bug: -j REDIRECT broken with bridge in 2.6.0-test3

All of lore.kernel.org
 help / color / mirror / Atom feed

* bug: -j REDIRECT broken with bridge in 2.6.0-test3
@ 2003-08-14  2:03 dmorris
  2003-08-25 23:24 ` dmorris
  0 siblings, 1 reply; 7+ messages in thread
From: dmorris @ 2003-08-14  2:03 UTC (permalink / raw)
  To: netfilter-devel

bug: -j REDIRECT broken with bridge in 2.6.0-test3

Sorry if this has already been reported, well known,
or I'm doing something obviously wrong.
Please email me if I can help, or give any other info.

[1.] One line summary of the problem:    

    -j REDIRECT does not work with a bridge in 2.6.0-test3
 
[2.] Full description of the problem/report:

    -j REDIRECT --to-port 2000 works fine as a router, but not as a bridge
    this appeared sometime between 2.5.68 and 2.6.0-test3

    WORKING EXAMPLE:
    (A) <-----> (B) <-----> (C)

    where A is 10.0.0.10 and C is 10.10.10.10
    and B's left  interface is 10.0.0.0/255.255.255.0
    and B's right interface is 10.10.10.0/255.255.255.0
    with echo 1 >proc/sys/net/ipv4/ip_forward

    On: B do the following
    iptables -t nat -A PREROUTING -p tcp --destination-port 7:7 -j 
REDIRECT --to-port 2000
    netcat -l -p 2000

    Then on C:
    telnet (A) 7
    <connects to netcat on B as expected>

    NON-WORKING EXAMPLE:
    (A) <-----> (B) <-----> (C)

    where A is 10.0.0.10 and C is 10.0.0.020
    and B is a bridge of IP 10.0.0.15

    On: B do the following
    iptables -t nat -A PREROUTING -p tcp --destination-port 7:7 -j 
REDIRECT --to-port 2000
    netcat -l -p 2000

    Then on C:
    telnet (A) 7
    Connecting ...

    The SYN just seems to get dropped somewhere.
    The SYN does not reach A (according to tcpdump)


[3.] Keywords (i.e., modules, networking, kernel):

    networking, netfilter, ethernet bridge

[4.] Kernel version (from /proc/version):

    Linux version 2.6.0-test3 (dmorris@bebe) (gcc version 3.3.1 20030626 
(Debian prerelease)) #2 Wed Aug 13 12:59:35 PDT 2003

[5.] Output of Oops.. message (if applicable) with symbolic information
     resolved (see Documentation/oops-tracing.txt)

    None

[6.] A small shell script or example program which triggers the
     problem (if possible)

    Refer to above

[7.] Environment

    The middle machine is described in depth at:

    http://neogenen.com/bugreport_details2.txt

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: bug: -j REDIRECT broken with bridge in 2.6.0-test3
  2003-08-14  2:03 bug: -j REDIRECT broken with bridge in 2.6.0-test3 dmorris
@ 2003-08-25 23:24 ` dmorris
  2003-08-26  6:12   ` Bart De Schuymer
  2003-10-06 22:13   ` Dirk Morris
  0 siblings, 2 replies; 7+ messages in thread
From: dmorris @ 2003-08-25 23:24 UTC (permalink / raw)
  To: netfilter-devel

Does anyone have *any* idea where I could look to start solving this?
Can anyone confirm?
It is still present in 2.6.0-test4 on my test machines.

