[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: IPFilter issue in -current
On 21/12/2012 6:56 AM, Geoff Adams wrote:
> I've finally had some time to work on this. Here is the result so far:
> The ipf rb-tree implementation is implemented as cpp macros
> ... (The bug manifests as a kernel panic or hard hang during a call to
> RBI_SEARCH or RBI_INSERT.)
Stack traces welcome and/or ways in which it could be reproduced.
> Attached is a patch that keeps my router from panicking or hanging on heavy
> NAT load.
> Would anyone like to take a look at it? I think these changes should be
> incorporated into -current.
The changes look fine.
> After that, there are still a couple other ipf problems that cause serious
> although they don't kill the machine. For example, the ns_bucketlen measure
> of elements
> in each bucket in the hash table that keeps NAT state can be decremented
> below 0.
> Since it's an unsigned int, that makes it look as if the bucket is way
> and no new state can be tracked between the two hosts in question. I'll try
> to look into this later today.
What other issues have you encountered?
Main Index |
Thread Index |