* kernel BUG in ip_nat_helper_unregister at netfilter/ip_nat_helper.c
@ 2006-09-03 14:16 董董侃
2006-09-03 14:46 ` Patrick McHardy
0 siblings, 1 reply; 2+ messages in thread
From: 董董侃 @ 2006-09-03 14:16 UTC (permalink / raw)
To: linux-kernel
Hi,
I has found a bug that is caused by dead lock on ip_nat_ftp module
in linux kernel 2.4.27 on SMP machine.My workaround of testing is as following:
I create a router by iptables ,FTP client and FTP server for testing.
client machine ip: 192.168.1.3/32 ,gateway 192.168.1.10/32
server machine ip: 192.168.2.3/32,gateway 192.168.2.10/32
router machine with tow NICs,
eth0:192.168.1.10/32
eth1:192.168.2.10/32
Testing flow:
on router:
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe ip_nat_ftp
iptables -t nat -A POSTROUTING -s 192.168.1.3 -p tcp --dport 21
-o eth1 -j SNAT --to-source 192.168.2.10
on client:
I use a benchmark tool to create ftp sessions with the remote
FTP server.In the session,includes ftp control connections and data
connections.The sending rate is about 500 sessions/10s.
When the num of conntrack is up to 15000,I rmmod the ip_nat_ftp
and ip_conntrack _ftp modules by typing "modprobe -r ip_nat_ftp"
command and then the kernel is dead locked.
I think that the dead lock is caused by ip_conntrack_lock and
ip_nat_lock.When I rmmod the ip_nat_ftp module, the function flow is
as following:
ip_nat_helper_unregister->ip_ct_selective_cleanup->get_next_corpse(ip_conntrack_lock)
->kill_helper(ip_nat_lock)
But the kernel there is another flow is as following:
ip_nat_fn(ip_nat_lock)->ip_nat_setup_info->ip_conntrack_alter_reply(ip_conntrack_lock)
--
VGER BF report: U 0.502111
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: kernel BUG in ip_nat_helper_unregister at netfilter/ip_nat_helper.c
2006-09-03 14:16 kernel BUG in ip_nat_helper_unregister at netfilter/ip_nat_helper.c 董董侃
@ 2006-09-03 14:46 ` Patrick McHardy
0 siblings, 0 replies; 2+ messages in thread
From: Patrick McHardy @ 2006-09-03 14:46 UTC (permalink / raw)
To: ¶¶Ù©; +Cc: linux-kernel
[-- Attachment #1: Type: text/plain, Size: 875 bytes --]
¶¶Ù© wrote:
> When the num of conntrack is up to 15000,I rmmod the ip_nat_ftp
> and ip_conntrack _ftp modules by typing "modprobe -r ip_nat_ftp"
> command and then the kernel is dead locked.
> I think that the dead lock is caused by ip_conntrack_lock and
> ip_nat_lock.When I rmmod the ip_nat_ftp module, the function flow is
> as following:
> ip_nat_helper_unregister->ip_ct_selective_cleanup->get_next_corpse(ip_conntrack_lock)
>
> ->kill_helper(ip_nat_lock)
> But the kernel there is another flow is as following:
> ip_nat_fn(ip_nat_lock)->ip_nat_setup_info->ip_conntrack_alter_reply(ip_conntrack_lock)
Good spotting. The lock in kill_helper is unnecessary since the helper
is not changed once set and new connections can't get the helper that
is beeing unregistered assigned since it is already removed from the
list at this point.
Please try if this patch helps.
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 475 bytes --]
--- a/net/ipv4/netfilter/ip_nat_helper.c 2006-09-03 16:41:53.000000000 +0200
+++ b/net/ipv4/netfilter/ip_nat_helper.c 2006-09-03 16:42:04.000000000 +0200
@@ -522,13 +522,7 @@
static int
kill_helper(const struct ip_conntrack *i, void *helper)
{
- int ret;
-
- READ_LOCK(&ip_nat_lock);
- ret = (i->nat.info.helper == helper);
- READ_UNLOCK(&ip_nat_lock);
-
- return ret;
+ return (i->nat.info.helper == helper);
}
void ip_nat_helper_unregister(struct ip_nat_helper *me)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-09-03 14:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-09-03 14:16 kernel BUG in ip_nat_helper_unregister at netfilter/ip_nat_helper.c 董董侃
2006-09-03 14:46 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.