lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.64.0801290635001.23096@boston.corp.fedex.com>
Date:	Tue, 29 Jan 2008 06:41:06 +0800 (SGT)
From:	Jeff Chua <jeff.chua.linux@...il.com>
To:	lkml <linux-kernel@...r.kernel.org>,
	cups-bugs <cups-bugs@...ysw.com>,
	Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>,
	Krzysztof Piotr Oledzki <ole@....pl>,
	Patrick McHardy <kaber@...sh.net>,
	"David S. Miller" <davem@...emloft.net>, cups-bugs@...ysw.com
Subject: Re: cups slow on linux-2.6.24



On Jan 28, 2008 7:18 AM, Jeff Chua <jeff.chua.linux@...il.com> wrote:
> I'm sending printing jobs to a network printer (it's actually printing
> to the localhost simply creating a file), and running this on
> Linux-2.6.24 will cause the printing to slow down to 1 print every 3
> seconds after printing 500 times.

I bisected the kernel since the last known good 2.6.23 and zeroed in to 
this commit.

commit 17311393f969090ab060540bd9dbe7dc885a76d5
Author: Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>
Date:   Thu Oct 11 14:35:52 2007 -0700

     [NETFILTER]: nf_conntrack_tcp: fix connection reopening


Reverting this commit solves the problem.

Version              1000 jobs
2.6.23                 90 sec
2.6.24              1,492 sec  <== with commit
2.6.24(patch)          90 sec  <== reverted the commit


Since the code has changed an can't simply revert the commit for the 
latest linux git download, I made a patch to revert the above commit. I've 
tested and it's working, but don't know if it breaks other things. Please 
review.

Thanks,
Jeff.


--- net/netfilter/nf_conntrack_proto_tcp.c.org	2008-01-29 03:34:43 +0800
+++ net/netfilter/nf_conntrack_proto_tcp.c	2008-01-29 03:36:26 +0800
@@ -836,8 +836,8 @@
  			break;
  		if ((conntrack->proto.tcp.seen[!dir].flags &
  			IP_CT_TCP_FLAG_CLOSE_INIT)
-		    || (conntrack->proto.tcp.last_dir == dir
-		        && conntrack->proto.tcp.last_index == TCP_RST_SET)) {
+		    || after(ntohl(th->seq),
+		        conntrack->proto.tcp.seen[dir].td_end)) {
  			/* Attempt to reopen a closed/aborted connection.
  			 * Delete this connection and look up again. */
  			write_unlock_bh(&tcp_lock);
@@ -845,6 +845,12 @@
  				conntrack->timeout.function((unsigned long)
  							    conntrack);
  			return -NF_REPEAT;
+		} else {
+			write_unlock_bh(&tcp_lock);
+			if (LOG_INVALID(IPPROTO_TCP))
+				nf_log_packet(pf, 0, skb, NULL, NULL,
+					NULL, "nf_ct_tcp: invalid SYN");
+			return -NF_ACCEPT;
  		}
  		/* Fall through */
  	case TCP_CONNTRACK_IGNORE:


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