Bug#288197: marked as done (2.6.10: ip_conntrack ignores RST making the tracking hash blow up in your face)

To: Christoph Hellwig <hch@lst.de>
Cc: Debian Kernel Team <debian-kernel@lists.debian.org>
Subject: Bug#288197: marked as done (2.6.10: ip_conntrack ignores RST making the tracking hash blow up in your face)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 08 Jan 2005 05:18:25 -0800
Message-id: <[🔎] handler.288197.D288197.110518995421125.ackdone@bugs.debian.org>
In-reply-to: <20050108131232.GA2299@lst.de>
References: <20050108131232.GA2299@lst.de> <[🔎] 20050102123657.4AC6564098@pelle.pasop.tomt.net>

Your message dated Sat, 8 Jan 2005 14:12:32 +0100
with message-id <20050108131232.GA2299@lst.de>
and subject line #288197 fixed in the WIP packages
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 2 Jan 2005 12:37:03 +0000
>From andre@tomt.net Sun Jan 02 04:37:03 2005
Return-path: <andre@tomt.net>
Received: from pasop.tomt.net (pelle.pasop.tomt.net) [217.8.136.222] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Cl4yk-0003Ne-00; Sun, 02 Jan 2005 04:37:03 -0800
Received: by pelle.pasop.tomt.net (Postfix, from userid 1000)
	id 4AC6564098; Sun,  2 Jan 2005 13:36:57 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Andre Tomt <andre@tomt.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: 2.6.10: ip_conntrack ignores RST making the tracking hash blow up in your
 face
X-Mailer: reportbug 3.2
Date: Sun, 02 Jan 2005 13:36:57 +0100
Message-Id: <[🔎] 20050102123657.4AC6564098@pelle.pasop.tomt.net>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: kernel
Severity: important
Tags: patch


This is a bug introduced by netfilter ip_conntrack window tracking fixes
introduced in a late 2.6.10-rc, wich should be fixed in the pending
2.6.10 upload to the debian archive (discussed on #debian-kernel).

The window tracking fixed broke RST handling,  making the tracking hash
blow up really badly. In my setup it blew up with
net.ipv4.ip_conntrack_max=65536 after a little over 24 hours in use.
With a 5 day established timeout (the default) the hash would probably
grow to somewhere around 300000 entries - each taking rougly 300 bytes,
and this is on a relatively low trafficed firewall (10-20Mbps). Normal
non-buggy operation here is about 1-2000 entries.

The fix attached is currently not been checked over by the guy who broke
it all; but it has been known to work just fine in my setups and others.

More history - and patch:
http://lists.netfilter.org/pipermail/netfilter-devel/2004-December/017908.html


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (1000, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-s1-up
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

---------------------------------------
Received: (at 288197-done) by bugs.debian.org; 8 Jan 2005 13:12:34 +0000
>From hch@lst.de Sat Jan 08 05:12:34 2005
Return-path: <hch@lst.de>
Received: from verein.lst.de (mail.lst.de) [213.95.11.210] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CnGOQ-0005UV-00; Sat, 08 Jan 2005 05:12:34 -0800
Received: from verein.lst.de (localhost [127.0.0.1])
	by mail.lst.de (8.12.3/8.12.3/Debian-7.1) with ESMTP id j08DCW6t002313
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for <288197-done@bugs.debian.org>; Sat, 8 Jan 2005 14:12:32 +0100
Received: (from hch@localhost)
	by verein.lst.de (8.12.3/8.12.3/Debian-6.6) id j08DCWf5002311
	for 288197-done@bugs.debian.org; Sat, 8 Jan 2005 14:12:32 +0100
Date: Sat, 8 Jan 2005 14:12:32 +0100
From: Christoph Hellwig <hch@lst.de>
To: 288197-done@bugs.debian.org
Subject: #288197 fixed in the WIP packages
Message-ID: <20050108131232.GA2299@lst.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.28i
X-Spam-Score: -4.901 () BAYES_00
X-Scanned-By: MIMEDefang 2.39
Delivered-To: 288197-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

this bug is 2.6.10-only and the WIP packages for 2.6.10 have it fixed
already

Reply to:

References:
- Bug#288197: 2.6.10: ip_conntrack ignores RST making the tracking hash blow up in your face
  - From: Andre Tomt <andre@tomt.net>

Prev by Date: Bug#286028: #286028 installation-reports: loading tg3 module for Broadcom NIC causes total freeze of system
Next by Date: Processed: tagging 289247
Previous by thread: Bug#288197: 2.6.10: ip_conntrack ignores RST making the tracking hash blow up in your face
Next by thread: Bug#288197: 2.6.10: ip_conntrack ignores RST making the tracking hash blow up in your face
Index(es):
- Date
- Thread