lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090504171408.3e13822c@python3.es.egwn.lan>
Date:	Mon, 4 May 2009 17:14:08 +0200
From:	Matthias Saou 
	<thias@...m.spam.spam.spam.spam.spam.spam.egg.and.spam.freshrpms.net>
To:	linux-kernel@...r.kernel.org
Subject: Wrong network usage reported by /proc

Hi,

I'm posting here as a last resort. I've got lots of heavily used RHEL5
servers (2.6.18 based) that are reporting all sorts of impossible
network usage values through /proc, leading to unrealistic snmp/cacti
graphs where the outgoing bandwidth used it higher than the physical
interface's maximum speed.

For some details and a test script which compares values from /proc
with values from tcpdump :
https://bugzilla.redhat.com/show_bug.cgi?id=489541

The values collected using tcpdump always seem realistic and match the
values seen on the remote network equipments. So my obvious conclusion
(but possibly wrong given my limited knowledge) is that something is
wrong in the kernel, since it's the one exposing the /proc interface.

I've reproduced what seems to be the same problem on recent kernels,
including the 2.6.27.21-170.2.56.fc10.x86_64 I'm running right now. The
simple python script available here allows to see it quite easily :
https://www.redhat.com/archives/rhelv5-list/2009-February/msg00166.html

 * I run the script on my Workstation, I have an FTP server enabled
 * I download a DVD ISO from a remote workstation : The values match
 * I start ping floods from remote workstations : The values reported
   by /proc are much higher than the ones reported by tcpdump. I used
   "ping -s 500 -f myworkstation" from two remote workstations

If there's anything flawed in my debugging, I'd love to have someone
point it out to me. TIA to anyone willing to have a look.

Matthias

-- 
Clean custom Red Hat Linux rpm packages : http://freshrpms.net/
Fedora release 10 (Cambridge) - Linux kernel
2.6.27.21-170.2.56.fc10.x86_64 Load : 0.39 0.30 0.34
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