* Fw: [Bug 39132] Starting with 3.0.0-rc6, masquerading seems to be broken.
@ 2011-08-04 17:31 Florian Mickler
2011-08-04 18:38 ` Julian Anastasov
0 siblings, 1 reply; 7+ messages in thread
From: Florian Mickler @ 2011-08-04 17:31 UTC (permalink / raw)
To: netdev; +Cc: David Miller
Can someone take a look at this regression?
Begin forwarded message:
Date: Thu, 28 Jul 2011 04:51:12 GMT
From: bugzilla-daemon@bugzilla.kernel.org
To: florian@mickler.org
Subject: [Bug 39132] Starting with 3.0.0-rc6, masquerading seems to be
broken.
https://bugzilla.kernel.org/show_bug.cgi?id=39132
Francis Whittle <FJ.Whittle@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |FJ.Whittle@gmail.com
--- Comment #18 from Francis Whittle <FJ.Whittle@gmail.com> 2011-07-28
04:50:56 --- Similar story here, bug is still present in v3.0
--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Fw: [Bug 39132] Starting with 3.0.0-rc6, masquerading seems to be broken.
2011-08-04 17:31 Fw: [Bug 39132] Starting with 3.0.0-rc6, masquerading seems to be broken Florian Mickler
@ 2011-08-04 18:38 ` Julian Anastasov
2011-08-04 19:12 ` Florian Mickler
2011-08-05 4:09 ` Fw: " David Hill
0 siblings, 2 replies; 7+ messages in thread
From: Julian Anastasov @ 2011-08-04 18:38 UTC (permalink / raw)
To: Florian Mickler; +Cc: hilld, netdev, David Miller
Hello,
On Thu, 4 Aug 2011, Florian Mickler wrote:
> Can someone take a look at this regression?
>
> Begin forwarded message:
>
> Date: Thu, 28 Jul 2011 04:51:12 GMT
> From: bugzilla-daemon@bugzilla.kernel.org
> To: florian@mickler.org
> Subject: [Bug 39132] Starting with 3.0.0-rc6, masquerading seems to be
> broken.
>
>
> https://bugzilla.kernel.org/show_bug.cgi?id=39132
So, problem points again to
"Fix ip_route_me_harder triggering ip_rt_bug" ? May be
David C. Hill or Florian can provide some information, eg. is
tproxy used, what NAT rules are used, any rules in OUTPUT
hooks (NAT/mangle) and which packets are dropped.
Regards
--
Julian Anastasov <ja@ssi.bg>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bug 39132] Starting with 3.0.0-rc6, masquerading seems to be broken.
2011-08-04 18:38 ` Julian Anastasov
@ 2011-08-04 19:12 ` Florian Mickler
2011-08-05 4:09 ` Fw: " David Hill
1 sibling, 0 replies; 7+ messages in thread
From: Florian Mickler @ 2011-08-04 19:12 UTC (permalink / raw)
To: Julian Anastasov; +Cc: hilld, netdev, David Miller, bugzilla-daemon
On Thu, 4 Aug 2011 21:38:48 +0300 (EEST)
Julian Anastasov <ja@ssi.bg> wrote:
>
> Hello,
>
> On Thu, 4 Aug 2011, Florian Mickler wrote:
>
> > Can someone take a look at this regression?
> >
> > Begin forwarded message:
> >
> > Date: Thu, 28 Jul 2011 04:51:12 GMT
> > From: bugzilla-daemon@bugzilla.kernel.org
> > To: florian@mickler.org
> > Subject: [Bug 39132] Starting with 3.0.0-rc6, masquerading seems to be
> > broken.
> >
> >
> > https://bugzilla.kernel.org/show_bug.cgi?id=39132
>
> So, problem points again to
> "Fix ip_route_me_harder triggering ip_rt_bug" ? May be
> David C. Hill or Florian can provide some information, eg. is
> tproxy used, what NAT rules are used, any rules in OUTPUT
> hooks (NAT/mangle) and which packets are dropped.
>
> Regards
>
> --
> Julian Anastasov <ja@ssi.bg>
That would have to come from David C. Hill, since I'm not expiriencing
this bug.
Regards,
Flo
p.s.: I added the bugzilla daemon to the cc in the hope that this mail
will land as a comment in there.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Fw: [Bug 39132] Starting with 3.0.0-rc6, masquerading seems to be broken.
