lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4A1596D4.6000708@netfilter.org>
Date:	Thu, 21 May 2009 20:00:52 +0200
From:	Pablo Neira Ayuso <pablo@...filter.org>
To:	Denys Fedoryschenko <denys@...p.net.lb>
CC:	netdev@...r.kernel.org, netfilter-devel@...r.kernel.org
Subject: Re: ipt_MASQUERADE weirdness (consuming CPU cycles while not used)

Denys Fedoryschenko wrote:
> I have loaded pppoe (1700 users). I test one rule for short time with -j 
> MASQUERADE, then removed it and reset conntrack (conntrack -F). But still i 
> can see it is consuming CPU even when it is not used in any rule. Even i 
> reboot server and just load rules that dont have MASQUERADE, and just load 
> module - it will start consuming CPU immediately.

Are you using 2.6.29 with any conntrack helper loaded? In that case this
fix is not in -stable yet.

http://kerneltrap.org/mailarchive/linux-netdev/2009/4/8/5440564

> 64811     3.7735  ipt_MASQUERADE           ipt_MASQUERADE           device_cmp

device_cmp() by nf_ct_iterate_cleanup() when NETDEV_DOWN event is
received. Weird, is your device going down quite often? Another
possibility is that there's some entry stuck in the conntrack table that
we cannot delete, perhaps we're leaking refcounts somewhere.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