raw patch saga continues.... kernel still panics!

All of lore.kernel.org
 help / color / mirror / Atom feed

* raw patch saga continues.... kernel still panics!
@ 2003-10-11 18:09 c0g
  2003-10-14  7:58 ` Jozsef Kadlecsik
  0 siblings, 1 reply; 2+ messages in thread
From: c0g @ 2003-10-11 18:09 UTC (permalink / raw)
  To: netfilter-devel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,
Bad news again :(
I can force kernel to panic by using ntpdate program to synchronize
clock or by starting ntpd server on firewall box. Of course it happens
only when there are rules in raw table, PREROUTING chain which catch
packets generated/received by these program and jump to NOTRACK.
Inserting rule:
iptables -t raw -I PREROUTING -j ACCEPT
before NOTRACK rules makes kernel stable.

There is also one problem, don't know if correlated with raw patch,
because unloading netfilter modules and trying to connect to my firewall
thru PPTP causes kernel panic too. But on kernel patched with older POM
everything works fine.

Will kernel panics ever end? :(
I switched again to old-good POM with "Frag of proto" messages...
Hey, but these messages weren't that bad... Maybe we should just comment
out logging it? :-P

I'm using ntpdate 4.1.0 shipped with Debian stable.
POM which works stable is CVS snapshot 20030907.
Unstable POM and iptables are CVS snapshots - 20031009.
POM patches which I applied:
Already applied: submitted/01_2.4.19
~                 submitted/02_2.4.20
~                 submitted/03_2.4.21
~                 submitted/04_2.4.22
~                 submitted/44_backport_ah_esp_fixes
~                 submitted/54_ip_nat-macro-args
~                 submitted/58-ip_conntrack-macro-args
~                 submitted/60_nat_tftp-remove-warning
~                 submitted/72_recent_procfs_fix
~                 submitted/73_ipt_MASQUERADE-oif
~                 submitted/74_nat-range-fix
~                 submitted/75_REJECT_localpmtu-fix
~                 submitted/76_snmp-checksum_h-fix
~                 submitted/77_destroy-conntrack
~                 submitted/78_nathelper-udp-csum
~                 submitted/79_mangle_udp-sizecheck
~                 submitted/80_ip_conntrack-proc
~                 submitted/81_ipt_unclean-tcp-flag-table
~                 submitted/82_irc-conntrack-mirc-serverlookup
~                 submitted/83_nolocalout
~                 submitted/84_local-nullbinding
~                 submitted/85_ipv6header
~                 submitted/86_getorigdst-tuple-zero
~                 pending/40_nf-log
~                 pending/40_nf-log-ipv6
~                 pending/59_ip_nat_h-unused-var
~                 pending/61-remove-memsets
~                 pending/70_expect-evict-order
~                 base/IPV4OPTSSTRIP
~                 base/NETLINK
~                 base/NETMAP
~                 base/SAME
~                 base/TTL
~                 base/connlimit
~                 base/fuzzy
~                 base/iprange
~                 base/ipv4options
~                 base/mport
~                 base/nth
~                 base/quota
~                 base/random
~                 base/raw
~                 base/realm
~                 base/time
~                 base/u32
~                 extra/CLASSIFY
~                 extra/CONNMARK
~                 extra/IPMARK
~                 extra/ROUTE
~                 extra/TCPLAG
~                 extra/addrtype
~                 extra/condition
~                 extra/ipt_TARPIT
~                 extra/netfilter-docbook
~                 extra/owner-socketlookup
~                 extra/string
~                 extra/tcp-window-tracking
~                 userspace/ipt_REJECT-fake-source
~                 userspace/mark-bitwise-ops

But I use only these modules:
ipt_TCPMSS
ipt_NOTRACK
iptable_filter
iptable_raw
ipt_REJECT
ipt_multiport
ipt_state
ip_conntrack
ipt_LOG
ip_tables

- --
c0g@wp.pl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/iEdfPqmVt5WhbA8RAklDAJ0bxEUQdjSlX1F4B0rreWBID/bOKwCgkX2n
16eS1EFqDpACNHazKsSNcYY=
=oHa3
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: raw patch saga continues.... kernel still panics!
  2003-10-11 18:09 raw patch saga continues.... kernel still panics! c0g
@ 2003-10-14  7:58 ` Jozsef Kadlecsik
  0 siblings, 0 replies; 2+ messages in thread
From: Jozsef Kadlecsik @ 2003-10-14  7:58 UTC (permalink / raw)
  To: c0g; +Cc: netfilter-devel

On Sat, 11 Oct 2003, c0g wrote:

> I can force kernel to panic by using ntpdate program to synchronize
> clock or by starting ntpd server on firewall box. Of course it happens
> only when there are rules in raw table, PREROUTING chain which catch
> packets generated/received by these program and jump to NOTRACK.
> Inserting rule:
> iptables -t raw -I PREROUTING -j ACCEPT
> before NOTRACK rules makes kernel stable.

I could not reproduce the kernel panic. The raw patch/table and NOTRACK
target work fine.

> There is also one problem, don't know if correlated with raw patch,
> because unloading netfilter modules and trying to connect to my firewall
> thru PPTP causes kernel panic too. But on kernel patched with older POM
> everything works fine.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2003-10-14  7:58 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-10-11 18:09 raw patch saga continues.... kernel still panics! c0g
2003-10-14  7:58 ` Jozsef Kadlecsik

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.