Thanks!
-dirk

dmorris wrote:

> bug: -j REDIRECT broken with bridge in 2.6.0-test3
>
> Sorry if this has already been reported, well known,
> or I'm doing something obviously wrong.
> Please email me if I can help, or give any other info.
>
> [1.] One line summary of the problem:   
>    -j REDIRECT does not work with a bridge in 2.6.0-test3
>
> [2.] Full description of the problem/report:
>
>    -j REDIRECT --to-port 2000 works fine as a router, but not as a bridge
>    this appeared sometime between 2.5.68 and 2.6.0-test3
>
>    WORKING EXAMPLE:
>    (A) <-----> (B) <-----> (C)
>
>    where A is 10.0.0.10 and C is 10.10.10.10
>    and B's left  interface is 10.0.0.0/255.255.255.0
>    and B's right interface is 10.10.10.0/255.255.255.0
>    with echo 1 >proc/sys/net/ipv4/ip_forward
>
>    On: B do the following
>    iptables -t nat -A PREROUTING -p tcp --destination-port 7:7 -j 
> REDIRECT --to-port 2000
>    netcat -l -p 2000
>
>    Then on C:
>    telnet (A) 7
>    <connects to netcat on B as expected>
>
>    NON-WORKING EXAMPLE:
>    (A) <-----> (B) <-----> (C)
>
>    where A is 10.0.0.10 and C is 10.0.0.020
>    and B is a bridge of IP 10.0.0.15
>
>    On: B do the following
>    iptables -t nat -A PREROUTING -p tcp --destination-port 7:7 -j 
> REDIRECT --to-port 2000
>    netcat -l -p 2000
>
>    Then on C:
>    telnet (A) 7
>    Connecting ...
>
>    The SYN just seems to get dropped somewhere.
>    The SYN does not reach A (according to tcpdump)
>
>
> [3.] Keywords (i.e., modules, networking, kernel):
>
>    networking, netfilter, ethernet bridge
>
> [4.] Kernel version (from /proc/version):
>
>    Linux version 2.6.0-test3 (dmorris@bebe) (gcc version 3.3.1 
> 20030626 (Debian prerelease)) #2 Wed Aug 13 12:59:35 PDT 2003
>
> [5.] Output of Oops.. message (if applicable) with symbolic information
>     resolved (see Documentation/oops-tracing.txt)
>
>    None
>
> [6.] A small shell script or example program which triggers the
>     problem (if possible)
>
>    Refer to above
>
> [7.] Environment
>
>    The middle machine is described in depth at:
>
>    http://neogenen.com/bugreport_details2.txt
>
>

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: bug: -j REDIRECT broken with bridge in 2.6.0-test3
  2003-08-25 23:24 ` dmorris
@ 2003-08-26  6:12   ` Bart De Schuymer
  2003-08-26 19:14     ` Bart De Schuymer
  2003-10-06 22:13   ` Dirk Morris
  1 sibling, 1 reply; 7+ messages in thread
From: Bart De Schuymer @ 2003-08-26  6:12 UTC (permalink / raw)
  To: dmorris, netfilter-devel

On Tuesday 26 August 2003 01:24, dmorris wrote:
> Does anyone have *any* idea where I could look to start solving this?
> Can anyone confirm?
> It is still present in 2.6.0-test4 on my test machines.

I think this should be fixed with the patch Harald sent to Dave, see the 
thread "Fix ipt_REJECT if used on bridge". I don't see it in Linus' tree yet.

cheers,
Bart

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: bug: -j REDIRECT broken with bridge in 2.6.0-test3
  2003-08-26  6:12   ` Bart De Schuymer
@ 2003-08-26 19:14     ` Bart De Schuymer
  0 siblings, 0 replies; 7+ messages in thread
From: Bart De Schuymer @ 2003-08-26 19:14 UTC (permalink / raw)
  To: dmorris, netfilter-devel

On Tuesday 26 August 2003 08:12, Bart De Schuymer wrote:
> On Tuesday 26 August 2003 01:24, dmorris wrote:
> > Does anyone have *any* idea where I could look to start solving this?
> > Can anyone confirm?
> > It is still present in 2.6.0-test4 on my test machines.
>
> I think this should be fixed with the patch Harald sent to Dave, see the
> thread "Fix ipt_REJECT if used on bridge". I don't see it in Linus' tree
> yet.

