Re: status of ipchains in 2.6?

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Re: status of ipchains in 2.6?
       [not found] <200310280127.h9S1RM5d002140@napali.hpl.hp.com>
@ 2003-10-28  9:50 ` David S. Miller
  2003-10-28 17:56   ` David Mosberger
  2003-10-28 18:23 ` Martin Josefsson
  1 sibling, 1 reply; 7+ messages in thread
From: David S. Miller @ 2003-10-28  9:50 UTC (permalink / raw)
  To: davidm; +Cc: davidm, linux-kernel, netdev, netfilter-devel

On Mon, 27 Oct 2003 17:27:22 -0800
David Mosberger <davidm@napali.hpl.hp.com> wrote:

> I recently discovered that ipchains is rather broken.  I noticed the
> problem on ia64, but suspect that it's likely to affect all 64-bit
> platforms (if not 32-bit platforms).  A more detailed description of
> the problem I'm seeing is here:
> 
> 	http://tinyurl.com/sm9d
> 
> Unlike ipchains, iptables works perfectly fine, so perhaps we just
> need to update Kconfig to discourage ipchains on ia64 (and/or other
> 64-bit platforms)?

Might want to post this to the netfilter lists or netdev....
Nah, that might actually get the bug fixed.

linux-kernel is always the wrong place to report networking
problems, most networking developers do not read linux-kernel.
They do read netdev@oss.sgi.com so please post things there.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: status of ipchains in 2.6?
       [not found] ` <20031028090304.GA19302@lps.ens.fr.suse.lists.linux.kernel>
@ 2003-10-28 14:31   ` Andi Kleen
  0 siblings, 0 replies; 7+ messages in thread
From: Andi Kleen @ 2003-10-28 14:31 UTC (permalink / raw)
  To: Éric Brunet; +Cc: davidm, linux-kernel, netdev, davem

Éric Brunet <Eric.Brunet@lps.ens.fr> writes:
> 
> In my case, 2.6.0-test4 is working fine.

Can you do a binary search in the versions to see which version
broke it? 

test5-test8 all had netfilter changes.

-Andi

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: status of ipchains in 2.6?
  2003-10-28  9:50 ` David S. Miller
@ 2003-10-28 17:56   ` David Mosberger
  2003-10-28 17:57     ` David S. Miller
  0 siblings, 1 reply; 7+ messages in thread
From: David Mosberger @ 2003-10-28 17:56 UTC (permalink / raw)
  To: David S. Miller; +Cc: davidm, linux-kernel, netdev, netfilter-devel

>>>>> On Tue, 28 Oct 2003 01:50:32 -0800, "David S. Miller" <davem@redhat.com> said:

  DaveM> On Mon, 27 Oct 2003 17:27:22 -0800 David Mosberger
  DaveM> <davidm@napali.hpl.hp.com> wrote:

  >> I recently discovered that ipchains is rather broken.  I noticed
  >> the problem on ia64, but suspect that it's likely to affect all
  >> 64-bit platforms (if not 32-bit platforms).  A more detailed
  >> description of the problem I'm seeing is here:

  >> http://tinyurl.com/sm9d

  >> Unlike ipchains, iptables works perfectly fine, so perhaps we
  >> just need to update Kconfig to discourage ipchains on ia64
  >> (and/or other 64-bit platforms)?

  DaveM> Might want to post this to the netfilter lists or netdev....
  DaveM> Nah, that might actually get the bug fixed.

$ fgrep -i ipchain MAINTAINERS
$

Might want to consider updating the MAINTAINERS file?

	--david

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: status of ipchains in 2.6?
  2003-10-28 17:56   ` David Mosberger
@ 2003-10-28 17:57     ` David S. Miller
  2003-10-28 19:25       ` David Mosberger
  0 siblings, 1 reply; 7+ messages in thread
From: David S. Miller @ 2003-10-28 17:57 UTC (permalink / raw)
  To: davidm; +Cc: davidm, linux-kernel, netdev, netfilter-devel

On Tue, 28 Oct 2003 09:56:58 -0800
David Mosberger <davidm@napali.hpl.hp.com> wrote:

> >>>>> On Tue, 28 Oct 2003 01:50:32 -0800, "David S. Miller" <davem@redhat.com> said:
> 
> $ fgrep -i ipchain MAINTAINERS

Try netfilter, ipchains is a part of netfilter.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: status of ipchains in 2.6?
       [not found] <200310280127.h9S1RM5d002140@napali.hpl.hp.com>
  2003-10-28  9:50 ` David S. Miller
@ 2003-10-28 18:23 ` Martin Josefsson
  2003-10-29  0:16   ` David Mosberger
  1 sibling, 1 reply; 7+ messages in thread
From: Martin Josefsson @ 2003-10-28 18:23 UTC (permalink / raw)
  To: davidm; +Cc: linux-kernel, netdev, davem

[-- Attachment #1: Type: text/plain, Size: 1725 bytes --]

On Tue, 2003-10-28 at 02:27, David Mosberger wrote:
> I recently discovered that ipchains is rather broken.  I noticed the
> problem on ia64, but suspect that it's likely to affect all 64-bit
> platforms (if not 32-bit platforms).  A more detailed description of
> the problem I'm seeing is here:
> 
> 	http://tinyurl.com/sm9d
> 
> Unlike ipchains, iptables works perfectly fine, so perhaps we just
> need to update Kconfig to discourage ipchains on ia64 (and/or other
> 64-bit platforms)?

Please try this patch that just got included in linus tree.

ChangeSet 1.1360, 2003/10/27 00:01:25-08:00, rusty@rustcorp.com.au

	[NETFILTER]: Fix ipchains oops in NAT
	
	We updated ip_nat_setup_info to set the initialized flag and call
	place_in_hashes, but *didn't* change the call in ip_fw_compat_masq.c
	which also calls place_in_hashes() itself (again!).  Result: corrupt
	list, and next thing which lands in the same hash bucket goes boom.
	
	Thanks to Andy Polyakov for chasing this down.


# This patch includes the following deltas:
#	           ChangeSet	1.1359  -> 1.1360 
#	net/ipv4/netfilter/ip_fw_compat_masq.c	1.11    -> 1.12   
#

 ip_fw_compat_masq.c |    3 ---
 1 files changed, 3 deletions(-)


diff -Nru a/net/ipv4/netfilter/ip_fw_compat_masq.c b/net/ipv4/netfilter/ip_fw_compat_masq.c
--- a/net/ipv4/netfilter/ip_fw_compat_masq.c	Mon Oct 27 12:07:33 2003
+++ b/net/ipv4/netfilter/ip_fw_compat_masq.c	Mon Oct 27 12:07:33 2003
@@ -91,9 +91,6 @@
 			WRITE_UNLOCK(&ip_nat_lock);
 			return ret;
 		}
-
-		place_in_hashes(ct, info);
-		info->initialized = 1;
 	} else
 		DEBUGP("Masquerading already done on this conn.\n");
 	WRITE_UNLOCK(&ip_nat_lock);

-- 
/Martin

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: status of ipchains in 2.6?
  2003-10-28 17:57     ` David S. Miller
@ 2003-10-28 19:25       ` David Mosberger
  0 siblings, 0 replies; 7+ messages in thread
From: David Mosberger @ 2003-10-28 19:25 UTC (permalink / raw)
  To: David S. Miller; +Cc: davidm, linux-kernel, netdev, netfilter-devel

>>>>> On Tue, 28 Oct 2003 09:57:47 -0800, "David S. Miller" <davem@redhat.com> said:

  David> On Tue, 28 Oct 2003 09:56:58 -0800 David Mosberger
  David> <davidm@napali.hpl.hp.com> wrote:

  >> >>>>> On Tue, 28 Oct 2003 01:50:32 -0800, "David S. Miller"
  >> <davem@redhat.com> said:

  >> $ fgrep -i ipchain MAINTAINERS

  David> Try netfilter, ipchains is a part of netfilter.

I took ipchains not being mentioned in MAINTAINERS as a sign that
nobody wanted to hear bug reports about it, hence my choice of lkml.
Perhaps you prefer to flame people rather than making it easier
for them to find the right mailing-list?

	--david

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: status of ipchains in 2.6?
  2003-10-28 18:23 ` Martin Josefsson
@ 2003-10-29  0:16   ` David Mosberger
  0 siblings, 0 replies; 7+ messages in thread
From: David Mosberger @ 2003-10-29  0:16 UTC (permalink / raw)
  To: Martin Josefsson; +Cc: davidm, linux-kernel, netdev, davem

Yes, Rusty mentioned the same patch yesterday.  I tried it now and
ipchain masquerading seems to be working fine again.

	--david

>>>>> On Tue, 28 Oct 2003 19:23:37 +0100, Martin Josefsson <gandalf@wlug.westbo.se> said:

  Martin> Please try this patch that just got included in linus tree.

  Martin> ChangeSet 1.1360, 2003/10/27 00:01:25-08:00, rusty@rustcorp.com.au

  Martin> [NETFILTER]: Fix ipchains oops in NAT

  Martin> We updated ip_nat_setup_info to set the initialized flag and call
  Martin> place_in_hashes, but *didn't* change the call in ip_fw_compat_masq.c
  Martin> which also calls place_in_hashes() itself (again!).  Result: corrupt
  Martin> list, and next thing which lands in the same hash bucket goes boom.

  Martin> Thanks to Andy Polyakov for chasing this down.


  Martin> # This patch includes the following deltas:
  Martin> #	           ChangeSet	1.1359  -> 1.1360 
  Martin> #	net/ipv4/netfilter/ip_fw_compat_masq.c	1.11    -> 1.12   
  Martin> #

  Martin> ip_fw_compat_masq.c |    3 ---
  Martin> 1 files changed, 3 deletions(-)


  Martin> diff -Nru a/net/ipv4/netfilter/ip_fw_compat_masq.c b/net/ipv4/netfilter/ip_fw_compat_masq.c
  Martin> --- a/net/ipv4/netfilter/ip_fw_compat_masq.c	Mon Oct 27 12:07:33 2003
  Martin> +++ b/net/ipv4/netfilter/ip_fw_compat_masq.c	Mon Oct 27 12:07:33 2003
  Martin> @@ -91,9 +91,6 @@
  Martin> WRITE_UNLOCK(&ip_nat_lock);
  Martin> return ret;
  Martin> }
  Martin> -
  Martin> -		place_in_hashes(ct, info);
  Martin> -		info->initialized = 1;
  Martin> } else
  Martin> DEBUGP("Masquerading already done on this conn.\n");
  Martin> WRITE_UNLOCK(&ip_nat_lock);

  Martin> -- 
  Martin> /Martin

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2003-10-29  0:16 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <200310280127.h9S1RM5d002140@napali.hpl.hp.com.suse.lists.linux.kernel>
     [not found] ` <20031028090304.GA19302@lps.ens.fr.suse.lists.linux.kernel>
2003-10-28 14:31   ` status of ipchains in 2.6? Andi Kleen
     [not found] <200310280127.h9S1RM5d002140@napali.hpl.hp.com>
2003-10-28  9:50 ` David S. Miller
2003-10-28 17:56   ` David Mosberger
2003-10-28 17:57     ` David S. Miller
2003-10-28 19:25       ` David Mosberger
2003-10-28 18:23 ` Martin Josefsson
2003-10-29  0:16   ` David Mosberger

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).