lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080827123635.GA25321@2ka.mipt.ru>
Date:	Wed, 27 Aug 2008 16:36:35 +0400
From:	Evgeniy Polyakov <johnpol@....mipt.ru>
To:	Denys Fedoryshchenko <denys@...p.net.lb>
Cc:	Eric Dumazet <dada1@...mosbay.com>, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: loaded router, excessive getnstimeofday in oprofile

On Wed, Aug 27, 2008 at 03:09:17PM +0300, Denys Fedoryshchenko (denys@...p.net.lb) wrote:
> On Tuesday 26 August 2008, Evgeniy Polyakov wrote:
> > On Tue, Aug 26, 2008 at 10:44:56PM +0200, Eric Dumazet (dada1@...mosbay.com) 
> wrote:
> > > >Do you have any packet sockets in this system? Like running dhcp daemon?
> No, nothing at all.

Can you put debug print into
net_enable_timestamp()/net_disable_timestamp() to determine if someone
enabled timestamp socket option?

> tcp        0      0 127.0.0.1:2600          0.0.0.0:*               LISTEN     3167/zebra
> tcp        0      0 0.0.0.0:2601            0.0.0.0:*               LISTEN     3167/zebra
> tcp        0      0 0.0.0.0:2602            0.0.0.0:*               LISTEN     3174/ripd
> tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     3549/sshd
> tcp        0      0 194.146.153.17:22       194.146.154.161:37549   ESTABLISHED11593/sshd
> tcp        0      0 194.146.153.17:22       192.168.0.92:45891      ESTABLISHED11803/sshd
> tcp        0      0 127.0.0.1:42537         127.0.0.1:2600          ESTABLISHED3174/ripd
> tcp        0      0 194.146.153.17:22       194.146.153.18:51810    ESTABLISHED11799/sshd
> tcp        0      0 127.0.0.1:2600          127.0.0.1:42537         ESTABLISHED3167/zebra
> udp        0      0 0.0.0.0:520             0.0.0.0:*                          3174/ripd
> udp        0      0 0.0.0.0:161             0.0.0.0:*                          3194/snmpd
> udp        0      0 0.0.0.0:67              0.0.0.0:*                          3207/udhcpd

This one looks suspicious                                                        ^^^^^^^^^^

> udp   111360      0 0.0.0.0:49619           0.0.0.0:*                          2449/syslogd


-- 
	Evgeniy Polyakov
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