2011-08-04 18:38 ` Julian Anastasov
2011-08-04 19:12 ` Florian Mickler
@ 2011-08-05 4:09 ` David Hill
2011-08-05 15:16 ` Julian Anastasov
2011-08-15 15:27 ` Julian Anastasov
1 sibling, 2 replies; 7+ messages in thread
From: David Hill @ 2011-08-05 4:09 UTC (permalink / raw)
To: Julian Anastasov, Florian Mickler; +Cc: netdev, David Miller
Hello Julian,
I'm not using TPROXY and I've used a blank firewall with only
masquerading and reproduced the issue.
Nothing is in NAT/mangle nor OUTPUT but the rules mentionned in the
attached files to this bug.
Francis Whittle (Comment #18) has the same issue.
Thank you ,
Dave
----- Original Message -----
From: "Julian Anastasov" <ja@ssi.bg>
To: "Florian Mickler" <florian@mickler.org>
Cc: <hilld@binarystorm.net>; <netdev@vger.kernel.org>; "David Miller"
<davem@davemloft.net>
Sent: Thursday, August 04, 2011 2:38 PM
Subject: Re: Fw: [Bug 39132] Starting with 3.0.0-rc6, masquerading seems to
be broken.
>
> Hello,
>
> On Thu, 4 Aug 2011, Florian Mickler wrote:
>
>> Can someone take a look at this regression?
>>
>> Begin forwarded message:
>>
>> Date: Thu, 28 Jul 2011 04:51:12 GMT
>> From: bugzilla-daemon@bugzilla.kernel.org
>> To: florian@mickler.org
>> Subject: [Bug 39132] Starting with 3.0.0-rc6, masquerading seems to be
>> broken.
>>
>>
>> https://bugzilla.kernel.org/show_bug.cgi?id=39132
>
> So, problem points again to
> "Fix ip_route_me_harder triggering ip_rt_bug" ? May be
> David C. Hill or Florian can provide some information, eg. is
> tproxy used, what NAT rules are used, any rules in OUTPUT
> hooks (NAT/mangle) and which packets are dropped.
>
> Regards
>
> --
> Julian Anastasov <ja@ssi.bg>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
>
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 10.0.1390 / Virus Database: 1518/3810 - Release Date: 08/04/11
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Fw: [Bug 39132] Starting with 3.0.0-rc6, masquerading seems to be broken.
2011-08-05 4:09 ` Fw: " David Hill
@ 2011-08-05 15:16 ` Julian Anastasov
2011-08-15 15:27 ` Julian Anastasov
1 sibling, 0 replies; 7+ messages in thread
From: Julian Anastasov @ 2011-08-05 15:16 UTC (permalink / raw)
To: David Hill; +Cc: Florian Mickler, netdev, David Miller, bugzilla-daemon
Hello,
On Fri, 5 Aug 2011, David Hill wrote:
> I'm not using TPROXY and I've used a blank firewall with only masquerading
> and reproduced the issue.
> Nothing is in NAT/mangle nor OUTPUT but the rules mentionned in the attached
> files to this bug.
>
> Francis Whittle (Comment #18) has the same issue.
I compiled 3.0 kernel, added one -j MASQUERADE and
tried TCP connection - it works. I'm not sure ip_route_me_harder
is called for masqueraded traffic, usually it is called
from LOCAL_OUT handlers or to send TCP RST (-j REJECT) via
LOCAL_OUT, not for forwarded traffic.
Can you show lines of tcpdump output with addresses and
ports, so that I can understand what kind of traffic is
dropped, is it initial forwarded packet or its response,
is it problem with some ICMP packets, I assume there is
no problem with locally generated traffic.
Can you show output from:
# grep . /proc/sys/net/ipv4/conf/*/rp_filter
# grep . /proc/sys/net/ipv4/conf/*/send_redirects
If it works with -rc5 it should not be rp_filter,
for NAT, problem can be with ICMP redirects or something else.
Can you tell us if the internal and external devices are
same or may be many.
Regards
--
Julian Anastasov <ja@ssi.bg>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Fw: [Bug 39132] Starting with 3.0.0-rc6, masquerading seems to be broken.
2011-08-05 4:09 ` Fw: " David Hill
2011-08-05 15:16 ` Julian Anastasov
@ 2011-08-15 15:27 ` Julian Anastasov
1 sibling, 0 replies; 7+ messages in thread
From: Julian Anastasov @ 2011-08-15 15:27 UTC (permalink / raw)
To: David Hill; +Cc: Florian Mickler, netdev, David Miller, bugzilla-daemon
Hello,
On Fri, 5 Aug 2011, David Hill wrote:
> Hello Julian,
>
> I'm not using TPROXY and I've used a blank firewall with only masquerading
> and reproduced the issue.
