lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 28 Jul 2017 01:05:05 -0700
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     Marc Haber <mh+netdev@...schlus.de>
Cc:     Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org
Subject: Re: After a while of system running no incoming UDP any more?

On Fri, 2017-07-28 at 08:26 +0200, Marc Haber wrote:
> On Mon, Jul 24, 2017 at 04:19:10PM +0200, Paolo Abeni wrote:
> > Once that a system enter the buggy status, do the packets reach the
> > relevant socket's queue?
> > 
> > ss -u
> > nstat |grep -e Udp -e Ip
> > 
> > will help checking that.
> 
> I now have the issue on one machine, a Xen guest acting as authoritative
> nameserver for my domains. Here are the outputs during normal use, with
> artificial queries coming in on eth0:
> 
> [9/1075]mh@...etus:~ $ ss -u
> Recv-Q Send-Q                                     Local Address:Port                                                      Peer Address:Port                
> 0      0                                              127.0.0.1:56547                                                        127.0.0.1:domain               
> 0      0                                         216.231.132.60:27667                                                       198.41.0.4:domain               
> 0      0                                         216.231.132.60:44121                                                          8.8.8.8:domain               
> 0      0                                         216.231.132.60:29814                                                       198.41.0.4:domain               
> [10/1076]mh@...etus:~ $ ss -u
> Recv-Q Send-Q                                     Local Address:Port                                                      Peer Address:Port                
> [11/1076]mh@...etus:~ $ ss -u
> Recv-Q Send-Q                                     Local Address:Port                                                      Peer Address:Port                
> [12/1076]mh@...etus:~ $ ss -u
> Recv-Q Send-Q                                     Local Address:Port                                                      Peer Address:Port                
> [13/1076]mh@...etus:~ $ ss -u
> Recv-Q Send-Q                                     Local Address:Port                                                      Peer Address:Port                
> [14/1076]mh@...etus:~ $ nstat  | grep -e Udp -e Ip
> IpInReceives                    400688             0.0
> IpInAddrErrors                  18567              0.0
> IpInUnknownProtos               3                  0.0
> IpInDelivers                    330634             0.0
> IpOutRequests                   283637             0.0
> UdpInDatagrams                  145860             0.0
> UdpNoPorts                      1313               0.0
> UdpInErrors                     9356               0.0
> UdpOutDatagrams                 153093             0.0
> UdpIgnoredMulti                 34148              0.0
> Ip6InReceives                   161178             0.0
> Ip6InNoRoutes                   8                  0.0
> Ip6InDelivers                   73841              0.0
> Ip6OutRequests                  77575              0.0
> Ip6InMcastPkts                  87332              0.0
> Ip6OutMcastPkts                 109                0.0
> Ip6InOctets                     21880674           0.0
> Ip6OutOctets                    9633059            0.0
> Ip6InMcastOctets                9371483            0.0
> Ip6OutMcastOctets               6636               0.0
> Ip6InNoECTPkts                  161202             0.0
> Ip6InECT1Pkts                   15                 0.0
> Ip6InECT0Pkts                   11                 0.0
> Ip6InCEPkts                     4                  0.0
> Udp6InDatagrams                 11725              0.0
> Udp6NoPorts                     2                  0.0
> Udp6InErrors                    1989               0.0
> Udp6OutDatagrams                14483              0.0
> IpExtInBcastPkts                34148              0.0
> IpExtInOctets                   47462716           0.0
> IpExtOutOctets                  31262696           0.0
> IpExtInBcastOctets              7476059            0.0
> IpExtInNoECTPkts                400178             0.0
> IpExtInECT1Pkts                 22                 0.0
> IpExtInECT0Pkts                 481                0.0
> IpExtInCEPkts                   14                 0.0
> [15/1077]mh@...etus:~ $ nstat  | grep -e Udp -e Ip
> IpInReceives                    25                 0.0
> IpInDelivers                    25                 0.0
> IpOutRequests                   16                 0.0
> UdpInDatagrams                  1                  0.0
> UdpInErrors                     24                 0.0
> UdpOutDatagrams                 16                 0.0
> Ip6InReceives                   15                 0.0
> Ip6InDelivers                   14                 0.0
> Ip6OutRequests                  12                 0.0
> Ip6InMcastPkts                  1                  0.0
> Ip6InOctets                     1219               0.0
