Bug#831014: linux-image-3.16.0-4-amd64: iptables performance issue introduced by "netfilter: x_tables: validate targets of jumps"

To: 831014@bugs.debian.org
Subject: Bug#831014: linux-image-3.16.0-4-amd64: iptables performance issue introduced by "netfilter: x_tables: validate targets of jumps"
From: Thomas Martin <tmartincpp@gmail.com>
Date: Thu, 8 Sep 2016 16:37:49 +0200
Message-id: <[🔎] CAO1iXZLXPgULmqOwn0Rj3O_2=QmOAE8oCCK0Z5J4OJN2-zTqHg@mail.gmail.com>
Reply-to: Thomas Martin <tmartincpp@gmail.com>, 831014@bugs.debian.org

Dear Maintainer, Dear Jeff,

I'm having the same issue.

I have an old firewall running Wheezy, applying the firewall take less
than 30 seconds.
I installed a new server in Jessie, now it takes more than 60 seconds to apply.

To confirm the issue I did few more tests on my old servers:
- with the wheezy-backports kernel (3.16.7-ckt25-2+deb8u3~bpo70+1) I
have the same issue (applying the firewall take more than 60 seconds),
- with an old wheezy-backports kernel downloaded on
snapshot.debian.org (3.16.7-ckt25-2~bpo70+1): I have no issue (less
than 30 seconds to apply).


Jeff, did you had to build your own kernel to fix this issue?
Ideally, I would like to avoid this solution if possible.


Thanks.


Regards,
Thomas

Reply to:

Prev by Date: Processing of linux_4.7.2-1~bpo8+1_amd64.changes
Next by Date: Bug#825840: your mail
Previous by thread: Processing of linux_4.7.2-1~bpo8+1_amd64.changes
Next by thread: Bug#825840: your mail
Index(es):
- Date
- Thread