[Bug 40] system hangs, Availability problems, maybe conntrack bug, possible reason here.

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Thu Jan 6 21:55:32 CET 2005


https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=40





------- Additional Comments From pmccurdy at net-itech.com  2005-01-06 21:55 MET -------
Created an attachment (id=72)
 --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=72&action=view)
Tools to help reproduce the problem

Here is a tool we developed to help us reproduce the problem.  There's the
source code, as well as some versions compiled for Debian (it runs on my Debian
stable workstation, and it should run on unstable as well).  To either compile
or run, you'll need the WvStreams library; the precompiled versions need
WvStreams 4.0, but it should compile against just about any version of the
library.  This library is probably available through your distribution, or you
can get it from http://open.nit.ca/wiki/index.php?page=WvStreams .  The code is
pretty simple, you could rewrite it pretty quickly if either of those options
isn't going to work for you.

To use these:
You need 3 computers. 
System 1 [eth0]<-LAN->[eth0] Vulnerable Server 2 [eth1]<-Internet->[eth1]
System 3
This should work alright as long as "Vulnerable Server 2" is doing NAT with the
PPTP conntrack patches. Systems 1 and 3 can probably be anything you want.

Run the server on System 3, poking a hole on TCP/1723 in any firewall(s), if
needed (run as ./pptpdietest_srv)

Run the client on System 1 as: while true; do ./pptpdietest_cli
ip_of_server:1723; done
(Note: the client is really dumb: if you don't specify a port number, it won't
print an error, but won't connect either)

Within a minute or two, on server 2, you should see a kernel panic (fail),
warning messages about an "invalid csum" (pass), or warnings about a NULL GRE
conntrack keymap (pass).

-- 
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.



More information about the netfilter-buglog mailing list