xt_NAT icon indicating copy to clipboard operation
xt_NAT copied to clipboard
verified publisher icon andrsharaev

Urgent Bug Report : Crash over 4k socket limit.

Open micron10 opened this issue 4 years ago • 4 comments

@andrsharaev , @Stanback

Kernel 5.12.1 400users online. one user open over 4k socket on udp

10.8.196.171 -> x.x.57.x (tcp: 267, udp: 4093, other: 1)

[81344.832784] xt_NAT: 10.8.196.171 exceed max allowed sessions [81344.832786] xt_NAT SNAT: Cannot create new session. Dropping packet [81344.832789] xt_NAT: 10.8.196.171 exceed max allowed sessions [81344.832790] xt_NAT SNAT: Cannot create new session. Dropping packet [81344.843236] xt_NAT SNAT: Cannot create new session. Dropping packet [81344.843483] xt_NAT: 10.8.196.171 exceed max allowed sessions [81344.981056] xt_NAT: 10.8.196.171 exceed max allowed sessions [81344.987069] xt_NAT SNAT: Cannot create new session. Dropping packet [81345.004978] xt_NAT SNAT: Cannot create new session. Dropping packet [81402.540906] rcu: INFO: rcu_sched self-detected stall on CPU [81402.540909] rcu: 5-....: (3314 ticks this GP) idle=74e/1/0x4000000000000000 softirq=4979878/4979878 fqs=2554 last_accelerate: a926/c0a0 dyntick_enabled: 1 [81402.540911] (t=6001 jiffies g=7517749 q=44479) [81402.540913] NMI backtrace for cpu 5 [81402.540914] CPU: 5 PID: 36 Comm: ksoftirqd/5 Tainted: G O 5.12.1 #1 [81402.540916] Hardware name: Supermicro Super Server/X10SRD-F, BIOS 3.3 10/28/2020 [81402.540917] Call Trace: [81402.540919] <IRQ> [81402.540920] dump_stack+0x65/0x7d [81402.540924] ? lapic_can_unplug_cpu+0x70/0x70 [81402.540927] nmi_trigger_cpumask_backtrace.cold+0x40/0x4d [81402.540929] rcu_dump_cpu_stacks+0xbe/0xec [81402.540932] rcu_sched_clock_irq.cold+0x195/0x3f1 [81402.540934] ? enqueue_task_fair+0x796/0xbd0 [81402.540938] update_process_times+0x88/0xc0 [81402.540942] tick_sched_timer+0x7f/0x110 [81402.540944] ? tick_nohz_dep_set_task+0x80/0x80 [81402.540945] __hrtimer_run_queues+0x10b/0x1b0 [81402.540947] hrtimer_interrupt+0x10a/0x420 [81402.540949] __sysvec_apic_timer_interrupt+0x47/0x60 [81402.540952] sysvec_apic_timer_interrupt+0x65/0x90 [81402.540955] </IRQ> [81402.540955] asm_sysvec_apic_timer_interrupt+0xf/0x20 [81402.540959] RIP: 0010:console_unlock+0x366/0x5e0 [81402.540961] Code: ff ff 8b 05 44 5f b2 01 85 c0 75 66 c7 05 3a 5f b2 01 01 00 00 00 e9 0f fd ff ff e8 f4 1c 00 00 48 85 db 74 01 fb 8b 54 24 0c <85> d2 0f 84 4a fd ff ff e8 1d 2b 7c 00 e9 40 fd ff ff 4d 85 ff 74 [81402.540963] RSP: 0018:ffff9dc980203a80 EFLAGS: 00000206 [81402.540964] RAX: 0000000000000000 RBX: 0000000000000200 RCX: 0000000000000000 [81402.540965] RDX: 0000000000000000 RSI: 0000000000000087 RDI: ffffffff82b59898 [81402.540966] RBP: 0000000000000000 R08: ffff9786814db080 R09: 0000000000000000 [81402.540966] R10: ffff9786a85bf260 R11: ffff9786f7bd7cf0 R12: 0000000000000048 [81402.540967] R13: 0000000000000000 R14: 20c49ba5e353f7cf R15: 0000000000000000 [81402.540968] ? common_interrupt+0x14/0xa0 [81402.540969] ? asm_common_interrupt+0x1b/0x40 [81402.540971] vprintk_default+0x5a/0x150 [81402.540972] printk+0x43/0x45 [81402.540975] create_nat_session+0x1c5e/0x1cfd [xt_NAT] [81402.540978] ipt_do_table+0x2e5/0x670 [ip_tables] [81402.540980] ? ip_route_input_noref+0xa8/0x1e0 [81402.540983] nf_hook_slow+0x36/0xa0 [81402.540986] ip_forward+0x40d/0x450 [81402.540987] ? ip4_obj_hashfn+0xc0/0xc0 [81402.540989] process_backlog+0x11a/0x230 [81402.540992] __napi_poll+0x1f/0x130 [81402.540994] net_rx_action+0x239/0x2f0 [81402.540996] ? run_timer_softirq+0x730/0x880 [81402.540998] __do_softirq+0xaf/0x1da [81402.541000] run_ksoftirqd+0x15/0x20 [81402.541004] smpboot_thread_fn+0xb3/0x140 [81402.541006] ? sort_range+0x20/0x20 [81402.541008] kthread+0xea/0x120 [81402.541010] ? kthread_park+0x80/0x80 [81402.541012] ret_from_fork+0x1f/0x30 [81416.300055] rcu: INFO: rcu_sched detected expedited stalls on CPUs/tasks: { [81476.311498] rcu: INFO: rcu_sched self-detected stall on CPU [81476.311500] rcu: 3-....: (1 GPs behind) idle=86a/1/0x4000000000000000 softirq=4703397/4703398 fqs=2596 last_accelerate: c5ff/dd71 dyntick_enabled: 1 [81476.311503] (t=6001 jiffies g=7517753 q=82419) [81476.311505] NMI backtrace for cpu 3 [81476.311506] CPU: 3 PID: 527214 Comm: kworker/3:2 Tainted: G O 5.12.1 #1 [81476.311507] Hardware name: Supermicro Super Server/X10SRD-F, BIOS 3.3 10/28/2020 [81476.311509] Workqueue: rcu_gp wait_rcu_exp_gp [81476.311512] Call Trace: [81476.311514] <IRQ> [81476.311515] dump_stack+0x65/0x7d [81476.311519] ? lapic_can_unplug_cpu+0x70/0x70 [81476.311521] nmi_trigger_cpumask_backtrace.cold+0x40/0x4d [81476.311523] rcu_dump_cpu_stacks+0xbe/0xec [81476.311527] rcu_sched_clock_irq.cold+0x195/0x3f1 [81476.311529] ? timekeeping_advance+0x34e/0x540 [81476.311531] update_process_times+0x88/0xc0 [81476.311534] tick_sched_timer+0x7f/0x110 [81476.311536] ? tick_nohz_dep_set_task+0x80/0x80 [81476.311537] __hrtimer_run_queues+0x10b/0x1b0 [81476.311539] hrtimer_interrupt+0x10a/0x420 [81476.311541] __sysvec_apic_timer_interrupt+0x47/0x60 [81476.311544] sysvec_apic_timer_interrupt+0x65/0x90 [81476.311547] </IRQ> [81476.311547] asm_sysvec_apic_timer_interrupt+0xf/0x20 [81476.311551] RIP: 0010:console_unlock+0x366/0x5e0 [81476.311554] Code: ff ff 8b 05 44 5f b2 01 85 c0 75 66 c7 05 3a 5f b2 01 01 00 00 00 e9 0f fd ff ff e8 f4 1c 00 00 48 85 db 74 01 fb 8b 54 24 0c <85> d2 0f 84 4a fd ff ff e8 1d 2b 7c 00 e9 40 fd ff ff 4d 85 ff 74 [81476.311555] RSP: 0018:ffff9dc980313cc0 EFLAGS: 00000206 [81476.311556] RAX: 0000000000000000 RBX: 0000000000000200 RCX: 0000000000000000 [81476.311557] RDX: 0000000000000000 RSI: 0000000000000087 RDI: ffffffff82b59898 [81476.311557] RBP: 0000000000000000 R08: ffff9786814db080 R09: 0000000000000000 [81476.311558] R10: ffff9786a85bac10 R11: ffff97872e90acf0 R12: 0000000000000048 [81476.311559] R13: 0000000000000000 R14: 20c49ba5e353f7cf R15: 0000000000000000 [81476.311560] vprintk_default+0x5a/0x150 [81476.311562] printk+0x43/0x45 [81476.311563] synchronize_rcu_expedited_wait.cold+0x20/0x2db [81476.311565] rcu_exp_wait_wake+0xc/0x110 [81476.311567] process_one_work+0x1ec/0x350 [81476.311569] worker_thread+0x4f/0x4d0 [81476.311570] ? process_one_work+0x350/0x350 [81476.311571] kthread+0xea/0x120 [81476.311573] ? kthread_park+0x80/0x80 [81476.311574] ret_from_fork+0x1f/0x30 [81551.199572] } 19586 jiffies s: 14473 root: 0x0/.

