lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 10 May 2012 10:53:20 +0530
From:	Nikhil Agarwal <hi2nikhil@...il.com>
To:	linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Cc:	herbert@...dor.apana.org.au, benjamin.thery@...l.net,
	davem@...emloft.net, eric.dumazet@...il.com, pstaszewski@...are.pl
Subject: Fwd: Memory exhaust issue with only IPsec policies configured on
 continuous traffic

Hi All,

Can you please help on this?

Regards
Nikhil

-----Original Message-----
From: Agarwal Nikhil-B38457
Sent: Wednesday, May 09, 2012 2:53 PM
To: linux-kernel@...r.kernel.org; netdev@...r.kernel.org
Subject: Memory exhaust issue with only IPsec policies configured on
continuous traffic

Hi all,
               In a typical scenario, when IPSEC policies are
configured in the system but SA is not present or negotiation fails or
IKE daemon is not running.  The current behavior of xfrm is to send
those matching packets to blackhole route.  i.e. xfrm_bundle_lookup
returns a bundle with null route and xfrm_lookup returns a blackhole
route.

For each of these packet a dst_alloc is called in
ipv4_blackhole_route. However when these skbs get free and their dst's
get discarded using dst_free and the garbage collector is scheduled
using cancel_delayed_work and schedule_delayed_work.

If the packets are coming continuously garbage collector may not get
scheduled and large amount of memory is stuck to be freed causing the
system to go into non-recoverable state.

Any ideas?

Regards
Nikhil
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