[Bug 823] New: IPv6 NAT memory leaking

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Wed May 22 05:27:38 CEST 2013


           Summary: IPv6 NAT memory leaking
           Product: netfilter/iptables
           Version: unspecified
          Platform: x86_64
        OS/Version: other
            Status: NEW
          Severity: critical
          Priority: P5
         Component: ip6_tables (kernel)
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: lex.weishun at gmail.com
   Estimated Hours: 0.0

I tried IPv6 NAT and the system always crashes due to out-of-memory.

Here are my steps to reproduce:

[VM-a] ------------------- [VM-b]
fd00:1234::a/64            fd00:1234::b/64

* VM-a and VM-b are both virtualbox VMs (Arch Linux, kernel 3.9.3-1-ARCH, 
  x866_64, with 64M memory)

1. Add an IPv6 NAT rule on VM-b (even it is never matched):
   (VM-b)# ip6tables -t nat -A POSTROUTING -s abcd::1 -j LOG

2. Ping with big packets from VM-a:
   (VM-a)# for i in {1..5000}; do ping6 -s 2000 -c 1 fd00:1234::b; done

3. Check slabinfo at VM-b, the size of kmalloc-256 increases fast and never be
   released even all conntections are closed.

4-1. Reboot VM-b and do the test again by 'ping -s 1024'.
     Every thing is fine.

4-2. Reboot VM-b and do the test again without any IPv6 NAT rules.
     Every thing is fine.

It looks like a memory leaking problem.

Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the netfilter-buglog mailing list