micron10 avatar May 08 '21 07:05 micron10

And on second machine :

[131284.218378] xt_NAT: 10.100.132.186 exceed max allowed sessions [131343.427798] rcu: INFO: rcu_sched self-detected stall on CPU [131343.427801] rcu: 3-....: (1 GPs behind) idle=4be/1/0x4000000000000000 softirq=8960814/8960815 fqs=2668 last_accelerate: dcd7/f4c8 dyntick_enabled: 1 [131343.427804] (t=6000 jiffies g=17240901 q=67393) [131343.427805] NMI backtrace for cpu 3 [131343.427807] CPU: 3 PID: 26 Comm: ksoftirqd/3 Tainted: G O 5.12.1 #1 [131343.427808] Hardware name: Supermicro Super Server/X10SRD-F, BIOS 3.3 10/28/2020 [131343.427809] Call Trace: [131343.427811] <IRQ> [131343.427812] dump_stack+0x65/0x7d [131343.427818] ? lapic_can_unplug_cpu+0x70/0x70 [131343.427821] nmi_trigger_cpumask_backtrace.cold+0x40/0x4d [131343.427824] rcu_dump_cpu_stacks+0xbe/0xec [131343.427826] rcu_sched_clock_irq.cold+0x195/0x3f1 [131343.427828] ? enqueue_task_fair+0x796/0xbd0 [131343.427831] update_process_times+0x88/0xc0 [131343.427834] tick_sched_timer+0x7f/0x110 [131343.427838] ? get_cpu_iowait_time_us+0x100/0x100 [131343.427840] __hrtimer_run_queues+0x10b/0x1b0 [131343.427842] hrtimer_interrupt+0x10a/0x420 [131343.427844] __sysvec_apic_timer_interrupt+0x47/0x60 [131343.427847] sysvec_apic_timer_interrupt+0x65/0x90 [131343.427850] </IRQ> [131343.427851] asm_sysvec_apic_timer_interrupt+0xf/0x20 [131343.427854] RIP: 0010:console_unlock+0x366/0x5e0 [131343.427856] Code: ff ff 8b 05 b4 01 b1 01 85 c0 75 66 c7 05 aa 01 b1 01 01 00 00 00 e9 0f fd ff ff e8 f4 1c 00 00 48 85 db 74 01 fb 8b 54 24 0c <85> d2 0f 84 4a fd ff ff e8 8d 25 7a 00 e9 40 fd ff ff 4d 85 ff 74 [131343.427857] RSP: 0018:ffffa6fe001afa20 EFLAGS: 00000206 [131343.427859] RAX: 0000000000000000 RBX: 0000000000000200 RCX: 0000000000000000 [131343.427860] RDX: 0000000000000000 RSI: 0000000000000083 RDI: ffffffff97b42818 [131343.427860] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [131343.427861] R10: ffffa31aeb52f630 R11: ffffa31b34ae78f0 R12: 000000000000004b [131343.427862] R13: 0000000000000000 R14: 20c49ba5e353f7cf R15: 0000000000000000 [131343.427863] ? common_interrupt+0x14/0xa0 [131343.427865] ? asm_common_interrupt+0x1b/0x40 [131343.427867] vprintk_default+0x5a/0x150 [131343.427868] printk+0x43/0x45 [131343.427870] create_nat_session+0x1b80/0x1cfd [xt_NAT] [131343.427873] ? 0xffffffffc02efb5a [131343.427874] create_nat_session+0xc55/0x1cfd [xt_NAT] [131343.427876] ipt_do_table+0x2e5/0x670 [ip_tables] [131343.427878] ? ip_route_input_noref+0xa8/0x1e0 [131343.427883] nf_hook_slow+0x36/0xa0 [131343.427884] ip_forward+0x40d/0x450 [131343.427886] ? ip4_obj_hashfn+0xc0/0xc0 [131343.427886] process_backlog+0x11a/0x230 [131343.427889] __napi_poll+0x1f/0x130 [131343.427891] net_rx_action+0x239/0x2f0 [131343.427893] __do_softirq+0xaf/0x1da [131343.427895] run_ksoftirqd+0x15/0x20 [131343.427898] smpboot_thread_fn+0xb3/0x140 [131343.427902] ? sort_range+0x20/0x20 [131343.427904] kthread+0xea/0x120 [131343.427907] ? kthread_park+0x80/0x80 [131343.427909] ret_from_fork+0x1f/0x30 [131346.552277] rcu: INFO: rcu_sched detected expedited stalls on CPUs/tasks: { [131346.561259] xt_NAT SNAT: Cannot create new session. Dropping packet [131406.576007] rcu: INFO: rcu_sched self-detected stall on CPU [131406.576009] rcu: 10-....: (1 GPs behind) idle=1d2/1/0x4000000000000000 softirq=10444121/10444122 fqs=2873 last_accelerate: f600/0d73 dyntick_enabled: 1 [131406.576012] (t=6001 jiffies g=17240905 q=100567) [131406.576014] NMI backtrace for cpu 10 [131406.576015] CPU: 10 PID: 1068014 Comm: kworker/10:2 Tainted: G O 5.12.1 #1 [131406.576017] Hardware name: Supermicro Super Server/X10SRD-F, BIOS 3.3 10/28/2020 [131406.576018] Workqueue: rcu_gp wait_rcu_exp_gp [131406.576023] Call Trace: [131406.576025] <IRQ> [131406.576026] dump_stack+0x65/0x7d [131406.576031] ? lapic_can_unplug_cpu+0x70/0x70 [131406.576034] nmi_trigger_cpumask_backtrace.cold+0x40/0x4d [131406.576037] rcu_dump_cpu_stacks+0xbe/0xec [131406.576039] rcu_sched_clock_irq.cold+0x195/0x3f1 [131406.576041] ? trigger_load_balance+0x9a/0x2b0 [131406.576044] update_process_times+0x88/0xc0 [131406.576047] tick_sched_timer+0x7f/0x110 [131406.576050] ? get_cpu_iowait_time_us+0x100/0x100 [131406.576052] __hrtimer_run_queues+0x10b/0x1b0 [131406.576054] hrtimer_interrupt+0x10a/0x420 [131406.576056] __sysvec_apic_timer_interrupt+0x47/0x60 [131406.576059] sysvec_apic_timer_interrupt+0x65/0x90 [131406.576063] </IRQ> [131406.576063] asm_sysvec_apic_timer_interrupt+0xf/0x20 [131406.576067] RIP: 0010:console_unlock+0x366/0x5e0 [131406.576069] Code: ff ff 8b 05 b4 01 b1 01 85 c0 75 66 c7 05 aa 01 b1 01 01 00 00 00 e9 0f fd ff ff e8 f4 1c 00 00 48 85 db 74 01 fb 8b 54 24 0c <85> d2 0f 84 4a fd ff ff e8 8d 25 7a 00 e9 40 fd ff ff 4d 85 ff 74 [131406.576070] RSP: 0018:ffffa6fe00313cc0 EFLAGS: 00000206 [131406.576071] RAX: 0000000000000000 RBX: 0000000000000200 RCX: 0000000000000000 [131406.576072] RDX: 0000000000000000 RSI: 0000000000000083 RDI: ffffffff97b42818 [131406.576072] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [131406.576073] R10: ffffa31aeb52e3d0 R11: ffffa31b3103c4f0 R12: 0000000000000050 [131406.576074] R13: 0000000000000000 R14: 20c49ba5e353f7cf R15: 0000000000000000 [131406.576075] ? asm_sysvec_call_function_single+0xf/0x20 [131406.576077] vprintk_default+0x5a/0x150 [131406.576078] printk+0x43/0x45 [131406.576080] synchronize_rcu_expedited_wait.cold+0x20/0x2db [131406.576081] rcu_exp_wait_wake+0xc/0x110 [131406.576083] process_one_work+0x1ec/0x350 [131406.576086] worker_thread+0x4f/0x4d0 [131406.576088] ? process_one_work+0x350/0x350 [131406.576090] kthread+0xea/0x120 [131406.576091] ? kthread_park+0x80/0x80 [131406.576092] ret_from_fork+0x1f/0x30 [131419.078711] } 13274 jiffies s: 207057 root: 0x0/. [134528.285215] xt_NAT: 10.100.179.15 exceed max allowed sessions

micron10 avatar May 08 '21 10:05 micron10

Other error :

May 13 09:54:27 [433331.620926][ C8] general protection fault, probably for non-canonical address 0xbc413d60993fb846: 0000 [#1] SMP NOPTI May 13 09:54:27 [433331.640872][ C8] CPU: 8 PID: 0 Comm: swapper/8 Tainted: G O 5.12.1 #1 May 13 09:54:27 [433331.663166][ C8] Hardware name: Supermicro Super Server/X10SRD-F, BIOS 3.3 10/28/2020 May 13 09:54:27 [433331.688177][ C8] RIP: 0010:kmem_cache_alloc+0x58/0x130 May 13 09:54:27 [433331.701840][ C8] Code: 08 65 48 03 0d b9 4b e9 60 48 83 79 10 00 4c 8b 01 0f 84 b8 00 00 00 4d 85 c0 0f 84 af 00 00 00 8b 45 28 48 8b 7d 00 4c 01 c0 <48> 8b 18 48 89 c1 48 33 9d b8 00 00 00 48 0f c9 4c 89 c0 48 31 cb May 13 09:54:27 [433331.747133][ C8] RSP: 0018:ffffbaab0029cc78 EFLAGS: 00010292 May 13 09:54:27 [433331.763409][ C8] RAX: bc413d60993fb846 RBX: 000000000000c869 RCX: ffff97f69fc25060 May 13 09:54:27 [433331.797287][ C8] RDX: 0000000001ee0167 RSI: 0000000000000b20 RDI: 0000000000025060 May 13 09:54:27 [433331.834196][ C8] RBP: ffff97ef40042300 R08: bc413d60993fb83e R09: 000000000000c869 May 13 09:54:27 [433331.873937][ C8] R10: 0000000000000011 R11: 00000000000069c8 R12: 0000000000000b20 May 13 09:54:31 [433331.916719][ C8] R13: 0000000000000011 R14: 0000000000000000 R15: 000000000000c869 May 13 09:54:31 [433331.962542][ C8] FS: 0000000000000000(0000) GS:ffff97f69fc00000(0000) knlGS:0000000000000000 May 13 09:54:31 [433332.009225][ C8] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 13 09:54:31 [433332.032742][ C8] CR2: 00007ffe8907a98c CR3: 0000000105f44002 CR4: 00000000001706e0 May 13 09:54:31 [433332.078725][ C8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 May 13 09:54:31 [433332.124973][ C8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 May 13 09:54:31 [433332.172897][ C8] Call Trace: May 13 09:54:31 [433332.196258][ C8] <IRQ> May 13 09:54:31 [433332.219014][ C8] create_nat_session+0x13b/0x1bf3 [xt_NAT] May 13 09:54:31 [433332.242093][ C8] create_nat_session+0xe8d/0x1bf3 [xt_NAT] May 13 09:54:31 [433332.264444][ C8] ipt_do_table+0x2e5/0x670 [ip_tables] May 13 09:54:31 [433332.286418][ C8] ? ip_route_input_noref+0xa8/0x1e0 May 13 09:54:31 [433332.308163][ C8] nf_hook_slow+0x36/0xa0 May 13 09:54:31 [433332.329615][ C8] ip_forward+0x40d/0x450 May 13 09:54:31 [433332.350454][ C8] ? ip4_obj_hashfn+0xc0/0xc0 May 13 09:54:31 [433332.371101][ C8] process_backlog+0x11a/0x230 May 13 09:54:31 [433332.391358][ C8] __napi_poll+0x1f/0x130 May 13 09:54:31 [433332.411321][ C8] net_rx_action+0x239/0x2f0 May 13 09:54:31 [433332.430815][ C8] __do_softirq+0xaf/0x1da May 13 09:54:31 [433332.449812][ C8] do_softirq+0x5c/0x80 May 13 09:54:31 [433332.468261][ C8] </IRQ> May 13 09:54:31 [433332.486004][ C8] flush_smp_call_function_from_idle+0x3f/0x60 May 13 09:54:31 [433332.503929][ C8] do_idle+0x12e/0x200 May 13 09:54:31 [433332.521321][ C8] cpu_startup_entry+0x14/0x20 May 13 09:54:31 [433332.538324][ C8] secondary_startup_64_no_verify+0xc2/0xcb May 13 09:54:31 [433332.555128][ C8] Modules linked in: xt_NAT(O) nf_conntrack_netlink nfnetlink vlan_mon(O) pppoe pppox ppp_generic slhc xt_TCPMSS xt_nat xt_MASQUERADE xt_CT iptable_raw iptable_mangle iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter ip_tables team_mode_loadbalance team netconsole coretemp ixgbe mdio mdio_devres libphy acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler rtc_cmos May 13 09:54:31 [433332.657475][ C8] ---[ end trace 5476aee8a5e90d6b ]--- May 13 09:54:31 [433332.674601][ C8] RIP: 0010:kmem_cache_alloc+0x58/0x130 May 13 09:54:31 [433332.691397][ C8] Code: 08 65 48 03 0d b9 4b e9 60 48 83 79 10 00 4c 8b 01 0f 84 b8 00 00 00 4d 85 c0 0f 84 af 00 00 00 8b 45 28 48 8b 7d 00 4c 01 c0 <48> 8b 18 48 89 c1 48 33 9d b8 00 00 00 48 0f c9 4c 89 c0 48 31 cb May 13 09:54:31 [433332.741982][ C8] RSP: 0018:ffffbaab0029cc78 EFLAGS: 00010292 May 13 09:54:31 [433332.759496][ C8] RAX: bc413d60993fb846 RBX: 000000000000c869 RCX: ffff97f69fc25060 May 13 09:54:31 [433332.794853][ C8] RDX: 0000000001ee0167 RSI: 0000000000000b20 RDI: 0000000000025060 May 13 09:54:31 [433332.831997][ C8] RBP: ffff97ef40042300 R08: bc413d60993fb83e R09: 000000000000c869 May 13 09:54:31 [433332.870787][ C8] R10: 0000000000000011 R11: 00000000000069c8 R12: 0000000000000b20 May 13 09:54:31 [433332.911575][ C8] R13: 0000000000000011 R14: 0000000000000000 R15: 000000000000c869 May 13 09:54:31 [433332.954259][ C8] FS: 0000000000000000(0000) GS:ffff97f69fc00000(0000) knlGS:0000000000000000 May 13 09:54:31 [433332.999078][ C8] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 13 09:54:31 [433333.022506][ C8] CR2: 00007ffe8907a98c CR3: 0000000105f44002 CR4: 00000000001706e0 May 13 09:54:31 [433333.069027][ C8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 May 13 09:54:31 [433333.117063][ C8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 May 13 09:54:31 [433333.165652][ C8] Kernel panic - not syncing: Fatal exception in interrupt May 13 09:54:31 [433333.306970][ C8] Kernel Offset: 0x1e000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) May 13 09:54:31 [433333.355225][ C8] Rebooting in 10 seconds.. May 13 09:54:38 [433343.379120][ C8] ACPI MEMORY or I/O RESET_REG.

