Comment 0 for bug 1811094
Revision history for this message
| Mauricio Faria de Oliveira (mfo) wrote | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f399f05
demo site
(Get the code!)
The following iptables connlimit rule can be breached
with a multithreaded client and network device driver,
due to a race in the conncount/connlimit code:
# iptables -A INPUT -p tcp -m tcp --syn --dport 7777 \
-m connlimit --connlimit-above 2000 --connlimit-mask 0 \
-j DROP
NOTE: Patches will be sent to the kernel-team mailing list
and more details/testing will be provided later today.