[Bug 485] New: Stresstesting ipset crashes kernel

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Mon Jun 5 22:35:43 CEST 2006


https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=485

           Summary: Stresstesting ipset crashes kernel
           Product: ipset
           Version: 2.2.8
          Platform: x86_64
        OS/Version: RedHat Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: default
        AssignedTo: kadlec at netfilter.org
        ReportedBy: bugzilla.netfilter at neufeind.net


Using current versions:
ip_set/ipt_set-parts from iptables-1.3.5 (backported - sorry)
ip_set/ipt_set-parts from patch-o-matic-ng-20060508 (backported - sorry)
ipset-2.2.9-20060508

Unfortunately I had to use ipset on a stock CentOS 4.3-kernel (which is
2.6.9-34.0.1.EL with iptables 1.2.1-somepatchlevel as of writing). So I did
backport ipset carefully - and it usually seems to work fine, if you just create
one hash and add/delete ips/networks to/from it. I was using nethash.

But stresstesting ipset seems to crash the kernel. I had to do only 3-5 runs of
the following sequence to crash it repeatedly:

# only needed initially
- create hash1 (nethash)
# needed per each run
- create hash1_tmp (nethash)
- adding networks to hash1_tmp
- swap hash1 and hash1_tmp
- destroy hash1_tmp (which now holds the old hashset)

Workaround: I changed the above to work without a temporary hashset how. Did
# only needed initially
- create hash1 (nethash)
# needed per each run
- flush hash1
- adding networks to hash1

That works now. But I don't see a reason why the above mentioned "stress-test"
would crash the kernel.
(PS: I introduced a "sleep 3" between all the steps. It seems to have lived at
least a few runs longer. But that might only be my personal view.)

-- 
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the netfilter-buglog mailing list