micron10 avatar May 13 '21 10:05 micron10

same how to reproduce:

  1. install xt_NAT
  2. configure as you want
  3. From client: masscan xxx.xxx.xxx.xxx/xx --ports U:1-65535 --adapter-port 40000-48191 --rate 1000

alakiza avatar Dec 16 '21 22:12 alakiza

this is not a fix, but module doesn't crash and cpu not stuck (just comment printk)

diff --git a/xt_NAT.c b/xt_NAT.c
index 739de02..5ac268d 100644
--- a/xt_NAT.c
+++ b/xt_NAT.c
@@ -625,7 +625,7 @@ struct nat_htable_ent *create_nat_session(const uint8_t proto, const u_int32_t u
     atomic64_inc(&sessions_tried);

     if (unlikely(check_user_limits(proto, useraddr) == 0)) {
-        printk(KERN_NOTICE "xt_NAT: %pI4 exceed max allowed sessions\n", &useraddr);
+        //printk(KERN_NOTICE "xt_NAT: %pI4 exceed max allowed sessions\n", &useraddr);
         return NULL;
     }

@@ -827,7 +827,7 @@ nat_tg(struct sk_buff *skb, const struct xt_action_param *par)
                 */
                 session = create_nat_session(ip->protocol, ip->saddr, tcp->source, nat_addr);
                 if (session == NULL) {
-                    printk(KERN_NOTICE "xt_NAT SNAT: Cannot create new session. Dropping packet\n");
+                    //printk(KERN_NOTICE "xt_NAT SNAT: Cannot create new session. Dropping packet\n");
                     return NF_DROP;
                 }

@@ -878,7 +878,7 @@ nat_tg(struct sk_buff *skb, const struct xt_action_param *par)

                 session = create_nat_session(ip->protocol, ip->saddr, udp->source, nat_addr);
                 if (session == NULL) {
-                    printk(KERN_NOTICE "xt_NAT SNAT: Cannot create new session. Dropping packet\n");
+                    //printk(KERN_NOTICE "xt_NAT SNAT: Cannot create new session. Dropping packet\n");
                     return NF_DROP;
                 }

@@ -937,7 +937,7 @@ nat_tg(struct sk_buff *skb, const struct xt_action_param *par)

                 session = create_nat_session(ip->protocol, ip->saddr, nat_port, nat_addr);
                 if (session == NULL) {
-                    printk(KERN_NOTICE "xt_NAT SNAT: Cannot create new session. Dropping packet\n");
+                    //printk(KERN_NOTICE "xt_NAT SNAT: Cannot create new session. Dropping packet\n");
                     return NF_DROP;
                 }

@@ -977,7 +977,7 @@ nat_tg(struct sk_buff *skb, const struct xt_action_param *par)

                 session = create_nat_session(ip->protocol, ip->saddr, 0, nat_addr);
                 if (session == NULL) {
-                    printk(KERN_NOTICE "xt_NAT SNAT: Cannot create new session. Dropping packet\n");
+                    //printk(KERN_NOTICE "xt_NAT SNAT: Cannot create new session. Dropping packet\n");
                     return NF_DROP;
                 }

alakiza avatar Dec 16 '21 22:12 alakiza