Re: conntrackd, internal cache keeps filling up

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, May 13, 2014 at 02:04:00PM +0200, Florian Westphal wrote:
> Martin Kraus <lists_mk@xxxxxxxxxxx> wrote:
> > On Mon, May 12, 2014 at 06:35:38PM +0200, Pablo Neira Ayuso wrote:
> > > > current kernel is 3.13.7. 
> > > > 
> > > > we already hit a bug in the official 3.2 kernel packaged with wheezy where 
> > > > our scan for heartbleed vulnerability would cause conntrackd to kernel panic
> > > > the router.
> > > 
> > > Please, provide more information on how to reproduce the problem that
> > > you're noticing. Thank you.
> > 
> > regarding the kernel panic on 3.2 a colleague of mine was using nmap with it's
> > heartbleed plugin
> > 
> > nmap --script ssl-heartbleed -sT -oX logfile.log 10.0.0.0/20
> > 
> > http://nmap.org/nsedoc/scripts/ssl-heartbleed.html
> > 
> > it took about 30 minutes to trigger the problem.
> [..]
> 
> >         NetlinkEventsReliable On
> 
> known broken until at least Linux 3.6, see f.e.
> 
> 5b423f6a40a0327f9d40bc8b97ce9be266f74368
> ("netfilter: nf_conntrack: fix racy timer handling with reliable events")

If they are using latest 3.2, that patch is already there.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux