From: Patrick McHardy <kaber@trash.net>
To: "Damien Thébault" <damien.thebault@gmail.com>
Cc: linux-net@vger.kernel.org, netfilter-devel@vger.kernel.org,
"David S. Miller" <davem@davemloft.net>
Subject: Re: conntrack doesn't always work when a bridge is used
Date: Fri, 11 Jan 2008 13:24:51 +0100 [thread overview]
Message-ID: <47876013.2040405@trash.net> (raw)
In-Reply-To: <9a4a382a0801110010h3b4ed334sb53392ab564c00b5@mail.gmail.com>
Damien Thébault wrote:
> 2008/1/2 Damien Thébault <damien.thebault@gmail.com>:
>
>> On Dec 30, 2007 6:53 PM, Patrick McHardy <kaber@trash.net> wrote:
>>
>>> Thanks. They still show the double POST_ROUTING effects (the retransmitted
>>> \0a), but I can't figure out why this would be happening. Please add TRACE
>>> rules in both directions for the FTP control traffic and post the output.
>>> This will allow to verify that we're indeed dealing with double hook
>>> invocations and not some other bug:
>>>
>>> modprobe ipt_LOG
>>> iptables -t raw -A OUTPUT -p tcp --dport 21 -j TRACE
>>> iptables -t raw -A OUTPUT -p tcp --sport 21 -j TRACE
>>> iptables -t raw -A PREROUTING -p tcp --dport 21 -j TRACE
>>> iptables -t raw -A PREROUTING -p tcp --sport 21 -j TRACE
>>>
> I tried to use the patch I created earlier (the one adding the hooks
> again). I said it worked but it does not everytime.
>
> By the way, Patrick, what do you think about this bug? Maybe I
> shouldn't rely on bridges but it's a useful feature sometimes.
>
No, this should work properly. I just tried to reproduce it,
but I only get a single POSTROUTING invocation. I tried with
real bridged traffic, traffic routed between two different
bridge devices and traffic routed between a bridge device
and a normal ethernet device, but everything seems to work
correctly.
Could you send me the commands you're using to configure
your setup and everything (routing, iptables, ...) that
could be related?
next prev parent reply other threads:[~2008-01-11 12:24 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <9a4a382a0712180648i7fc958edt6f0d9db83f574c77@mail.gmail.com>
2007-12-19 17:00 ` conntrack doesn't always work when a bridge is used Damien Thébault
2007-12-19 19:03 ` Patrick McHardy
2007-12-20 8:30 ` Damien Thébault
2007-12-20 10:06 ` Patrick McHardy
2007-12-20 11:06 ` Damien Thébault
2007-12-20 11:07 ` Patrick McHardy
2007-12-20 11:20 ` Damien Thébault
2007-12-20 11:25 ` Patrick McHardy
2007-12-20 13:21 ` Damien Thébault
2007-12-20 16:08 ` Damien Thébault
2007-12-22 7:56 ` Patrick McHardy
2007-12-26 9:54 ` Damien Thébault
2007-12-30 17:53 ` Patrick McHardy
[not found] ` <9a4a382a0801020118n4166e505l5eb84a9f07f620be@mail.gmail.com>
2008-01-11 8:10 ` Damien Thébault
2008-01-11 12:24 ` Patrick McHardy [this message]
2008-01-11 12:53 ` Damien Thébault
2008-01-11 12:57 ` Patrick McHardy
2008-01-11 13:25 ` Patrick McHardy
2008-01-11 15:16 ` Damien Thébault
2008-01-11 17:33 ` Patrick McHardy
2007-12-28 14:39 ` Damien Thébault
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47876013.2040405@trash.net \
--to=kaber@trash.net \
--cc=damien.thebault@gmail.com \
--cc=davem@davemloft.net \
--cc=linux-net@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).