* Re: [Bugme-new] [Bug 16216] New: wrong source addr of UDP packets when using policy routing [not found] <bug-16216-10286@https.bugzilla.kernel.org/> @ 2010-06-16 16:33 ` Andrew Morton 2010-06-16 16:46 ` Patrick McHardy 0 siblings, 1 reply; 7+ messages in thread From: Andrew Morton @ 2010-06-16 16:33 UTC (permalink / raw) To: netdev; +Cc: bugzilla-daemon, bugme-daemon, borg On Tue, 15 Jun 2010 15:14:43 GMT bugzilla-daemon@bugzilla.kernel.org wrote: > https://bugzilla.kernel.org/show_bug.cgi?id=16216 > > Summary: wrong source addr of UDP packets when using policy > routing > Product: Networking > Version: 2.5 > Kernel Version: 2.6.24.7 The reporter has confirmed that this issue persistes in 2.6.34. > Platform: All > OS/Version: Linux > Tree: Mainline > Status: NEW > Severity: normal > Priority: P1 > Component: IPV4 > AssignedTo: shemminger@linux-foundation.org > ReportedBy: borg@uu3.net > Regression: No > > > When policy routing is used, UDP packets have wrong source address. > Source addr is probably taken from looking up routing table (main) to given > destination instead of being set just after POSTROUTING, looking up cache. > > This how it looks like doing simple netcat test: > (tcpdump is run on aa.aa.47.90) > 16:38:02.053053 IP aa.aa.47.67.32826 > aa.aa.47.90.660: UDP, length 8 > 16:38:05.660394 IP bb.bbb.241.62.660 > aa.aa.47.67.32826: UDP, length 8 > > aa.aa.47.90 have specific setup having 3 routing tables: main, 10, 20 > and all of them have default gateway. bb.bbb.241.62 is an addr of > outgoing interface of default route from main table. > If a packet cames from specific interface > its being stored to ipset and when packet is going to be sent out of the box > its being marked in mangle OUTPUT matching specific ipset: > > ### mangle PREROUTING ### > fw="iptables -t mangle -A PREROUTING" > $fw -i vlan0.13 -j SET --add-set gw10 src > $fw -i lan2 -j SET --add-set gw20 src > > ### mangle OUTPUT ### > fw="iptables -t mangle -A OUTPUT" > $fw -m set --set gw10 dst -j MARK --set-mark 10 > $fw -m set --set gw10 dst -j ACCEPT > $fw -m set --set gw20 dst -j MARK --set-mark 20 > $fw -m set --set gw20 dst -j ACCEPT > > % ip rule show > 32764: from all fwmark 0x14 lookup 20 > 32765: from all fwmark 0xa lookup 10 > > Problem was noticed for UDP packets (openvpn connections are not working). > Other non connection oriented protocols might be affected too. > TCP (as connection oriented protocol) works just fine. > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bugme-new] [Bug 16216] New: wrong source addr of UDP packets when using policy routing 2010-06-16 16:33 ` [Bugme-new] [Bug 16216] New: wrong source addr of UDP packets when using policy routing Andrew Morton @ 2010-06-16 16:46 ` Patrick McHardy 2010-06-16 17:28 ` Eric Dumazet 0 siblings, 1 reply; 7+ messages in thread From: Patrick McHardy @ 2010-06-16 16:46 UTC (permalink / raw) To: Andrew Morton; +Cc: netdev, bugzilla-daemon, bugme-daemon, borg Andrew Morton wrote: > On Tue, 15 Jun 2010 15:14:43 GMT bugzilla-daemon@bugzilla.kernel.org wrote: > > >> https://bugzilla.kernel.org/show_bug.cgi?id=16216 >> >> Summary: wrong source addr of UDP packets when using policy >> routing >> Product: Networking >> Version: 2.5 >> Kernel Version: 2.6.24.7 >> > > The reporter has confirmed that this issue persistes in 2.6.34. > > >> Platform: All >> OS/Version: Linux >> Tree: Mainline >> Status: NEW >> Severity: normal >> Priority: P1 >> Component: IPV4 >> AssignedTo: shemminger@linux-foundation.org >> ReportedBy: borg@uu3.net >> Regression: No >> >> >> When policy routing is used, UDP packets have wrong source address. >> Source addr is probably taken from looking up routing table (main) to given >> destination instead of being set just after POSTROUTING, looking up cache. >> >> This how it looks like doing simple netcat test: >> (tcpdump is run on