[syslog-ng] spoof-source performance issues
Peter Czanik
czanik at balabit.hu
Thu Jul 1 17:19:41 CEST 2010
Hello,
2010-06-30 15:51 keltezéssel, Peter Czanik írta:
> 2010-06-29 20:15 keltezéssel, Martin Holste írta:
>
>> Yep, I was looking at the latest 11 release SRPM I could find, which
>> was still libnet-1.1.2.1-140.22. In one of the previous threads on
>> this mailing list, a very valuable link was provided which has the
>> exact source code needed for the patch:
>> http://www.securityfocus.com/archive/89/384197/30/90/threaded .
>>
>>
> OK. Instead of just checking dates, I inspected now the SuSE patches
> more closely. Another patch is already applied to src/libnet_checksum.c
> in the patch called libnet-1.1.2.1-strict-aliasing-fix.diff which
> replaces the libnet_in_cksum() function with another one. The relevant
> part of the patch is:
>
> [...]
> With my limited C knowledge I don't know how much is this different from
> the one on securityfocus.com. Did you test 11.X that the problem is
> still there?
>
OK. Built a test environment with openSUSE 11.2 and Factory using source
spoofing and had no UDP problems at all. So the three years old SuSE
patch seems to fix the problem too. SLES 10, which is used by the
reporter, was released earlier, so no wonder, that it fails. SLES 11 has
the patch and does not seem to be affected either.
Bye,
CzP
More information about the syslog-ng
mailing list