From: Patrick McHardy <kaber@trash.net>
To: netdev@oss.sgi.com
Cc: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>
Subject: Troubles with NFS & ip_conntrack: packets go to wrong mac
Date: Wed, 12 Feb 2003 18:05:15 +0100 [thread overview]
Message-ID: <3E4A7ECB.1020207@trash.net> (raw)
I've been experiencing strange problems with nfs and ip_conntrack for a
while now,
unfortunately noone so far was able to help. The problem occurs when
ip_conntrack
is loaded on the nfs server. nfs reads hang and the clients start logging
UDP: short packet: 192.168.0.1:0 0/120 to 192.168.0.23:0
UDP: short packet: 192.168.0.1:6439 28562/120 to 192.168.0.23:60558
There are two ways to make it work: 1. remove ip_conntrack or 2. set mtu
to 1484 on
the nfs server. One suspicion was ip_conntrack breaking udp path mtu
discovery
since it seems to defragment packets with DF|MF and refragment them
(with possibly
different mtu) at POSTROUTING. This doesn't seem to be the problem, but
i noted the
nfs server sends out fragments with wrong destination mac.
This is a packet captured on 192.168.0.23:
0:e0:7d:74:ab:cc 0:e0:7d:74:ab:cd 0800 1514: 192.168.0.1 >
192.168.0.223: (frag 44777:1480@4440+) (ttl 64, len 1500, bad cksum 2294!)
This happens every 1-30 seconds. I never saw more than one misdirected
fragment per packet.
Relevent parts from neighbour table:
192.168.0.223 dev eth0 lladdr 00:e0:29:3c:c1:c9 nud reachable
192.168.0.23 dev eth0 lladdr 00:e0:7d:74:ab:cd nud reachable
On 192.168.0.223 packets for 192.168.0.23 show up. Both clients time out
during reassembly.
I placed some printks though the netfilter code and ip_output.c but
couldn't find any further
pointers. I looked for broken checksums (something seems to alter the ip
after checksumming)
in ip_finish_output2, but everything is ok there. I can't see anything
netfilter related touching packets after that.
Any help and/or pointers where to look further would be appreciated.
Regards,
Patrick
next reply other threads:[~2003-02-12 17:05 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-12 17:05 Patrick McHardy [this message]
2003-02-13 10:12 ` Troubles with NFS & ip_conntrack: packets go to wrong mac Harald Welte
2003-02-13 16:40 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3E4A7ECB.1020207@trash.net \
--to=kaber@trash.net \
--cc=netdev@oss.sgi.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).