aa.aa.47.90) >> 16:38:02.053053 IP aa.aa.47.67.32826 > aa.aa.47.90.660: UDP, length 8 >> 16:38:05.660394 IP bb.bbb.241.62.660 > aa.aa.47.67.32826: UDP, length 8 >> >> aa.aa.47.90 have specific setup having 3 routing tables: main, 10, 20 >> and all of them have default gateway. bb.bbb.241.62 is an addr of >> outgoing interface of default route from main table. >> If a packet cames from specific interface >> its being stored to ipset and when packet is going to be sent out of the box >> its being marked in mangle OUTPUT matching specific ipset: >> >> ### mangle PREROUTING ### >> fw="iptables -t mangle -A PREROUTING" >> $fw -i vlan0.13 -j SET --add-set gw10 src >> $fw -i lan2 -j SET --add-set gw20 src >> >> ### mangle OUTPUT ### >> fw="iptables -t mangle -A OUTPUT" >> $fw -m set --set gw10 dst -j MARK --set-mark 10 >> $fw -m set --set gw10 dst -j ACCEPT >> $fw -m set --set gw20 dst -j MARK --set-mark 20 >> $fw -m set --set gw20 dst -j ACCEPT >> >> % ip rule show >> 32764: from all fwmark 0x14 lookup 20 >> 32765: from all fwmark 0xa lookup 10 This is know behaviour, fwmarks don't work for source address selection since before the source address is chosen, you don't even have a packet which could be marked. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bugme-new] [Bug 16216] New: wrong source addr of UDP packets when using policy routing 2010-06-16 16:46 ` Patrick McHardy @ 2010-06-16 17:28 ` Eric Dumazet 2010-06-16 17:43 ` Patrick McHardy 0 siblings, 1 reply; 7+ messages in thread From: Eric Dumazet @ 2010-06-16 17:28 UTC (permalink / raw) To: Patrick McHardy Cc: Andrew Morton, netdev, bugzilla-daemon, bugme-daemon, borg Le mercredi 16 juin 2010 à 18:46 +0200, Patrick McHardy a écrit : > This is know behaviour, fwmarks don't work for source address selection > since before the source address is chosen, you don't even have a packet > which could be marked. We know have sk->sk_mark routing (socket based), so we might change sk->sk_mark with appropriate iptables target when one packet is received... not very clean but worth to mention... commit 914a9ab386a288d0f22252fc268ecbc048cdcbd5 Author: Atis Elsts <atis@mikrotik.com> Date: Thu Oct 1 15:16:49 2009 -0700 net: Use sk_mark for routing lookup in more places This patch against v2.6.31 adds support for route lookup using sk_mark in some more places. The benefits from this patch are the following. First, SO_MARK option now has effect on UDP sockets too. Second, ip_queue_xmit() and inet_sk_rebuild_header() could fail to do routing lookup correctly if TCP sockets with SO_MARK were used. Signed-off-by: Atis Elsts <atis@mikrotik.com> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bugme-new] [Bug 16216] New: wrong source addr of UDP packets when using policy routing 2010-06-16 17:28 ` Eric Dumazet @ 2010-06-16 17:43 ` Patrick McHardy 2010-06-18 9:56 ` Unknown 0 siblings, 1 reply; 7+ messages in thread From: Patrick McHardy @ 2010-06-16 17:43 UTC (permalink / raw) To: Eric Dumazet; +Cc: Andrew Morton, netdev, bugzilla-daemon, bugme-daemon, borg Eric Dumazet wrote: > Le mercredi 16 juin 2010 à 18:46 +0200, Patrick McHardy a écrit : > > >> This is know behaviour, fwmarks don't work for source address selection >> since before the source address is chosen, you don't even have a packet >> which could be marked. >> > > We know have sk->sk_mark routing (socket based), so we might change > sk->sk_mark with appropriate iptables target when one packet is > received... not very clean but worth to mention... > That would still be too late. The proper way would be to have the application set the socket mark. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bugme-new] [Bug 16216] New: wrong source addr of UDP packets when using policy routing 2010-06-16 17:43 ` Patrick McHardy @ 2010-06-18 9:56 ` Unknown 2010-06-22 6:09 ` Patrick McHardy 0 siblings, 1 reply; 7+ messages in thread From: Unknown @ 2010-06-18 9:56 UTC (permalink / raw) To: Patrick McHardy Cc: Eric Dumazet, Andrew Morton, netdev, bugzilla-daemon, bugme-daemon [-- Attachment #1: Type: TEXT/PLAIN, Size: 1255 bytes --] Okey. Did you people came into any conclusions? Is there a patch I can test? I tried to find 914a9ab386a288d0f22252fc268ecbc048cdcbd5 in few stable trees but was unable to. ---------- Original message ---------- From: Patrick McHardy <kaber@trash.net> To: Eric Dumazet <eric.dumazet@gmail.com> Cc: Andrew Morton <akpm@linux-foundation.org>, netdev@vger.kernel.org, bugzilla-daemon@bugzilla.kernel.org, bugme-daemon@bugzilla.kernel.org, borg@uu3.net Subject: Re: [Bugme-new] [Bug 16216] New: wrong source addr of UDP packets when using policy routing Date: Wed, 16 Jun 2010 19:43:16 +0200 Message-ID: <4C190D34.8080100@trash.net> Eric Dumazet wrote: > Le mercredi 16 juin 2010 18:46 +0200, Patrick McHardy a écrit : > > > > This is know behaviour, fwmarks don't work for source address selection > > since before the source address is chosen, you don't even have a packet > > which could be marked. > > > > We know have sk->sk_mark routing (socket based), so we might change > sk->sk_mark with appropriate iptables target when one packet is > received... not very clean but worth to mention... > That would still be too late. The proper way would be to have the application set the socket mark. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bugme-new] [Bug 16216] New: wrong source addr of UDP packets when using policy routing 2010-06-18 9:56 ` Unknown @ 2010-06-22 6:09 ` Patrick McHardy 2010-06-22 9:21 ` Unknown 0 siblings, 1 reply; 7+ messages in thread From: Patrick McHardy @ 2010-06-22 6:09 UTC (permalink / raw) To: Unknown; +Cc: Eric Dumazet, Andrew Morton, netdev, bugzilla-daemon, bugme-daemon Unknown wrote: > Okey. Did you people came into any conclusions? > Is there a patch I can test? As I said, its known and expected behaviour and there's nothing netfilter can do about it. You could patch your application to use the SO_MARK socket option to set the socket mark. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bugme-new] [Bug 16216] New: wrong source addr of UDP packets when using policy routing 2010-06-22 6:09 ` Patrick McHardy @ 2010-06-22 9:21 ` Unknown 0 siblings, 0 replies; 7+ messages in thread From: Unknown @ 2010-06-22 9:21 UTC (permalink / raw) To: Patrick McHardy Cc: Eric Dumazet, Andrew Morton, netdev, bugzilla-daemon, bugme-daemon Hmm. This is not an option. Okey, thx for info. Seems its time for some hack & slash ;) ---------- Original message ---------- From: Patrick McHardy <kaber@trash.net> To: Unknown <borg@uu3.net> Cc: Eric Dumazet <eric.dumazet@gmail.com>, Andrew Morton <akpm@linux-foundation.org>, netdev@vger.kernel.org, bugzilla-daemon@bugzilla.kernel.org, bugme-daemon@bugzilla.kernel.org Subject: Re: [Bugme-new] [Bug 16216] New: wrong source addr of UDP packets when using policy routing Date: Tue, 22 Jun 2010 08:09:44 +0200 Message-ID: <4C2053A8.4040400@trash.net> Unknown wrote: > Okey. Did you people came into any conclusions? > Is there a patch I can test? As I said, its known and expected behaviour and there's nothing netfilter can do about it. You could patch your application to use the SO_MARK socket option to set the socket mark. ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2010-06-22 9:21 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <bug-16216-10286@https.bugzilla.kernel.org/>
2010-06-16 16:33 ` [Bugme-new] [Bug 16216] New: wrong source addr of UDP packets when using policy routing Andrew Morton
2010-06-16 16:46 ` Patrick McHardy
2010-06-16 17:28 ` Eric Dumazet
2010-06-16 17:43 ` Patrick McHardy
2010-06-18 9:56 ` Unknown
2010-06-22 6:09 ` Patrick McHardy
2010-06-22 9:21 ` Unknown
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).