From: Smart Weblications GmbH - Florian Wiessner <f.wiessner@smart-weblications.de>
To: Julian Anastasov <ja@ssi.bg>
Cc: Steffen Klassert <steffen.klassert@secunet.com>,
netdev@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
stable@vger.kernel.org, Simon Horman <horms@verge.net.au>,
lvs-devel@vger.kernel.org
Subject: Re: 3.12.33 - BUG xfrm_selector_match+0x25/0x2f6
Date: Fri, 05 Dec 2014 14:55:16 +0100 [thread overview]
Message-ID: <5481B944.2000002@smart-weblications.de> (raw)
In-Reply-To: <alpine.LFD.2.11.1412051126090.2522@ja.home.ssi.bg>
Hi,
Am 05.12.2014 10:55, schrieb Julian Anastasov:
>
> On Fri, 5 Dec 2014, Smart Weblications GmbH - Florian Wiessner wrote:
>
>> i tried with 3.12.33 without any XFRM and now got this one (which is reproducable):
>>
>> [ 233.956012] BUG: unable to handle kernel NULL pointer dereference at 00000000
>> 00000014
>> [ 233.956218] IP: [<ffffffffa013a470>] nf_ct_seqadj_set+0x60/0x90 [nf_conntrack
>
> It seems fix from 3.13 was not sent to 3.12 stable:
>
> commit b25adce1606427fd8 ("ipvs: correct usage/allocation of seqadj ext in
> ipvs")
>
> There was related change but it is not needed
> for stable kernels:
>
> commit db12cf27435356017e ("netfilter: WARN about wrong usage of sequence
> number adjustments"
>
> Simon, can we try commit b25adce1606427fd8 for 3.12?
>> setup is like this:
>>
>>
>> #virtual=<myVIP>:21
>> # real=10.10.1.20:21 masq
[...]
>> # service=ftp
>> # scheduler=rr
>> # protocol=tcp
>> # checktype=connect
>>
>> ( i remarked it to prevent fruther crashes...)
>>
>> when ip_vs_ftp is loaded and someone trying to make a ftp connection, the system
>> panics instantly.
>>
>> 10.10.1.20 - 10.10.1.23 are lxc-containers using veth connected to the bridge
>> running on 4 different nodes. The node running ldirector/ipvsadm has also one of
>> those containers running (don't know if that matters)
>
> It is always good to know the setup. Do you access VIP
> from local clients (from director)?
>
Not for ftp, but we have mail as well in the same setup, and yes, there we do
access it from local client.
>> brctl show
>> bridge name bridge id STP enabled interfaces
>> br0 8000.00259052bbf4 no bond0
>> vethMKELUc
[...]
> Before I create patch to avoid rerouting for
> LOCAL_IN you can try to set IPVS sysctl var "snat_reroute" to 0
> or even to change ip_vs_route_me_harder() function just to return 0.
> snat_reroute=1 (a default value) is needed if you have
> multiple links to clients and use ip rules to select
> correct route by src ip (after SNAT). If you have single
> uplink snat_reroute can be 0.
>
ip rule show
0: from all lookup local
32765: from all to 10.10.0.0/16 lookup 200
I use ip rules, but this is not for source but destination. I need this to
enable clients from the local net to connect to some VIPs so they get there
correct route back.
I have also seen "b25adce1606427fd8 ipvs: correct usage/allocation of seqadj ext
in ipvs" in the net while googling, but i thought that it would be included in
3.12.33 as the patch is over a year old and since this is marked as stable i did
not expect any issues.
Maybe i would not have stubmled accross this if the ocfs2 devs were as fast as
the netdev-devs! But to my ocfs2 isseu/bug i still have no reply until today. So
thank you for the fast responses! I would like to test any patch for 3.12.
If i understand correctly, i set:
echo 0 > /proc/sys/net/ipv4/vs/snat_reroute
modprobe ip_vs_ftp
and reenable ftp ipvs?
It does not crash, but ftp is not working with neither PASV nor PORT:
[14:47:42] [R] Verbindung herstellen zu 192.168.10.62 -> IP=192.168.10.62 PORT=21
[14:47:42] [R] Verbunden mit 192.168.10.62
[14:47:43] [R] 220 (vsFTPd 3.0.2)
[14:47:43] [R] USER (hidden)
[14:47:43] [R] 331 Please specify the password.
[14:47:43] [R] PASS (hidden)
[14:47:43] [R] 230 Login successful.
[14:47:43] [R] SYST
[14:47:43] [R] 215 UNIX Type: L8
[14:47:43] [R] FEAT
[14:47:43] [R] 211-Features:
[14:47:43] [R] EPRT
[14:47:43] [R] EPSV
[14:47:43] [R] MDTM
[14:47:43] [R] PASV
[14:47:43] [R] REST STREAM
[14:47:43] [R] SIZE
[14:47:43] [R] TVFS
[14:47:43] [R] UTF8
[14:47:43] [R] 211 End
[14:47:43] [R] PWD
[14:47:43] [R] 257 "/"
[14:47:43] [R] CWD /
[14:47:43] [R] 250 Directory successfully changed.
[14:47:43] [R] PWD
[14:47:43] [R] 257 "/"
[14:47:43] [R] TYPE A
[14:47:43] [R] 200 Switching to ASCII mode.
[14:47:43] [R] PASV
[14:47:43] [R] 227 Entering Passive Mode (10,10,1,23,251,6).
[14:47:43] [R] Datenkanal-IP öffnen: 192.168.10.62 PORT: 64262
[14:47:44] [R] Datensocket-Fehler: Verbindung abgewiesen
[14:47:44] [R] List Fehler
[14:47:44] [R] PASV
[14:47:44] [R] 227 Entering Passive Mode (10,10,1,23,250,144).
[14:47:44] [R] Datenkanal-IP öffnen: 192.168.10.62 PORT: 64144
[14:47:45] [R] Datensocket-Fehler: Verbindung abgewiesen
[14:47:45] [R] List Fehler
[14:47:45] [R] PASV-Modus fehlgeschlagen, PORT -Modus versuchen...
[14:47:45] [R] Auf PORT: 62505 warten, Verbindung erwarten.
[14:47:45] [R] PORT 192,168,200,13,244,41
[14:47:45] [R] 500 Illegal PORT command.
[14:47:45] [R] List Fehler
[14:48:14] [R] QUIT
[14:48:14] [R] 221 Goodbye.
[14:48:14] [R] Ausgeloggt: 192.168.10.62
--
Mit freundlichen Grüßen,
Florian Wiessner
Smart Weblications GmbH
Martinsberger Str. 1
D-95119 Naila
fon.: +49 9282 9638 200
fax.: +49 9282 9638 205
24/7: +49 900 144 000 00 - 0,99 EUR/Min*
http://www.smart-weblications.de
--
Sitz der Gesellschaft: Naila
Geschäftsführer: Florian Wiessner
HRB-Nr.: HRB 3840 Amtsgericht Hof
*aus dem dt. Festnetz, ggf. abweichende Preise aus dem Mobilfunknetz
next prev parent reply other threads:[~2014-12-05 13:55 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-03 14:55 3.12.33 - BUG xfrm_selector_match+0x25/0x2f6 Smart Weblications GmbH - Florian Wiessner
2014-12-04 7:56 ` Steffen Klassert
2014-12-04 16:36 ` Smart Weblications GmbH - Florian Wiessner
2014-12-05 10:43 ` Steffen Klassert
2014-12-04 23:15 ` Julian Anastasov
2014-12-05 2:23 ` Smart Weblications GmbH - Florian Wiessner
2014-12-05 9:55 ` Julian Anastasov
2014-12-05 13:55 ` Smart Weblications GmbH - Florian Wiessner [this message]
2014-12-05 21:32 ` Julian Anastasov
2014-12-07 22:04 ` Smart Weblications GmbH - Florian Wiessner
2014-12-07 18:27 ` Julian Anastasov
2014-12-08 11:19 ` Smart Weblications GmbH - Florian Wiessner
2014-12-08 20:40 ` Julian Anastasov
2014-12-09 10:23 ` Smart Weblications GmbH - Florian Wiessner
2014-12-10 21:41 ` Julian Anastasov
2014-12-11 14:04 ` Smart Weblications GmbH - Florian Wiessner
2014-12-13 20:19 ` Julian Anastasov
2015-01-06 12:56 ` Jiri Slaby
2015-01-06 20:46 ` Julian Anastasov
2014-12-05 10:53 ` Steffen Klassert
2014-12-04 9:44 ` Jiri Slaby
2014-12-04 16:40 ` Smart Weblications GmbH - Florian Wiessner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5481B944.2000002@smart-weblications.de \
--to=f.wiessner@smart-weblications.de \
--cc=horms@verge.net.au \
--cc=ja@ssi.bg \
--cc=linux-kernel@vger.kernel.org \
--cc=lvs-devel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).