Dropped packets with bridge + ip_conntrack module

All of lore.kernel.org
 help / color / mirror / Atom feed

From: maurizio.gladioro@fastwebnet.it
To: linux-kernel@vger.kernel.org
Cc: maurizio.gladioro@fastwebnet.it
Subject: Dropped packets with bridge + ip_conntrack module
Date: Tue, 16 May 2006 19:15:42 +0200	[thread overview]
Message-ID: <443CC7420003BDBB@ms003msg.mail.fw> (raw)

Hello,

I'm using netfilter with the l7-filter patch, and a 2.6.13 kernel.

I had to create a bridge interface in order to enable the listening
interface in promiscous mode and to classify the traffic mirrored to
that (I touch eth1 to br1 interface).

So, the problem is that I'm seeing many dropped packets on the bridge,
and I cannot understand why.

If I don't add the ip_conntrack module, the whole traffic going through
the ethernet interface eth1 is passed to the bridge; but, if I add
ip_conntrack some packets don't cross the bridge interface.

Following, I show you the output of "netstat -i":
  without module ip_conntrack (before sending packets)
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR
Flg
br1 1500 0 6576580 0 0 0 5 0 0 0
BMRU
eth1 1500 0 16105342 25606 0 25606 13 0 0 0

  after sending packets
olmo:/home/maurizio# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR
Flg
br1 1500 0 8220973 0 0 0 5 0 0 0
BMPRU
eth1 1500 0 17749735 25606 0 25606 13 0 0 0
BMPRU

difference eth1 1644393
difference br1 1644393
than NO DROPPED PACKETS

with ip_conntrack (before sending packets)

Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR
Flg
br1 1500 0 4932660 0 0 0 5 0 0 0
BMPRU
eth1 1500 0 14460948 25606 0 25606 13 0 0 0
BMPRU

  with ip_conntrack (after sending packets)
olmo:/home/maurizio# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR
Flg
br1 1500 0 6576579 0 0 0 5 0 0 0
BMPRU

eth1 1500 0 16105341 25606 0 25606 13 0 0 0
BMPRU

difference eth1 1644393
difference br1 1643919
than there are 474 DROPPED PACKETS

May be someone can help me?
I have read about some similar problems with Kernel 2.6.16 and
fragmented IP packets.

Thank you very much, regards,

                 reply	other threads:[~2006-05-16 17:15 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=443CC7420003BDBB@ms003msg.mail.fw \
    --to=maurizio.gladioro@fastwebnet.it \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.