From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp66.iad3a.emailsrvr.com (smtp66.iad3a.emailsrvr.com [173.203.187.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id DB9D33CB35 for ; Sat, 23 Jan 2021 11:29:46 -0500 (EST) X-Auth-ID: jf@jonathanfoulkes.com Received: by smtp1.relay.iad3a.emailsrvr.com (Authenticated sender: jf-AT-jonathanfoulkes.com) with ESMTPSA id 6D8F1175B; Sat, 23 Jan 2021 11:29:46 -0500 (EST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) From: Jonathan Foulkes In-Reply-To: <626C02F8-C761-44B1-A5B0-0B55B564BC94@gmx.de> Date: Sat, 23 Jan 2021 11:29:45 -0500 Cc: =?utf-8?Q?Toke_H=C3=B8iland-J=C3=B8rgensen?= , cerowrt-devel@lists.bufferbloat.net, Y via Bloat Content-Transfer-Encoding: quoted-printable Message-Id: References: <87turceco5.fsf@toke.dk> <557C22F5-BF2E-478A-8C48-BE52F9C75256@jonathanfoulkes.com> <875z3o65c9.fsf@toke.dk> <626C02F8-C761-44B1-A5B0-0B55B564BC94@gmx.de> To: Sebastian Moeller X-Mailer: Apple Mail (2.3608.120.23.2.4) X-Classification-ID: ad29483c-bd1e-448e-9f2d-b76a43025815-1-1 Subject: Re: [Cerowrt-devel] [Bloat] New OpenWrt release fixing several dnsmasq CVEs X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Jan 2021 16:29:46 -0000 Hi Seb, someone did just that and even better, compared two builds with = the dnsmasq being the only variable, and did not see any differences: = https://forum.openwrt.org/t/security-advisory-2021-01-19-1-dnsmasq-multipl= e-vulnerabilities/85903/85 =46rom other comments, looks like they found the bug and are testing the = fix. = https://git.openwrt.org/?p=3Dopenwrt/staging/ldir.git;a=3Dcommitdiff;h=3D9= a18346676850646764072ffcfd32ad9396d95c3 Jonathan > On Jan 22, 2021, at 4:40 PM, Sebastian Moeller = wrote: >=20 > Could you try to run top or htop and look at the CPU load? I could = imagine that the fixes dnsmasq might have some CPU spikes that simply = leave not enough cycles for the traffic shaper? >=20 > Best Regards > Sebastian >=20 >> On Jan 22, 2021, at 22:25, Jonathan Foulkes = wrote: >>=20 >> I figure there should be no inter-dependencies there, but the = side-effect of the new dnsmasq is pretty serious. >>=20 >> I did not install .6, I only performed an opkg update of the dnamasq = package itself. So kernal is the same in my case. >>=20 >> But others running a full .6 build report similar QoS issues. >>=20 >> I regressed back to .4 and all is good on the QoS front, waiting = until a new drop of dnsmasq before trying again. >>=20 >> - Jonathan >>=20 >>> On Jan 22, 2021, at 4:15 PM, Toke H=C3=B8iland-J=C3=B8rgensen = wrote: >>>=20 >>> Jonathan Foulkes writes: >>>=20 >>>> I installed the updated package on a 19.07.4 box running cake, and = QoS performance went down the tubes. >>>> Last night it locked up completely while attempting to stream. >>>>=20 >>>> See the PingPlots others have posted to this forum thread, mine = look similar, went from constant sub 50ms to very spiky, then some loss, = loss increasing, and if high traffic, lock-up. >>>> = https://forum.openwrt.org/t/security-advisory-2021-01-19-1-dnsmasq-multipl= e-vulnerabilities/85903/39 >>>>=20 >>>> load is low, sirq is low, so box does not seem stressed. >>>>=20 >>>> Any reason Cake would be sensitive to a dnsmasq bug? >>>=20 >>> No, not really. I mean, dnsmasq could be sending some traffic that >>> interferes with stuff? Or it could be a kernel regression - the = release >>> did bump the kernel version as well... >>>=20 >>> -Toke >>=20 >> _______________________________________________ >> Bloat mailing list >> Bloat@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/bloat >=20