lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 28 May 2015 22:41:37 +0300
From:	Andrey Korolyov <andrey@...l.ru>
To:	netdev@...r.kernel.org
Subject: Connection tracking and soft lockups with certain field values

Hi,

I am currently playing with SYNPROXY target to optimize SYN filtering
performance and by occasion found that TCP SYN packets containing port
0 can result in a soft lockup when conntrack is enabled just by
itself, given high packet ratio (I`ve reached 450kpps so far with 60b
packets on a /32<->/32 flood with enabled flow control at the media
level and middle-level E3 Xeon on receiver side). Same flood with port
> 0 going just well, producing same ceil numbers but without visible
lockups in kernel log. I`ve tested the issue on a broad range of 3.x
kernels and all of them are seemingly affected. Fast and dirty grep
revealed special conditions for port 0 only for protocol-specific
helpers, but there are none of them.

Please find both same captures and traceback below.

View attachment "conntrack-port-0-trace.txt" of type "text/plain" (4051 bytes)

Download attachment "0-80.pcap" of type "application/vnd.tcpdump.pcap" (766 bytes)

Download attachment "80-80.pcap" of type "application/vnd.tcpdump.pcap" (766 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