On Tue, May 13, 2014 at 02:04:00PM +0200, Florian Westphal wrote: > Martin Kraus <lists_mk@xxxxxxxxxxx> wrote: > > On Mon, May 12, 2014 at 06:35:38PM +0200, Pablo Neira Ayuso wrote: > > > > current kernel is 3.13.7. > > > > > > > > we already hit a bug in the official 3.2 kernel packaged with wheezy where > > > > our scan for heartbleed vulnerability would cause conntrackd to kernel panic > > > > the router. > > > > > > Please, provide more information on how to reproduce the problem that > > > you're noticing. Thank you. > > > > regarding the kernel panic on 3.2 a colleague of mine was using nmap with it's > > heartbleed plugin > > > > nmap --script ssl-heartbleed -sT -oX logfile.log 10.0.0.0/20 > > > > http://nmap.org/nsedoc/scripts/ssl-heartbleed.html > > > > it took about 30 minutes to trigger the problem. > [..] > > > NetlinkEventsReliable On > > known broken until at least Linux 3.6, see f.e. > > 5b423f6a40a0327f9d40bc8b97ce9be266f74368 > ("netfilter: nf_conntrack: fix racy timer handling with reliable events") If they are using latest 3.2, that patch is already there. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html