| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Aug 2009 11:40:09 +0300 From: Timo Teräs <timo.teras@....fi> To: Patrick McHardy <kaber@...sh.net> CC: netfilter-devel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: bad nat connection tracking performance with ip_gre Timo Teräs wrote: > Ok, finally figured out the difference. Looks like depending > on the sendto() / local route / forward route / my patched mrt > the skb that gets passed to ipgre_tunnel_xmit() seems to have > nfctinfo either 0 or 2. This value is not modified; nf_reset() > is called just before ip_local_out(). Looks like nf_reset() > clears nfct to NULL, but does not touch nfctinfo. > > So when LOCAL_OUT hook for the GRE packet is hit, depending > where the packet came: it has nfct=NULL and nfctinfo=ESTABLISHED > or NEW. This also seems to affect if that specific skb gets > the nat/OUTPUT hook called. > > Is this behaviour for nf_reset() intentional? Apparently it does not matter. The real problem seems to be bug that did not account for irq times properly. It was fixed by "sched: account system time properly" f5f293a4e3d0a0c52cec31de6762c95050156516 and that caused biased CPU usage measurements. Testing with kernel having that, I'm getting the same CPU readings. And oprofile in timer mode didn't help noticing this. Sorry for the noise. - Timo -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists