lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <47DD49C6.8040400@oxeva.fr>
Date:	Sun, 16 Mar 2008 17:24:38 +0100
From:	Gabriel Barazer <gabriel@...va.fr>
To:	Willy Tarreau <w@....eu>
CC:	linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [2.6.24.3][net] bug: TCP 3rd handshake abnormal timeouts

Hi

On 03/15/2008 9:55:27 AM +0100, Willy Tarreau <w@....eu> wrote:
> On Sat, Mar 15, 2008 at 09:47:24AM +0100, Gabriel Barazer wrote:
> 
> Feel free to repost the whole issue overthere (along with your new tests)
> if you don't get useful replies in a few days.
> 
>> By the way thanks for replying. It's hard to explain and describe a 
>> problem when you know people will ask you hundreds of questions related 
>> to application-level problems, or not reply because web/mysql problems 
>> are so common and generally not related to any kernel issue.
> 
> What caught my attention was the usual "3s delay", which is purely TCP
> and application-independant.
> 
> 
>>> Also, you say you have netfilter with conntrack. Is this on the client ?
>>> If so, you should try disabling it to rule out any possible bug in the
>>> connection tracking.
>> I have the conntrack  on both the client and server, and unfortunately 
>> can't disable it now on the client (I use it only for the REDIRECT 
>> target on a precise destination address and port, not MySQL related), 
>> however I will test today and disable it on the server, after I get some 
>> sleep (although I think the issue is on the client).
> 
> I'm sure it's a client issue too, that's why it would be reasonable to
> be able to try without conntrack. Can't you use a TCP proxy instead of
> REDIRECT ? Also, you said that you also noticed the same behaviour in
> other environments, maybe there you can disable conntrack ?

I was able to reproduce the bug multiple times without conntrack nor 
netfilter on the client and the server(I recompiled the kernel disabling 
the entire netfilter subsystem). The 3-second problem still occurs so we 
can completely rule out contrack-related bugs.

What can we do and test next?

Gabriel
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