Re: unregister_netdevice with negative refcnt error while using NFQUEUE with ebtables mark

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Jay Manni <JManni@FireEye.com>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: unregister_netdevice with negative refcnt error while using NFQUEUE with ebtables mark
Date: Thu, 29 Mar 2007 13:07:40 +0200	[thread overview]
Message-ID: <460B9DFC.3020806@trash.net> (raw)
In-Reply-To: <74ECB30468A30A4DA2BD88DA5387CAE3508AEB@fempexch.FireEye.com>

Jay Manni wrote:
> I have a bridge br0, with a couple of tap interfaces tap0, tap1 etc as part of it. I use the following ebtables rules to mark packets originating from a bridge port and destined to it.
> 
> ebtables -t broute -A BROUTING -i tap0 -p ipv4 -j mark --mark-set 10
> ebtables -t nat    -A POSTROUTING -o tap0 -p ipv4 -j mark --mark-set 20
> 
> Then the following iptables rules to send them to an NFQUEUE
> 
> iptables -t mangle -A PREROUTING  -m mark --mark 10 -j NFQUEUE --queue 5
> iptables -t mangle -A POSTROUTING -m mark --mark 20 -j NFQUEUE --queue 5 
> 
> The tap interfaces do not have any ip address configured.
> 
> Based on the detailed packet flow picture at http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png, I figured that the above rules would get me all the packets for the tap interface in question.
> 
> The process which attaches to NFQUEUE 5 does receive all the packets, and sets a verdict of NF_ACCEPT for each packet. However when I try to free the interfaces after it is done, I notice that the tap device has a negative refcnt.


I can't find the problem. Is there any relation between the number
of packets queued and the final refcount value?

next prev parent reply	other threads:[~2007-03-29 11:07 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-03-26  5:25 unregister_netdevice with negative refcnt error while using NFQUEUE with ebtables mark Jay Manni
2007-03-27 15:16 ` Patrick McHardy
2007-03-28  8:42   ` Jay Manni
2007-03-28  9:33     ` Patrick McHardy
2007-03-28 23:34       ` Jay Manni
2007-03-29 11:07         ` Patrick McHardy [this message]
2007-03-29 23:19           ` Jay Manni
2007-03-30 13:21             ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=460B9DFC.3020806@trash.net \
    --to=kaber@trash.net \
    --cc=JManni@FireEye.com \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.