Re: [PATCH 2.4] raw table and NOTRACK support

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Roberto Nibali <ratz@tac.ch>
To: Netfilter Developers <netfilter-devel@lists.netfilter.org>
Subject: Re: [PATCH 2.4] raw table and NOTRACK support
Date: Tue, 22 Nov 2005 16:54:05 +0100	[thread overview]
Message-ID: <43833F1D.3060309@tac.ch> (raw)
In-Reply-To: <43833BE3.8060909@tac.ch>

> void ip_conntrack_cleanup(void)
> {
>         ip_ct_attach = NULL;
>         /* This makes sure all current packets have passed through
>            netfilter framework.  Roll on, two-stage module
>            delete... */
>         br_write_lock_bh(BR_NETPROTO_LOCK);
>         br_write_unlock_bh(BR_NETPROTO_LOCK);
> 
>  i_see_dead_people:
>         ip_ct_iterate_cleanup(kill_all, NULL);
>         if (atomic_read(&ip_conntrack_count) != 0) {
>                 schedule();
>                 goto i_see_dead_people;
>         }
>         while (atomic_read(&ip_conntrack_untracked.ct_general.use) > 1)
>                 schedule();
> 
>         kmem_cache_destroy(ip_conntrack_cachep);
>         vfree(ip_conntrack_hash);
>         nf_unregister_sockopt(&so_getorigdst);
> }
> 
> I don't see where ip_conntrack_untracked.ct_general.use is > 1, ever ...

SS trap at 0xf89a7227 ([ip_conntrack]get_next_corpse+0xa7)
0xf89a7227 get_next_corpse+0xa7:    cmp    %ebx,%eax
[0]kdb> mm4 ip_conntrack_count 0
0xf89aae68 = 0x0
[0]kdb> go
lb-lb0-phys:~#


So forcing ip_conntrack_count to be 0 of course breaks the endless
schedule(). And naturally after a fw reconfiguration we oops:

kernel BUG at slab.c:815!
invalid operand: 0000
ip_conntrack ipt_limit ip_vs_wlc ip_vs ipt_LOG iptable_raw
iptable_mangle iptable_filter ip_tables
CPU:    0
EIP:    0010:[<c013bb32>]    Not tainted
EFLAGS: 00010246
EIP is at kmem_cache_create+0x262/0x3d0 [kernel]
eax: 00000000   ebx: f7ae6a98   ecx: f7ae6ba0   edx: f7295fc8
esi: f7ae6b99   edi: f89a9945   ebp: f5b1deac   esp: f5b1de84
ds: 0018   es: 0018   ss: 0018
Process modprobe (pid: 7457, stackpage=f5b1d000)
Stack: f7ae6a98 00000160 00002000 f5b1de9c f7ae6ab8 ffffffe0 00000080
00000000
       00000000 00000060 f5b1ded0 f89a7660 f89a9938 00000160 00000020
00022000
       00000000 00000000 00000000 f5b1dee8 f89a4639 ffffffea 00000000
00000060
Call Trace:
 [<f89a7660>] ip_conntrack_init+0x110/0x298 [ip_conntrack]
 [<f89a9938>] .rodata.str1.1+0x198/0x2e0 [ip_conntrack]
 [<f89a4639>] init_or_cleanup+0x19/0x1f0 [ip_conntrack]
 [<f89a4a02>] init_module+0x12/0x20 [ip_conntrack]
 [<c011f40e>] sys_init_module+0x85e/0x8c0 [kernel]
 [<f89a4060>] kill_proto+0x0/0x20 [ip_conntrack]
 [<f89ad1cc>] E ip_conntrack_hash_Rsmp_386855a5+0x2368/0xfffffebc
[ip_conntrack]
 [<f89aa168>]
__ksymtab_ip_conntrack_protocol_register_Rsmp_6e500e17+0x0/0x8
[ip_conntrack]
 [<f89a4060>] kill_proto+0x0/0x20 [ip_conntrack]
 [<c010774f>] system_call+0x33/0x38 [kernel]

Code: 0f 0b 2f 03 57 c8 37 c0 89 d0 8b 12 0f 18 02 3d 90 1b 47 c0

Entering kdb (current=0xf5b1c000, pid 7457) on processor 0 Oops: invalid
operand
due to oops @ 0xc013bb32
eax = 0x00000000 ebx = 0xf7ae6a98 ecx = 0xf7ae6ba0 edx = 0xf7295fc8
esi = 0xf7ae6b99 edi = 0xf89a9945 esp = 0xf5b1de84 eip = 0xc013bb32
ebp = 0xf5b1deac xss = 0xc0350018 xcs = 0x00000010 eflags = 0x00010246
xds = 0xf7ae0018 xes = 0x00000018 origeax = 0xffffffff &regs = 0xf5b1de50
[0]kdb> bt
Stack traceback for pid 7457
0xf5b1c000     7457     7455  1    0   R  0xf5b1c2b0 *modprobe
EBP        EIP        Function (args)
0xf5b1deac 0xc013bb32 kmem_cache_create+0x262 (0xf89a9938, 0x160, 0x20,
0x22000, 0x0)
                               kernel .text 0xc0100000 0xc013b8d0 0xc013bca0
0xf5b1ded0 0xf89a7660 [ip_conntrack]ip_conntrack_init+0x110 (0xffffffea,
0x0, 0x60, 0xffffffea)
                               ip_conntrack .text 0xf89a4060 0xf89a7550
0xf89a77e8
0xf5b1dee8 0xf89a4639 [ip_conntrack]init_or_cleanup+0x19 (0x1)
                               ip_conntrack .text 0xf89a4060 0xf89a4620
0xf89a4810
0xf5b1def4 0xf89a4a02 [ip_conntrack]init_module+0x12 (0xf89a4060,
0x8096a20, 0x916c, 0xf89ad1cc, 0xf89aa168)
                               ip_conntrack .text 0xf89a4060 0xf89a49f0
0xf89a4a10
0xf5b1dfbc 0xc011f40e sys_init_module+0x85e (0x806ab70, 0x80969c0,
0x80969c0, 0x400191d8, 0xbfffb0fc)
                               kernel .text 0xc0100000 0xc011ebb0 0xc011f470
           0xc010774f system_call+0x33
                               kernel .text 0xc0100000 0xc010771c 0xc0107754
[0]kdb> go
Catastrophic error detected
kdb_continue_catastrophic=0, type go a second time if you really want to
continue
[0]kdb> mm4 sysrq_enabled 1
0xc047bf20 = 0x1
[0]kdb> sr 7
<6>SysRq : Changing Loglevel
Loglevel set to 7
[0]kdb> sr s
SysRq : Emergency Sync
[0]kdb> sr u
SysRq : Emergency Remount R/O
[0]kdb> sr s
SysRq : Emergency Sync
[0]kdb> sr b
SysRq : Resetting

Damn! I wish I understood that conntrack stuff better ...

Cheers,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Kasinostrasse 30, CH-5001 Aarau tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

next prev parent reply	other threads:[~2005-11-22 15:54 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-21 10:26 [PATCH 2.4] raw table and NOTRACK support Roberto Nibali
2005-11-22 14:14 ` Roberto Nibali
2005-11-22 15:40   ` Roberto Nibali
2005-11-22 15:54     ` Roberto Nibali [this message]
2005-11-23 13:04       ` Roberto Nibali
2005-11-27 15:36         ` Patrick McHardy
2005-11-27 18:22           ` Roberto Nibali
2005-11-27 18:49             ` Patrick McHardy
2005-11-28  9:11               ` Roberto Nibali
2005-11-28  9:47                 ` Roberto Nibali

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43833F1D.3060309@tac.ch \
    --to=ratz@tac.ch \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.