From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756573AbZCYSNO (ORCPT ); Wed, 25 Mar 2009 14:13:14 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754024AbZCYSMy (ORCPT ); Wed, 25 Mar 2009 14:12:54 -0400 Received: from stinky.trash.net ([213.144.137.162]:36353 "EHLO stinky.trash.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753896AbZCYSMx (ORCPT ); Wed, 25 Mar 2009 14:12:53 -0400 Message-ID: <49CA741D.3080705@trash.net> Date: Wed, 25 Mar 2009 19:12:45 +0100 From: Patrick McHardy User-Agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103) MIME-Version: 1.0 To: Francis Dupont CC: David Miller , Francis.Dupont@fdupont.fr, linux-kernel@vger.kernel.org, coreteam@netfilter.org, netfilter-devel@vger.kernel.org, netdev@vger.kernel.org Subject: Re: netfilter spurious ELOOP References: <200903242302.n2ON25u4024288@givry.fdupont.fr> <20090324.162808.114465835.davem@davemloft.net> <49CA64D8.9040602@trash.net> <20090325173742.3C509E601C@farside.isc.org> In-Reply-To: <20090325173742.3C509E601C@farside.isc.org> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Francis Dupont wrote: >> Just to clarify: does the problem happens when you have the MARK rule >> above in a user-defined chain that has more then one jump leading to >> it or does it also happen in other cases? > > => I triggered the bug with a real world example: > - first add a rule with a MARK target using a set mark with the first/sign > bit set to one. This target is coded with this mark put at the same > place than the verdict field of standard targets. (note this should > be triggered by a lot of targets but I got it with MARK) > - try to add another rule (with -A or -I but this works too with restore, > the idea is to get a replace ioctl with an illegal value in a verdict > position). > - if you are (un?)lucky you get the ELOOP error. > > PS: I really need a bug-ticket-etc number because some business is implied I'm not a service center, sorry :) Feel free to create an entry in the netfilter bugzilla, I'll mark it resolved once the patch is upstream. > PPS: here I've cut & paste the config I used to track the bug:# > .... > :MARKOUT1 - [0:0] > -A PREROUTING -d 10.0.200.2/32 -p tcp -m tcp --dport 5001 -j MARKOUT1 > -A MARKOUT1 -j MARK --set-xmark 0x80000001/0xffffffff > -A MARKOUT1 -j CONNMARK --save-mark --nfmask 0x3fffffff --ctmask 0x3fffffff > -A MARKOUT1 -j ACCEPT > > I got the bug with the UDP counterpart: > > iptables -t mangle -A PREROUTING -d 10.0.200.2/32 -p udp --dport 5001 \ > -j MARKOUT1 Thanks, that answers my question. I'll apply your patch and send it to -stable once its in the mainline kernel.