Never mind that, I misread REDIRECT for REJECT.

cheers,
Bart

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: bug: -j REDIRECT broken with bridge in 2.6.0-test3
  2003-08-25 23:24 ` dmorris
  2003-08-26  6:12   ` Bart De Schuymer
@ 2003-10-06 22:13   ` Dirk Morris
  2003-10-07 10:00     ` Harald Welte
  1 sibling, 1 reply; 7+ messages in thread
From: Dirk Morris @ 2003-10-06 22:13 UTC (permalink / raw)
  To: dmorris; +Cc: netfilter-devel

This is still present in 2.6.0-test6.
I'm more than willing to help find this issue if someone gives me a 
pointer to go on.
Narrowing it down to the changes in kernel versions is impossible due to
the fact that the bridge wasnt working at all for quite a while.

Thanks,
-dirk morris

>
>> bug: -j REDIRECT broken with bridge in 2.6.0-test3
>>
>> Sorry if this has already been reported, well known,
>> or I'm doing something obviously wrong.
>> Please email me if I can help, or give any other info.
>>
>> [1.] One line summary of the problem:      -j REDIRECT does not work 
>> with a bridge in 2.6.0-test3
>>
>> [2.] Full description of the problem/report:
>>
>>    -j REDIRECT --to-port 2000 works fine as a router, but not as a 
>> bridge
>>    this appeared sometime between 2.5.68 and 2.6.0-test3
>>
>>    WORKING EXAMPLE:
>>    (A) <-----> (B) <-----> (C)
>>
>>    where A is 10.0.0.10 and C is 10.10.10.10
>>    and B's left  interface is 10.0.0.0/255.255.255.0
>>    and B's right interface is 10.10.10.0/255.255.255.0
>>    with echo 1 >proc/sys/net/ipv4/ip_forward
>>
>>    On: B do the following
>>    iptables -t nat -A PREROUTING -p tcp --destination-port 7:7 -j 
>> REDIRECT --to-port 2000
>>    netcat -l -p 2000
>>
>>    Then on C:
>>    telnet (A) 7
>>    <connects to netcat on B as expected>
>>
>>    NON-WORKING EXAMPLE:
>>    (A) <-----> (B) <-----> (C)
>>
>>    where A is 10.0.0.10 and C is 10.0.0.020
>>    and B is a bridge of IP 10.0.0.15
>>
>>    On: B do the following
>>    iptables -t nat -A PREROUTING -p tcp --destination-port 7:7 -j 
>> REDIRECT --to-port 2000
>>    netcat -l -p 2000
>>
>>    Then on C:
>>    telnet (A) 7
>>    Connecting ...
>>
>>    The SYN just seems to get dropped somewhere.
>>    The SYN does not reach A (according to tcpdump)
>>
>>
>> [3.] Keywords (i.e., modules, networking, kernel):
>>
>>    networking, netfilter, ethernet bridge
>>
>> [4.] Kernel version (from /proc/version):
>>
>>    Linux version 2.6.0-test3 (dmorris@bebe) (gcc version 3.3.1 
>> 20030626 (Debian prerelease)) #2 Wed Aug 13 12:59:35 PDT 2003
>>
>> [5.] Output of Oops.. message (if applicable) with symbolic information
>>     resolved (see Documentation/oops-tracing.txt)
>>
>>    None
>>
>> [6.] A small shell script or example program which triggers the
>>     problem (if possible)
>>
>>    Refer to above
>>
>> [7.] Environment
>>
>>    The middle machine is described in depth at:
>>
>>    http://neogenen.com/bugreport_details2.txt
>>
>>
>
>
>

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: bug: -j REDIRECT broken with bridge in 2.6.0-test3
  2003-10-06 22:13   ` Dirk Morris
@ 2003-10-07 10:00     ` Harald Welte
  2003-10-18 20:48       ` Bart De Schuymer
  0 siblings, 1 reply; 7+ messages in thread
From: Harald Welte @ 2003-10-07 10:00 UTC (permalink / raw)
  To: Dirk Morris; +Cc: netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 1048 bytes --]

On Mon, Oct 06, 2003 at 03:13:51PM -0700, Dirk Morris wrote:
> This is still present in 2.6.0-test6.
> I'm more than willing to help find this issue if someone gives me a 
> pointer to go on.
> Narrowing it down to the changes in kernel versions is impossible due to
> the fact that the bridge wasnt working at all for quite a while.

