On Thu, Nov 29, 2018 at 01:28:58AM +0100, Florian Westphal wrote:
> Alakesh Haloi <alakeshh@xxxxxxxxxx> wrote:
> Second issue I wanted to bring in is, I tried latest linus's tree and ran my
> > experiments to create connections and bumped up the number of threads that
> > create connections, and i see kernel panic with list delete corruption. The
> > panic I am seeing is as below. So it looks like the refactor around xt_connlimit
> > may not be stable and needs more work.
>
> Can you pull latest version?
>
> There were a couple of fixes for BH locking from Tahee Yoo for
> nf_conncount that got applied to linus tree a few hours ago.
Thanks! The latest version does not have the list delete corruption. But the
connection count issue is back. For example, with following iptables rule in place,
we can easily create 2150+ connection from 20 threads, with the server program running
on a 4 core virtual virtual.
iptables -A INPUT -p tcp -m tcp --syn --dport 7777 -m connlimit --connlimit-above
2000 --connlimit-mask 0 -j DROP
