| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 06 Mar 2007 21:07:49 +0100 From: Eric Dumazet <dada1@...mosbay.com> To: Howard Chu <hyc@...as.com> CC: netdev@...r.kernel.org Subject: Re: TCP 2MSL on loopback Howard Chu a écrit : > Eric Dumazet wrote: >> On Tuesday 06 March 2007 10:22, Howard Chu wrote: >> >>> It's a combination of 2MSL and /proc/sys/net/ipv4/ip_local_port_range - >>> on my system the default port range is 32768-61000. That means if I use >>> up 28232 ports in less than 2MSL then everything stops. netstat will >>> show that all the available port numbers are in TIME_WAIT state. And >>> this is particularly bad because while waiting for the timeout, I can't >>> initiate any new outbound connections of any kind at all - telnet, ssh, >>> whatever, you have to wait for at least one port to free up. >>> (Interesting denial of service there....) >>> >>> Granted, I was running my test on 2.6.18, perhaps 2.6.21 behaves >>> differently. >> >> Could you try this attached program and tell me whats happen ? >> >> $ gcc -O2 -o socktest socktest.c -lpthread >> $ time ./socktest -n 100000 >> nb_conn=99999 nb_accp=99999 >> >> real 0m5.058s >> user 0m0.212s >> sys 0m4.844s >> >> (on my small machine, dell d610 :) ) > > On my Asus laptop (2GHz Pentium M) the first time I ran it it completed > in about 51 seconds, with no errors. I then copied it to another machine > and started it up there, and got connect errors right away. I then went > back to my laptop and ran it again, and got errors that time. > > This is the laptop run with errors: > viola:~/src> uname -a > Linux viola 2.6.18.2-34-default #1 SMP Mon Nov 27 11:46:27 UTC 2006 i686 > i686 i386 GNU/Linux > viola:~/src> time ./socktest -n 1000000 > connect error 99 > connect error 99 > connect error 99 > connect error 99 > connect error 99 > connect error 99 > connect error 99 > connect error 99 > connect error 99 > connect error 99 > nb_conn=993757 nb_accp=993757 > 1.408u 88.649s 1:42.76 87.6% 0+0k 0+0io 0pf+0w > > This is my other system, an AMD X2 3800+ (dual core) > mandolin:~/src> uname -a > Linux mandolin 2.6.18.3SMP #9 SMP Sat Nov 25 10:08:51 PST 2006 x86_64 > x86_64 x86_64 GNU/Linux > mandolin:~/src> gcc -O2 -o socktest socktest.c -lpthread > mandolin:~/src> time ./socktest -n 1000000 > connect error 99 > connect error 99 > connect error 99 > connect error 99 > connect error 99 > connect error 99 > connect error 99 > connect error 99 > connect error 99 > connect error 99 > nb_conn=957088 nb_accp=957088 > 1.012u 630.991s 5:18.05 198.7% 0+0k 0+0io 0pf+0w Let me see, any chance you can try the prog on 2.6.20 ? If not, please send : grep . /proc/sys/net/ipv4/* Thank you - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists