From: FC <prd.gtt@operamail.com>
To: linux-rt-users@vger.kernel.org
Subject: [BUG] 2.6.33.2-rt13 and iptables
Date: Sun, 25 Apr 2010 19:55:11 +0200 [thread overview]
Message-ID: <hr1vm2$2tk$1@dough.gmane.org> (raw)
- Updated Debian SID x86 32 bit
- kernel 2.6.33.2-rt13
- iptables v1.4.6
I've experimented some problems while displaying processed packets by
iptables ( iptables -L -n -v ). The output displays a large number of
processed packets with a very low network activity in my LAN ( max 1
hundred of packets delivered )
A sample output obtained after loading iptables rules and quite
immediately running iptables -L -n -v
Chain bad_packets (1 references)
pkts bytes target prot opt in out source destination
8600M 15024815T LOG all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID LOG flags 0 level 4 prefix `fp=bad_packets:1 a=DROP '
15024815T 15066474T DROP all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
13777492T 15024815T bad_tcp_packets tcp -- * * 0.0.0.0/0
0.0.0.0/0
1337099T 7793M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain bad_tcp_packets (1 references)
pkts bytes target prot opt in out source destination
4295M 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp
flags:!0x17/0x02 state NEW LOG flags 0 level 4 prefix
`fp=bad_tcp_packets:1 a=DROP '
41659T 288230T DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02 state NEW
41659T 257832T LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x00 LOG flags 0 level 4 prefix
`fp=bad_tcp_packets:2 a=DROP '
41659T 144115T DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x00
41659T 352428T LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x3F LOG flags 0 level 4 prefix
`fp=bad_tcp_packets:3 a=DROP '
72059T 13835076T DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x3F
72059T 15024832T LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x29 LOG flags 0 level 4 prefix
`fp=bad_tcp_packets:4 a=DROP '
113717T 72074T DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x29
72059T 155G LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x37 LOG flags 0 level 4 prefix `fp=bad_tcp_packets:5
a=DROP '
3498M 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x3F/0x37
0 15T LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x06 LOG flags 0 level 4 prefix `fp=bad_tcp_packets:6
a=DROP '
72059T 4305M DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x06
15024815T 8600M LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x03/0x03 LOG flags 0 level 4 prefix
`fp=bad_tcp_packets:7 a=DROP '
15024815T 15024815T DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x03/0x03
15066474T 15782 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0
The problem doesn't occur with other kernels ( vanilla 2.6.33.2 ,
2.6.33-zen1 ) and the number of processed packets is displayed correctly.
next reply other threads:[~2010-04-25 18:00 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-25 17:55 FC [this message]
2010-04-27 8:13 ` [BUG] 2.6.33.2-rt13 and iptables Thomas Gleixner
2010-04-27 17:03 ` FC
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='hr1vm2$2tk$1@dough.gmane.org' \
--to=prd.gtt@operamail.com \
--cc=linux-rt-users@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.