> Ip6OutOctets                    4384               0.0
> Ip6InMcastOctets                131                0.0
> Ip6InNoECTPkts                  15                 0.0
> IpExtInOctets                   11779              0.0
> IpExtOutOctets                  1023               0.0
> IpExtInNoECTPkts                25                 0.0
> [16/1077]mh@...etus:~ $ nstat  | grep -e Udp -e Ip
> IpInReceives                    24                 0.0
> IpInDelivers                    24                 0.0
> IpOutRequests                   18                 0.0
> UdpInErrors                     22                 0.0
> UdpOutDatagrams                 16                 0.0
> Ip6InReceives                   15                 0.0
> Ip6InDelivers                   12                 0.0
> Ip6OutRequests                  10                 0.0
> Ip6InMcastPkts                  3                  0.0
> Ip6InOctets                     1160               0.0
> Ip6OutOctets                    2456               0.0
> Ip6InMcastOctets                216                0.0
> Ip6InNoECTPkts                  15                 0.0
> IpExtInOctets                   8612               0.0
> IpExtOutOctets                  1127               0.0
> IpExtInNoECTPkts                24                 0.0
> [17/1077]mh@...etus:~ $ nstat  | grep -e Udp -e Ip
> IpInReceives                    5                  0.0
> IpInDelivers                    4                  0.0
> IpOutRequests                   3                  0.0
> UdpNoPorts                      1                  0.0
> UdpInErrors                     2                  0.0
> UdpOutDatagrams                 1                  0.0
> Ip6InReceives                   12                 0.0
> Ip6InDelivers                   12                 0.0
> Ip6OutRequests                  10                 0.0
> Ip6InOctets                     944                0.0
> Ip6OutOctets                    2364               0.0
> Ip6InNoECTPkts                  12                 0.0
> IpExtInOctets                   429                0.0
> IpExtOutOctets                  226                0.0
> IpExtInNoECTPkts                5                  0.0
> [18/1077]mh@...etus:~ $
> 
> And here, hopefully a bit more helpful:
> 
> [19/1078]mh@...etus:~ $ ss -u ; nstat  | grep -e Udp -e Ip ; dig +time=2 @8.8.8.8 zugschlus.de mx ; ss -u ; nstat  | grep -e Udp -e Ip 
> Recv-Q Send-Q                                     Local Address:Port                                                      Peer Address:Port                
> 0      0                                         216.231.132.60:27333                                                       198.41.0.4:domain               
> 0      0                                         216.231.132.60:38101                                                       198.41.0.4:domain               
> 0      0                                         216.231.132.60:15836                                                       198.41.0.4:domain               
> 0      0                                         216.231.132.60:50655                                                          8.8.8.8:domain               
> 0      0                                         216.231.132.60:41953                                                       198.41.0.4:domain               
> 0      0                                         216.231.132.60:6888                                                        198.41.0.4:domain               
> 0      0                                         216.231.132.60:51441                                                       198.41.0.4:domain               
> 0      0                                         216.231.132.60:42503                                                       198.41.0.4:domain               
> 0      0                                         216.231.132.60:12575                                                       198.41.0.4:domain               
> 0      0                                         216.231.132.60:13857                                                       198.41.0.4:domain
> 0      0                                         216.231.132.60:16419                                                    192.36.148.17:domain
> 0      0                                         216.231.132.60:39227                                                       198.41.0.4:domain
> 0      0                                              127.0.0.1:54608                                                        127.0.0.1:domain
> 0      0                                         216.231.132.60:20818                                                       198.41.0.4:domain
> 0      0                                         216.231.132.60:56662                                                       198.41.0.4:domain
> 0      0                                         216.231.132.60:48259                                                    192.36.148.17:domain
> 0      0                                         216.231.132.60:37803                                                       198.41.0.4:domain
> IpInReceives                    59                 0.0
> IpInAddrErrors                  1                  0.0
> IpInDelivers                    56                 0.0
> IpOutRequests                   50                 0.0
> UdpInDatagrams                  1                  0.0
> UdpInErrors                     50                 0.0
> UdpOutDatagrams                 47                 0.0
> UdpIgnoredMulti                 1                  0.0
> Ip6InReceives                   75                 0.0
> Ip6InDelivers                   73                 0.0
> Ip6OutRequests                  64                 0.0
> Ip6InMcastPkts                  2                  0.0
> Ip6InOctets                     7837               0.0
> Ip6OutOctets                    11876              0.0
> Ip6InMcastOctets                279                0.0
> Ip6InNoECTPkts                  75                 0.0
> Udp6InErrors                    3                  0.0
> IpExtInBcastPkts                1                  0.0
> IpExtInOctets                   18447              0.0
> IpExtOutOctets                  3478               0.0
> IpExtInBcastOctets              183                0.0
> IpExtInNoECTPkts                59                 0.0
> 
> ; <<>> DiG 9.10.3-P4-Debian <<>> +time=2 @8.8.8.8 zugschlus.de mx
> ; (1 server found)
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
> Recv-Q Send-Q                                     Local Address:Port                                                      Peer Address:Port
> 0      0                                         216.231.132.60:7879                                                      202.12.27.33:domain
> 0      0                                         216.231.132.60:32711                                                     202.12.27.33:domain
> 0      0                                         216.231.132.60:54238                                                     202.12.27.33:domain
> 0      0                                         216.231.132.60:30948                                                   192.228.79.201:domain
> 0      0                                         216.231.132.60:4106                                                      202.12.27.33:domain
> 0      0                                         216.231.132.60:6667                                                      202.12.27.33:domain
> 0      0                                         216.231.132.60:2090                                                    192.228.79.201:domain
> 0      0                                         216.231.132.60:60459                                                   192.228.79.201:domain
> 0      0                                         216.231.132.60:16427                                                     202.12.27.33:domain
> 0      0                                         216.231.132.60:9019                                                      202.12.27.33:domain
> 0      0                                         216.231.132.60:2113                                                      202.12.27.33:domain
> 0      0                                         216.231.132.60:34907                                                     202.12.27.33:domain
> 0      0                                         216.231.132.60:34654                                                     202.12.27.33:domain
> 0      0                                         216.231.132.60:47725                                                     202.12.27.33:domain
> 0      0                                         216.231.132.60:35774                                                     202.12.27.33:domain
> IpInReceives                    38                 0.0
> IpInDelivers                    38                 0.0
> IpOutRequests                   38                 0.0
> UdpInDatagrams                  2                  0.0
> UdpInErrors                     34                 0.0
> UdpOutDatagrams                 36                 0.0
> Ip6InReceives                   14                 0.0
> Ip6InDelivers                   13                 0.0
> Ip6OutRequests                  13                 0.0
> Ip6InMcastPkts                  1                  0.0
> Ip6InOctets                     1046               0.0
> Ip6OutOctets                    6277               0.0
> Ip6InMcastOctets                133                0.0
> Ip6InNoECTPkts                  13                 0.0
> Ip6InECT0Pkts                   1                  0.0
> Udp6InDatagrams                 1                  0.0
> Udp6OutDatagrams                1                  0.0
> IpExtInOctets                   15963              0.0
> IpExtOutOctets                  2397               0.0
> IpExtInNoECTPkts                37                 0.0
> IpExtInECT0Pkts                 1                  0.0
> [20/1079]mh@...etus:~ $
> 
> I am afraid I cannot keep this state for much longer than a few
> additional hours as this is an authoritative name server...
> 
> Greetings
> Marc
> 

To confirm the refcount issue, you might send us :

cat /proc/net/udp6

Normally, the refcount column should have a value of 2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