From: Patrick McHardy <kaber@trash.net>
To: dkiba@yandex.ru
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: REDIRECT in kernel >= 2.6.15 broken???
Date: Thu, 26 Jan 2006 12:19:09 +0100 [thread overview]
Message-ID: <43D8B02D.9010008@trash.net> (raw)
In-Reply-To: <43D79774.000008.00501@tide.yandex.ru>
KdF wrote:
>>KdF wrote:
>>
>>>>>Packets get forwarded as usual without any attempt to be redirected.
>
>
>>My guess is that its related to invalid hardware checksums.
>>Please check if you have hw checksumming enabled on the underlying
>>eth device, if so load the ipt_LOG module and execute
>>"echo 255 >/proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid"
>
>
> I've also tried to build kernel with network debug activated, and here is some output:
>
> Jan 21 22:45:01 ac kernel: nf_hook: Verdict = QUEUE.
> Jan 21 22:45:07 ac last message repeated 34 times
> Jan 21 22:45:07 ac kernel: ppp21: hw csum failure.
> Jan 21 22:45:07 ac kernel: [<c03b16f1>] __skb_checksum_complete+0x73/0x79
> Jan 21 22:45:07 ac kernel: [<c0414b41>] icmp_error+0x12e/0x1b9
> Jan 21 22:45:07 ac kernel: [<c03cec66>] nfqnl_enqueue_packet+0x1c/0x191
> [...]
>
> After i have activated
> "echo 255 >/proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid "
> there appeared some log records:
>
> Jan 25 17:11:48 ac kernel: ip_ct_tcp: invalid packet ignored IN= OUT= SRC=192.168.138.138 DST=213.180.204.11 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=16778 DF PROTO=TCP SPT=1155 DPT=80 SEQ=1884322362 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A001010402)
>
> Is this problem in pppd, pppoe or in underlying interface, and how can i track it? Maybe queue overflow problem that i have described in another post today also relates to this?
Either your network device is generating invalid hardware checksums
(which driver are you using?) or the ppp code doesn't adjust the
checksum when modifying the packet. I'm not sure which it is, we
had a couple of reports of invalid checksums with ppp, so it might
be a bug. The queue overflow is not related, Harald is working on
this, see netfilter bugzilla #404.
prev parent reply other threads:[~2006-01-26 11:19 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-25 9:57 REDIRECT in kernel >= 2.6.15 broken??? KdF
2006-01-25 10:05 ` Patrick McHardy
2006-01-25 11:04 ` KdF
2006-01-25 11:31 ` Patrick McHardy
2006-01-25 15:21 ` KdF
2006-01-26 11:19 ` Patrick McHardy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43D8B02D.9010008@trash.net \
--to=kaber@trash.net \
--cc=dkiba@yandex.ru \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.