| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 May 2009 20:00:52 +0200 From: Pablo Neira Ayuso <pablo@...filter.org> To: Denys Fedoryschenko <denys@...p.net.lb> CC: netdev@...r.kernel.org, netfilter-devel@...r.kernel.org Subject: Re: ipt_MASQUERADE weirdness (consuming CPU cycles while not used) Denys Fedoryschenko wrote: > I have loaded pppoe (1700 users). I test one rule for short time with -j > MASQUERADE, then removed it and reset conntrack (conntrack -F). But still i > can see it is consuming CPU even when it is not used in any rule. Even i > reboot server and just load rules that dont have MASQUERADE, and just load > module - it will start consuming CPU immediately. Are you using 2.6.29 with any conntrack helper loaded? In that case this fix is not in -stable yet. http://kerneltrap.org/mailarchive/linux-netdev/2009/4/8/5440564 > 64811 3.7735 ipt_MASQUERADE ipt_MASQUERADE device_cmp device_cmp() by nf_ct_iterate_cleanup() when NETDEV_DOWN event is received. Weird, is your device going down quite often? Another possibility is that there's some entry stuck in the conntrack table that we cannot delete, perhaps we're leaking refcounts somewhere. -- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists