From: Pierre Chifflier <chifflier@wzdftpd.net>
To: Patrick McHardy <kaber@trash.net>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [RFH] bridge: add new target NFQUEUE for ebtables
Date: Wed, 16 Feb 2011 17:57:09 +0100 [thread overview]
Message-ID: <4D5C01E5.8000302@wzdftpd.net> (raw)
In-Reply-To: <4D59C047.5050404@trash.net>
On 02/15/2011 12:52 AM, Patrick McHardy wrote:
>> That looks interesting, however I am not sure of what you meant:
>> - using the ebtables tool to add a rule with a xtables target ? (that
>> does not seem to work)
>
> It depends on the registration, if you either register for
> NFPROTO_BRIDGE or NFPROTO_UNSPEC, this should work. ARP (the
> only additional protocol besides INET/INET6/BRIDGE) should
> work just fine with userspace queueing with your changes to
> not require an afinfo in nf_queue. So using AF_UNSPEC seems
> like the proper choice.
[CC-ing -devel]
Hi,
Thanks for your reply Patrick.
So I did the following:
- rebased on today's nf-next-2.6
- apply only the first patch (which makes afinfo optional)
- revert all other patches
- apply the recent fix on nf_iterate since it was the cause of my oops
I patched ebtables to use xt_NFQUEUE (using a struct xt_NFQ_info_v1 with
arguments queuenum 1 and queues_total 1), and removed any other change.
When I add a rule with the NFQUEUE target with ebtables, I almost
immediately get a panic (full backtrace later in this mail).
What is weird is that I got a NULL skb in ebt_in_hook (frame 2) while
the skb was not NULL earlier - like if it was stolen by some hook. Any
idea on what could cause that ?
Thanks for your help.
Pierre
(gdb) bt
#0 0xc1292de3 in ebt_do_table (hook=<value optimized out>,
skb=<value optimized out>, in=<value optimized out>, out=0xdcbfd000,
table=0xdcbd8200) at net/bridge/netfilter/ebtables.c:287
#1 0xc1293753 in ebt_in_hook (hook=65539, skb=0x0, in=0x1, out=0xdcbfd000,
okfn=0xc128cc05 <br_forward_finish>)
at net/bridge/netfilter/ebtable_filter.c:66
#2 0xc11fc573 in nf_iterate (head=<value optimized out>,
skb=<value optimized out>, hook=2, indev=0xd7530000, outdev=0xdcbfd000,
i=0xdf071e58, okfn=0xc128cc05 <br_forward_finish>,
hook_thresh=-2147483648)
at net/netfilter/core.c:137
#3 0xc11fc5fb in nf_hook_slow (pf=<value optimized out>, hook=2,
skb=<value optimized out>, indev=0xd7530000, outdev=0xdcbfd000,
okfn=0xc128cc05 <br_forward_finish>, hook_thresh=-2147483648)
at net/netfilter/core.c:173
#4 0xc128cb3a in nf_hook_thresh (hook=<value optimized out>,
skb=0xd7a73c00,
in=<value optimized out>, out=0xdcbfd000,
okfn=0xc128cc05 <br_forward_finish>, pf=<value optimized out>)
at include/linux/netfilter.h:185
#5 NF_HOOK_THRESH (hook=<value optimized out>, skb=0xd7a73c00,
in=<value optimized out>, out=0xdcbfd000,
okfn=0xc128cc05 <br_forward_finish>, pf=<value optimized out>)
at include/linux/netfilter.h:217
#6 NF_HOOK (hook=<value optimized out>, skb=0xd7a73c00,
---Type <return> to continue, or q <return> to quit---
in=<value optimized out>, out=0xdcbfd000,
okfn=0xc128cc05 <br_forward_finish>, pf=<value optimized out>)
at include/linux/netfilter.h:241
#7 0xc128cc85 in __br_forward (to=<value optimized out>, skb=0x0)
at net/bridge/br_forward.c:94
#8 0xc128c9e8 in deliver_clone (prev=0xd79a9e00, skb=<value optimized
out>,
__packet_hook=0xc128cc20 <__br_forward>) at net/bridge/br_forward.c:137
#9 0xc128ca71 in br_flood (br=<value optimized out>, skb=0xd759d000,
skb0=0xd759d000, __packet_hook=0xc128cc20 <__br_forward>)
at net/bridge/br_forward.c:184
#10 0xc128ca99 in br_flood_forward (br=0x10003, skb=0x0, skb2=0x1)
at net/bridge/br_forward.c:205
#11 0xc128d6bf in br_handle_frame_finish (skb=0xd759d000)
at net/bridge/br_input.c:104
#12 0xc128d5fe in NF_HOOK_THRESH (hook=<value optimized out>,
skb=0xd759d000,
in=<value optimized out>, okfn=0xc128d605 <br_handle_frame_finish>,
out=<value optimized out>, pf=<value optimized out>)
at include/linux/netfilter.h:219
#13 NF_HOOK (hook=<value optimized out>, skb=0xd759d000,
in=<value optimized out>, okfn=0xc128d605 <br_handle_frame_finish>,
out=<value optimized out>, pf=<value optimized out>)
at include/linux/netfilter.h:241
#14 0xc128d87a in br_handle_frame (skb=0x0) at net/bridge/br_input.c:190
---Type <return> to continue, or q <return> to quit---
#15 0xc11e3c02 in __netif_receive_skb (skb=0xd759d000) at
net/core/dev.c:3137
#16 0xc11e7524 in netif_receive_skb (skb=0xd759d000) at net/core/dev.c:3231
#17 0xe0bca898 in ?? ()
#18 0xc11e7ab6 in net_rx_action (h=<value optimized out>)
at net/core/dev.c:3779
#19 0xc1034345 in __do_softirq () at kernel/softirq.c:238
#20 0xc1003f96 in call_on_stack () at arch/x86/kernel/irq_32.c:66
#21 do_softirq () at arch/x86/kernel/irq_32.c:173
#22 0xc1034228 in irq_exit () at kernel/softirq.c:328
#23 0xc10037d3 in do_IRQ (regs=<value optimized out>)
at arch/x86/kernel/irq.c:248
#24 0xc1002d70 in ?? () at arch/x86/kernel/entry_32.S:825
#25 0xc101b82b in native_safe_halt ()
at /home/pollux/build/nf-next-2.6/arch/x86/include/asm/irqflags.h:49
#26 0xc1007e3f in arch_safe_halt ()
at /home/pollux/build/nf-next-2.6/arch/x86/include/asm/paravirt.h:110
#27 default_idle () at arch/x86/kernel/process.c:380
#28 0xc1001a66 in cpu_idle () at arch/x86/kernel/process_32.c:112
#29 0xc12af2ce in start_secondary (unused=<value optimized out>)
at arch/x86/kernel/smpboot.c:355
#30 0x00000000 in ?? ()
next prev parent reply other threads:[~2011-02-16 17:42 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-24 20:55 ebtables_nfqueue: missing structure afinfo Pierre Chifflier
2011-01-25 10:34 ` Patrick McHardy
2011-02-02 19:22 ` Pierre Chifflier
2011-02-02 22:59 ` Patrick McHardy
2011-02-03 14:32 ` WIP/RFC: add new module ebt_NFQUEUE for ebtables Pierre Chifflier
2011-02-03 20:19 ` Bart De Schuymer
2011-02-04 10:05 ` Pierre Chifflier
2011-02-04 13:07 ` Patrick McHardy
2011-02-04 13:20 ` Pierre Chifflier
2011-02-04 13:21 ` Patrick McHardy
2011-02-03 14:32 ` [PATCH 1/3] Make the afinfo structure optional in nf_queue and nf_reinject Pierre Chifflier
2011-02-04 13:27 ` Patrick McHardy
2011-02-04 14:15 ` Pierre Chifflier
2011-02-03 14:32 ` [PATCH 2/3] bridge: add support for the EBT_QUEUE target Pierre Chifflier
2011-02-03 14:32 ` [PATCH 3/3] bridge: add new target NFQUEUE for ebtables Pierre Chifflier
2011-02-04 13:25 ` Patrick McHardy
2011-02-04 13:40 ` Pierre Chifflier
2011-02-04 13:41 ` Patrick McHardy
[not found] ` <4D5104C4.3010105@edenwall.com>
[not found] ` <4D59C047.5050404@trash.net>
2011-02-16 16:57 ` Pierre Chifflier [this message]
2011-02-17 10:47 ` [RFH] " Patrick McHardy
2011-02-17 13:37 ` Pierre Chifflier
2011-02-18 13:42 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D5C01E5.8000302@wzdftpd.net \
--to=chifflier@wzdftpd.net \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).