| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180113235910.GF740@surrealistic.net> Date: Sat, 13 Jan 2018 15:59:10 -0800 From: Jim Westfall <jwestfall@...realistic.net> To: netdev@...r.kernel.org Subject: [PATCH 0/2] ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY This used to be the previous behavior in older kernels but became broken in a263b3093641f (ipv4: Make neigh lookups directly in output packet path) and then later removed because it was broken in 0bb4087cbec0 (ipv4: Fix neighlookup keying over loopback/point-to-point devices) Not having this results in there being an arp entry for every remote ip address that the device talks to. Given a fairly active device it can cause the arp table to become huge and/or having to add/purge large number of entires to keep within table size thresholds. $ ip -4 neigh show nud noarp | grep tun | wc -l 55850 $ lnstat -k arp_cache:entries,arp_cache:allocs,arp_cache:destroys -c 10 arp_cach|arp_cach|arp_cach| entries| allocs|destroys| 81493|620166816|620126069| 101867| 10186| 0| 113854| 5993| 0| 118773| 2459| 0| 27937| 18579| 63998| 39256| 5659| 0| 56231| 8487| 0| 65602| 4685| 0| 79697| 7047| 0| 90733| 5517| 0| Jim Westfall (2): net: Allow neigh contructor functions ability to modify the primary_key ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY include/net/arp.h | 3 +++ net/core/neighbour.c | 4 ++-- net/ipv4/arp.c | 7 ++++++- 3 files changed, 11 insertions(+), 3 deletions(-)
Powered by blists - more mailing lists