I'm really sorry, but I don't have any 'easy' instructions on how to
hunt this down.  I've now added it to my TODO list, but I'm not sure
when I'll be able to dig into that problem.

Could you _pleae_ open a bugzilla.netfilter.org bug about this (if there
is none yet) to make sure this issue doesn't get lost?

> -dirk morris
-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: bug: -j REDIRECT broken with bridge in 2.6.0-test3
  2003-10-07 10:00     ` Harald Welte
@ 2003-10-18 20:48       ` Bart De Schuymer
  0 siblings, 0 replies; 7+ messages in thread
From: Bart De Schuymer @ 2003-10-18 20:48 UTC (permalink / raw)
  To: Harald Welte, Dirk Morris; +Cc: netfilter-devel

On Tuesday 07 October 2003 12:00, Harald Welte wrote:
> On Mon, Oct 06, 2003 at 03:13:51PM -0700, Dirk Morris wrote:
> > This is still present in 2.6.0-test6.
> > I'm more than willing to help find this issue if someone gives me a
> > pointer to go on.
> > Narrowing it down to the changes in kernel versions is impossible due to
> > the fact that the bridge wasnt working at all for quite a while.
>
> I'm really sorry, but I don't have any 'easy' instructions on how to
> hunt this down.  I've now added it to my TODO list, but I'm not sure
> when I'll be able to dig into that problem.

Hi, I finally got time to take a good look at this bug and it turns out I
am the one who introduced it.
The fix for it is below. I'll send it to Dave myself.
So Harald, you can remove it from your TODO list. My apologies for the
late fix, I had no idea it would be such an easy fix.

cheers,
Bart


--- linux-2.6.0-test8/net/bridge/br_netfilter.c.old	2003-10-18 22:40:31.000000000 +0200
+++ linux-2.6.0-test8/net/bridge/br_netfilter.c	2003-10-18 22:41:08.000000000 +0200
@@ -217,6 +217,7 @@ bridged_dnat:
 			}
 			memcpy(skb->mac.ethernet->h_dest, dev->dev_addr,
 			       ETH_ALEN);
+			skb->pkt_type = PACKET_HOST;
 		}
 	} else {
 		skb->dst = (struct dst_entry *)&__fake_rtable;
--- linux-2.6.0-test8/net/bridge/netfilter/ebt_redirect.c.old	2003-10-18 22:41:19.000000000 +0200
+++ linux-2.6.0-test8/net/bridge/netfilter/ebt_redirect.c	2003-10-18 22:41:58.000000000 +0200
@@ -34,11 +34,10 @@ static int ebt_target_redirect(struct sk
 	if (hooknr != NF_BR_BROUTING)
 		memcpy((**pskb).mac.ethernet->h_dest,
 		   in->br_port->br->dev->dev_addr, ETH_ALEN);
-	else {
+	else
 		memcpy((**pskb).mac.ethernet->h_dest,
 		   in->dev_addr, ETH_ALEN);
-		(*pskb)->pkt_type = PACKET_HOST;
-	}
+	(*pskb)->pkt_type = PACKET_HOST;
 	return info->target;
 }
 

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2003-10-18 20:48 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-08-14  2:03 bug: -j REDIRECT broken with bridge in 2.6.0-test3 dmorris
2003-08-25 23:24 ` dmorris
2003-08-26  6:12   ` Bart De Schuymer
2003-08-26 19:14     ` Bart De Schuymer
2003-10-06 22:13   ` Dirk Morris
2003-10-07 10:00     ` Harald Welte
2003-10-18 20:48       ` Bart De Schuymer

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.