[Bug 485] New: Stresstesting ipset crashes kernel
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Mon Jun 5 22:35:43 CEST 2006
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=485
Summary: Stresstesting ipset crashes kernel
Product: ipset
Version: 2.2.8
Platform: x86_64
OS/Version: RedHat Linux
Status: NEW
Severity: major
Priority: P2
Component: default
AssignedTo: kadlec at netfilter.org
ReportedBy: bugzilla.netfilter at neufeind.net
Using current versions:
ip_set/ipt_set-parts from iptables-1.3.5 (backported - sorry)
ip_set/ipt_set-parts from patch-o-matic-ng-20060508 (backported - sorry)
ipset-2.2.9-20060508
Unfortunately I had to use ipset on a stock CentOS 4.3-kernel (which is
2.6.9-34.0.1.EL with iptables 1.2.1-somepatchlevel as of writing). So I did
backport ipset carefully - and it usually seems to work fine, if you just create
one hash and add/delete ips/networks to/from it. I was using nethash.
But stresstesting ipset seems to crash the kernel. I had to do only 3-5 runs of
the following sequence to crash it repeatedly:
# only needed initially
- create hash1 (nethash)
# needed per each run
- create hash1_tmp (nethash)
- adding networks to hash1_tmp
- swap hash1 and hash1_tmp
- destroy hash1_tmp (which now holds the old hashset)
Workaround: I changed the above to work without a temporary hashset how. Did
# only needed initially
- create hash1 (nethash)
# needed per each run
- flush hash1
- adding networks to hash1
That works now. But I don't see a reason why the above mentioned "stress-test"
would crash the kernel.
(PS: I introduced a "sleep 3" between all the steps. It seems to have lived at
least a few runs longer. But that might only be my personal view.)
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the netfilter-buglog
mailing list