retitle 571634 xen-utils-common vif-common.sh still using --physdev-out, --state found 571634 4.0.0-1 thanks
Hi, That link to upstream patch in the last message is apparently broken, a working one is: http://xenbits.xen.org/hg/xen-unstable.hg/rev/b0fe8260cefa but also more importantly for the current stable package: http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/af7110f4f803 Because the state module is activated, conntrack kicks in, and eventually a high amount of traffic will cause the following to happen on dom0: Jun 9 09:24:45 crux kernel: [27998.532343] nf_conntrack: table full, dropping packet. Jun 9 09:24:54 crux kernel: [28007.820634] nf_conntrack: table full, dropping packet. Jun 9 09:24:54 crux kernel: [28007.820651] nf_conntrack: table full, dropping packet. That could almost qualify as an excessive susceptibility to DoS, i.e. a security issue. Please fix both bugs in stable. TIA. -- 2. That which causes joy or happiness. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
