Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
hardened kernel 4.6.3 lost ipv6 after a DDoS
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3684
Location: Hamburg

PostPosted: Thu Jul 07, 2016 1:40 pm    Post subject: hardened kernel 4.6.3 lost ipv6 after a DDoS Reply with quote

Got this
Code:
Jul  7 15:36:28 ms-magpie kernel: ------------[ cut here ]------------
Jul  7 15:36:28 ms-magpie kernel: WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:306 dev_watchdog+0x243/0x260
Jul  7 15:36:28 ms-magpie kernel: NETDEV WATCHDOG: enp3s0 (r8169): transmit queue 0 timed out
Jul  7 15:36:28 ms-magpie kernel: Modules linked in: af_packet nf_log_ipv6 xt_limit nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables nf_log_ipv4 nf_log_common xt_LOG xt_multiport nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack iptable_filter ip_tables i2c_i801 i2c_core tpm_tis tpm thermal processor atkbd button x86_pkg_temp_thermal
Jul  7 15:36:28 ms-magpie kernel: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.6.3-hardened #1
Jul  7 15:36:28 ms-magpie kernel: Hardware name: System manufacturer System Product Name/P8H77-M PRO, BIOS 9002 05/30/2014
Jul  7 15:36:28 ms-magpie kernel:  0000000000000000 ffff88041fa03db8 ffffffffbb3d655b 0000000000000007
Jul  7 15:36:28 ms-magpie kernel:  ffff88041fa03e08 0000000000000000 ffff88041fa03df8 ffffffffbb07f7dd
Jul  7 15:36:28 ms-magpie kernel:  000001321fa11640 0000000000000000 ffff88040d354080 0000000000000000
Jul  7 15:36:28 ms-magpie kernel: Call Trace:
Jul  7 15:36:28 ms-magpie kernel:  <IRQ>  [<ffffffffbb3d655b>] dump_stack+0x4e/0x83
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbb07f7dd>] __warn+0xcd/0x100
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbb07f85a>] warn_slowpath_fmt+0x4a/0x70
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbb59d633>] dev_watchdog+0x243/0x260
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbb59d3f0>] ? dev_deactivate_queue+0x80/0x80
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbb0db7b3>] call_timer_fn.isra.24+0x33/0xa0
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbb59d3f0>] ? dev_deactivate_queue+0x80/0x80
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbb0dba52>] run_timer_softirq+0x232/0x3c0
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbb0eb188>] ? clockevents_program_event+0x98/0x160
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbb08444d>] __do_softirq+0xfd/0x210
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbb0846d0>] irq_exit+0x80/0xa0
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbb03e9a4>] smp_apic_timer_interrupt+0x54/0x80
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbb67805b>] apic_timer_interrupt+0x8b/0x90
Jul  7 15:36:28 ms-magpie kernel:  <EOI>  [<ffffffffbb53fa75>] ? cpuidle_enter_state+0x185/0x240
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbb53fb82>] cpuidle_enter+0x12/0x30
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbb0c0530>] cpu_startup_entry+0x1d0/0x220
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbbe13120>] ? early_idt_handler_array+0x120/0x120
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbb6701f5>] rest_init+0x6d/0x88
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbbe14c6c>] start_kernel+0x64c/0x692
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbbe13120>] ? early_idt_handler_array+0x120/0x120
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbbe7c7ff>] ? memblock_reserve+0x76/0x9c
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbbe136d7>] x86_64_start_reservations+0x53/0x75
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbbe136d7>] ? x86_64_start_reservations+0x53/0x75
Jul  7 15:36:28 ms-magpie kernel:  [<ffffffffbbe1382d>] x86_64_start_kernel+0x134/0x16f
Jul  7 15:36:28 ms-magpie kernel: ---[ end trace b779686b40691d67 ]---
Jul  7 15:36:28 ms-magpie kernel: r8169 0000:03:00.0 enp3s0: link up

which correlates to :
Quote:

Abuse-Message [AbuseID:292A7D:28]: AttackInLevel: IN Attack notification for IP 5.9.158.75 (Router: core1.hetzner.de) [Network-Normal]
...
> Direction IN
> Internal 5.9.158.75
> Threshold Packets 300.000 packets/s
> Sum 100.982.000 packets/300s (336.606 packets/s), 100.769 flows/300s (335 flows/s), 6,093 GByte/300s (166 MBit/s)

The IPv6 monitoring from my ISP told my that the to be monitored services weren't reachable any longer at ipv6 (at ipv4 there was no issue).

Restarting the NIC brought back green lights for the services at the ipv6 ports too.

Does anybody made similar experiences after a high load of incoming packets ?
Back to top
View user's profile Send private message
user
Tux's lil' helper
Tux's lil' helper


Joined: 08 Feb 2004
Posts: 145

PostPosted: Wed Jul 13, 2016 7:29 pm    Post subject: Reply with quote

You are not alone with r8169.

see https://bugzilla.kernel.org/show_bug.cgi?id=14962

Maybe disabling aspm helps (if not already disabled, cross check with lspci):
Code:
pcie_aspm=off


or try patch https://patchwork.kernel.org/patch/2403501/
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum