From: Pierre Chifflier <chifflier@wzdftpd.net>
To: Patrick McHardy <kaber@trash.net>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [RFH] bridge: add new target NFQUEUE for ebtables
Date: Thu, 17 Feb 2011 14:37:27 +0100 [thread overview]
Message-ID: <4D5D2497.5020908@wzdftpd.net> (raw)
In-Reply-To: <4D5CFCDD.10007@trash.net>
On 02/17/2011 11:47 AM, Patrick McHardy wrote:
> Am 16.02.2011 17:57, schrieb Pierre Chifflier:
>> Hi,
>>
>> Thanks for your reply Patrick.
>> So I did the following:
>> - rebased on today's nf-next-2.6
>> - apply only the first patch (which makes afinfo optional)
>> - revert all other patches
>> - apply the recent fix on nf_iterate since it was the cause of my oops
>>
>> I patched ebtables to use xt_NFQUEUE (using a struct xt_NFQ_info_v1 with
>> arguments queuenum 1 and queues_total 1), and removed any other change.
>>
>> When I add a rule with the NFQUEUE target with ebtables, I almost
>> immediately get a panic (full backtrace later in this mail).
>>
>> What is weird is that I got a NULL skb in ebt_in_hook (frame 2) while
>> the skb was not NULL earlier - like if it was stolen by some hook. Any
>> idea on what could cause that ?
>
> The backtrace doesn't seem to be fully accurate. Please also post
> the full oops output corresponding to the backtrace.
>
> Two more questions:
>
> - is the bridge device in promiscous mode?
> - do you have IGMP snooping enabled?
>
Here is the most relevant part of the log I could capture on the serial
port.
- Bridge device is not in promiscuous mode
- CONFIG_BRIDGE_ICMP_SNOOPING is not set
What I do to reproduce the crash:
- setup the bridge (at this point, everything is fine)
- load an ebtables rule: ebtables -A FORWARD -j NFQUEUE
the crash happens immediately when adding the rule.
If relevant, the code for ebt_NFQUEUE.c is available at
https://www.wzdftpd.net/downloads/ebt_NFQUEUE.c
Thanks,
Pierre
[ 24.581479] 8021q: adding VLAN 0 to HW filter on device eth0
[ 24.592863] eth1: link up, 100Mbps, full-duplex, lpa 0x05E1
[ 24.603313] br0: port 2(eth1) entering learning state
[ 24.605984] br0: port 2(eth1) entering learning state
[ 24.608683] br0: port 1(eth0) entering learning state
[ 24.611226] br0: port 1(eth0) entering learning state
[ 39.648175] br0: port 2(eth1) entering forwarding state
[ 39.654425] br0: port 1(eth0) entering forwarding state
[ 56.168359] BUG: unable to handle kernel NULL pointer dereference at
00000008
[ 56.172005] IP: [<c1292de3>] ebt_do_table+0x420/0x4bf
[ 56.172005] *pde = 00000000
[ 56.172005] Oops: 0002 [#1] SMP
[ 56.172005] last sysfs file: /sys/devices/virtual/net/lo/operstate
[ 56.172005] Modules linked in: usbhid hid psmouse serio_raw pcspkr
evdev virtio_balloon virtio_net virtio_blk 8139too uhci_hcd ehci_hcd
usbcore 8139cp mii virtio_pci virtio_ring virtio [last unloaded:
scsi_wait_scan]
[ 56.172005]
[ 56.172005] Pid: 0, comm: swapper Not tainted 2.6.38-rc1+ #11 /Bochs
[ 56.172005] EIP: 0060:[<c1292de3>] EFLAGS: 00010202 CPU: 0
[ 56.172005] EIP is at ebt_do_table+0x420/0x4bf
[ 56.172005] EAX: 00010003 EBX: e10aa060 ECX: 00000001 EDX: 00000000
[ 56.172005] ESI: e10aa030 EDI: e10aa030 EBP: df023de0 ESP: df023d7c
[ 56.172005] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 56.172005] Process swapper (pid: 0, ti=df022000 task=c13daf20
task.ti=c13ae000)
[ 56.172005] Stack:
[ 56.172005] e10aa000 d76481b0 d76491b0 00000001 e10a7040 e10a7040
00000000 00000003
[ 56.172005] d78dfd80 d7649000 00000000 00000000 d786a070 00000070
c14042b4 e10aa0f4
[ 56.172005] d7649000 d7648000 d78dfd80 d78dfd80 00000002 df020007
c152c240 c1405adc
[ 56.172005] Call Trace:
[ 56.172005] [<c1293753>] ebt_in_hook+0x18/0x1d
[ 56.172005] [<c11fc573>] nf_iterate+0x2f/0x74
[ 56.172005] [<c128cc05>] ? br_forward_finish+0x0/0x1b
[ 56.172005] [<c128cc05>] ? br_forward_finish+0x0/0x1b
[ 56.172005] [<c11fc5fb>] nf_hook_slow+0x43/0xd0
[ 56.172005] [<c128cc05>] ? br_forward_finish+0x0/0x1b
[ 56.172005] [<c128cc05>] ? br_forward_finish+0x0/0x1b
[ 56.172005] [<c128cc20>] ? __br_forward+0x0/0x6c
[ 56.172005] [<c128cb3a>] T.922+0x22/0x35
[ 56.172005] [<c128cc05>] ? br_forward_finish+0x0/0x1b
[ 56.172005] [<c128cc85>] __br_forward+0x65/0x6c
[ 56.172005] [<c128cc05>] ? br_forward_finish+0x0/0x1b
[ 56.172005] [<c11ddcca>] ? skb_clone+0x4d/0x54
[ 56.172005] [<c128c9e8>] deliver_clone+0x30/0x37
[ 56.172005] [<c128ca71>] br_flood+0x82/0x9d
[ 56.172005] [<c128ca99>] br_flood_forward+0xd/0x10
[ 56.172005] [<c128cc20>] ? __br_forward+0x0/0x6c
[ 56.172005] [<c128d6bf>] br_handle_frame_finish+0xba/0x113
[ 56.172005] [<c128d605>] ? br_handle_frame_finish+0x0/0x113
[ 56.172005] [<c128d5fe>] T.917+0x2d/0x34
[ 56.172005] [<c128d87a>] br_handle_frame+0x162/0x178
[ 56.172005] [<c128d605>] ? br_handle_frame_finish+0x0/0x113
[ 56.172005] [<c11e3c02>] __netif_receive_skb+0x1aa/0x2eb
[ 56.172005] [<c128d718>] ? br_handle_frame+0x0/0x178
[ 56.172005] [<c11e7524>] netif_receive_skb+0x5d/0x63
[ 56.172005] [<c11df762>] ? __netdev_alloc_skb+0x16/0x34
[ 56.172005] [<e0d7cf4f>] virtnet_poll+0x3bb/0x486 [virtio_net]
[ 56.172005] [<c11e7ab6>] net_rx_action+0x98/0x1be
[ 56.172005] [<c1034345>] __do_softirq+0x9c/0x157
[ 56.172005] [<c10342a9>] ? __do_softirq+0x0/0x157
[ 56.172005] <IRQ>
next prev parent reply other threads:[~2011-02-17 13:37 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-24 20:55 ebtables_nfqueue: missing structure afinfo Pierre Chifflier
2011-01-25 10:34 ` Patrick McHardy
2011-02-02 19:22 ` Pierre Chifflier
2011-02-02 22:59 ` Patrick McHardy
2011-02-03 14:32 ` WIP/RFC: add new module ebt_NFQUEUE for ebtables Pierre Chifflier
2011-02-03 20:19 ` Bart De Schuymer
2011-02-04 10:05 ` Pierre Chifflier
2011-02-04 13:07 ` Patrick McHardy
2011-02-04 13:20 ` Pierre Chifflier
2011-02-04 13:21 ` Patrick McHardy
2011-02-03 14:32 ` [PATCH 1/3] Make the afinfo structure optional in nf_queue and nf_reinject Pierre Chifflier
2011-02-04 13:27 ` Patrick McHardy
2011-02-04 14:15 ` Pierre Chifflier
2011-02-03 14:32 ` [PATCH 2/3] bridge: add support for the EBT_QUEUE target Pierre Chifflier
2011-02-03 14:32 ` [PATCH 3/3] bridge: add new target NFQUEUE for ebtables Pierre Chifflier
2011-02-04 13:25 ` Patrick McHardy
2011-02-04 13:40 ` Pierre Chifflier
2011-02-04 13:41 ` Patrick McHardy
[not found] ` <4D5104C4.3010105@edenwall.com>
[not found] ` <4D59C047.5050404@trash.net>
2011-02-16 16:57 ` [RFH] " Pierre Chifflier
2011-02-17 10:47 ` Patrick McHardy
2011-02-17 13:37 ` Pierre Chifflier [this message]
2011-02-18 13:42 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D5D2497.5020908@wzdftpd.net \
--to=chifflier@wzdftpd.net \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.