| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 May 2015 13:42:27 +0300
From: Andrey Korolyov <andrey@...l.ru>
To: netdev@...r.kernel.org
Cc: Pablo Neira Ayuso <pablo@...filter.org>, kaber@...sh.net
Subject: Re: Connection tracking and soft lockups with certain field values
On Thu, May 28, 2015 at 10:41 PM, Andrey Korolyov <andrey@...l.ru> wrote:
> Hi,
>
> I am currently playing with SYNPROXY target to optimize SYN filtering
> performance and by occasion found that TCP SYN packets containing port
> 0 can result in a soft lockup when conntrack is enabled just by
> itself, given high packet ratio (I`ve reached 450kpps so far with 60b
> packets on a /32<->/32 flood with enabled flow control at the media
> level and middle-level E3 Xeon on receiver side). Same flood with port
>> 0 going just well, producing same ceil numbers but without visible
> lockups in kernel log. I`ve tested the issue on a broad range of 3.x
> kernels and all of them are seemingly affected. Fast and dirty grep
> revealed special conditions for port 0 only for protocol-specific
> helpers, but there are none of them.
>
> Please find both same captures and traceback below.
Attached trace without GSO, at its presence can be somehow confusing
in a previous sample. The testbed using net.nf_conntrack_max =
2000000, forgot to mention that previously.
View attachment "conntrack-port-0-gso-off.txt" of type "text/plain" (4494 bytes)
Powered by blists - more mailing lists