Re: [PATCH][RFC] Race in ip_conntrack_alter_reply

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Phil Oester <kernel@linuxace.com>
To: KOVACS Krisztian <hidden@balabit.hu>
Cc: netfilter-devel <netfilter-devel@lists.netfilter.org>
Subject: Re: [PATCH][RFC] Race in ip_conntrack_alter_reply
Date: Tue, 18 May 2004 07:48:36 -0700	[thread overview]
Message-ID: <20040518144836.GA25729@linuxace.com> (raw)
In-Reply-To: <1084784652.1909.43.camel@nienna.balabit>

I have not tried the patch yet -- I wanted to see if anyone else thought it
looked sane.  

Not much unique about my situation -- box with 6 interfaces, one of which is
internet link.  Pushing about 50mb peak per day...though the box dies at 2 - 6am
when traffic is light.  Doing nat for a handful of subnets, but most of the
/16 is not natted.  The box does run OSPF and has ~800 routes in the routing
table.  What specific info were you looking for?

Phil

On Mon, May 17, 2004 at 11:04:12AM +0200, KOVACS Krisztian wrote:
> 
>   Hi,
> 
> 2004-05-16, v keltezéssel 23:06-kor Phil Oester ezt írta:
> > I am still experiencing near daily deadlocks on a few heavily used
> > firewalls here (on all kernels from ~2.4.2x - 2.6.6).
> > 
> > In searching for a solution, I noticed that back in September 2003,
> > Rusty Russell pointed out the possibility of a race in ip_conntrack_alter_reply
> > and offered the below patch.
> > 
> > The relevant threads are:
> > 
> > http://lists.netfilter.org/pipermail/netfilter-devel/2003-September/012368.html
> > http://lists.netfilter.org/pipermail/netfilter-devel/2003-September/012388.html
> > 
> > And the patch is included below.
> 
>   Does it fix your problems? There were conversations on problems with
> ip_nat_setup_info() stuck in endless loop, but I did not experience any
> problems up to now. Could you provide some more info about your setup?
> 
> -- 
>  Regards,
>    Krisztian KOVACS
> 
>

next prev parent reply	other threads:[~2004-05-18 14:48 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-05-16 21:06 [PATCH][RFC] Race in ip_conntrack_alter_reply Phil Oester
2004-05-17  9:04 ` KOVACS Krisztian
2004-05-18 14:48   ` Phil Oester [this message]
2004-05-18 15:12     ` KOVACS Krisztian

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040518144836.GA25729@linuxace.com \
    --to=kernel@linuxace.com \
    --cc=hidden@balabit.hu \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.