> Nothing is in NAT/mangle nor OUTPUT but the rules mentionned in the attached
> files to this bug.
>
> Francis Whittle (Comment #18) has the same issue.
>
> > Hello,
> >
> > On Thu, 4 Aug 2011, Florian Mickler wrote:
> >
> > > Can someone take a look at this regression?
> > >
> > > Begin forwarded message:
> > >
> > > Date: Thu, 28 Jul 2011 04:51:12 GMT
> > > From: bugzilla-daemon@bugzilla.kernel.org
> > > To: florian@mickler.org
> > > Subject: [Bug 39132] Starting with 3.0.0-rc6, masquerading seems to be
> > > broken.
> > >
> > >
> > > https://bugzilla.kernel.org/show_bug.cgi?id=39132
> >
> > So, problem points again to
> > "Fix ip_route_me_harder triggering ip_rt_bug" ? May be
> > David C. Hill or Florian can provide some information, eg. is
> > tproxy used, what NAT rules are used, any rules in OUTPUT
> > hooks (NAT/mangle) and which packets are dropped.
May be it is a sequence of two problems. I now
checked the tcpdump log from Francis Whittle. The
"seq 352:1792" packet at 18:44:29.235154 that is not
SNAT-ed is long, can it be some PMTU event that triggers
ICMP response to the internal host? Because I see changes
in MSS. May be rc5 triggers ICMP FRAG NEEDED while rc6
does not. It can happen because:
1. ICMP uses non-local iph->saddr when XFRM is compiled,
reverse lookup fails with ENOENT but fl4->saddr is
already damaged with the original daddr (non-local).
Fix is here: http://marc.info/?t=131118984300003&r=1&w=2
2. The patched ip_route_me_harder between 3.0-rc5 and
3.0-rc6 expects that sockets always provide local address.
This is wrong for some cases such as TCP (uses different
SOCK_RAW socket for some packets and can cause problem
for tproxy), RAW (can use spoofed sources) and now the
ICMP code that incorrectly provides non-local address.
Fix is here: http://marc.info/?t=131274411600001&r=1&w=2
I hope (any of) these two fixes should solve the
masquerading problems. If that is not true, tcpdump from rc5
would be helpful for comparison.
Regards
--
Julian Anastasov <ja@ssi.bg>
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug #39132] Starting with 3.0.0-rc6, masquerading seems to be broken.
2011-08-14 19:02 3.1-rc1-git9: Reported regressions 2.6.39 -> 3.0 Rafael J. Wysocki
@ 2011-08-14 19:07 ` Rafael J. Wysocki
0 siblings, 0 replies; 7+ messages in thread
From: Rafael J. Wysocki @ 2011-08-14 19:07 UTC (permalink / raw)
To: Linux Kernel Mailing List
Cc: Kernel Testers List, Maciej Rutecki, Florian Mickler, David Hill,
Linus Torvalds
This message has been generated automatically as a part of a report
of regressions introduced between 2.6.39 and 3.0.
The following bug entry is on the current list of known regressions
introduced between 2.6.39 and 3.0. Please verify if it still should
be listed and let the tracking team know (either way).
Bug-Entry : http://bugzilla.kernel.org/show_bug.cgi?id=39132
Subject : Starting with 3.0.0-rc6, masquerading seems to be broken.
Submitter : David Hill <hilld@binarystorm.net>
Date : 2011-07-10 19:45 (36 days old)
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2011-08-15 15:22 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-08-04 17:31 Fw: [Bug 39132] Starting with 3.0.0-rc6, masquerading seems to be broken Florian Mickler
2011-08-04 18:38 ` Julian Anastasov
2011-08-04 19:12 ` Florian Mickler
2011-08-05 4:09 ` Fw: " David Hill
2011-08-05 15:16 ` Julian Anastasov
2011-08-15 15:27 ` Julian Anastasov
2011-08-14 19:02 3.1-rc1-git9: Reported regressions 2.6.39 -> 3.0 Rafael J. Wysocki
2011-08-14 19:07 ` [Bug #39132] Starting with 3.0.0-rc6, masquerading seems to be broken Rafael J. Wysocki
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.