printf("%s-listen\n", argv[0]); exit(1); } That means that sock will not accept any requests, so client TCP connections hang with SYN_SENT. In openssh case, it use SSH_LISTEN_BACKLOG as 128.
At 2021-03-30 23:42:04, "Casey Schaufler" <ca...@schaufler-ca.com> wrote: >Commit f211ac154577ec9ccf07c15f18a6abf0d9bdb4ab 'net: correct >sk_acceptq_is_full()' breaks a system with the Smack LSM. >Reverting this change results in a return to correct behavior. > >The Smack testsuite can be found at: > https://github.com/smack-team/smack-testsuite.git > >The failing test is ipv4-tcp-local-peersec.sh, but it seems >that most TCP connections hang with SYN_SENT. Oddly, ssh >to 127.0.0.1 works, but other TCP connections timeout. > > > >