nf_nat_tftp broken in 4.8?

nf_nat_tftp broken in 4.8?

[Florian Fainelli]

[-- Attachment #1: Type: text/plain, Size: 684 bytes --]

Hi,

After updating my workstation from 4.4 to 4.8, which also serves as a
NAT gateway for local machines, I noticed that TFTP across this NAT box
broke:

- TFTP read request to the server, source port 3534
- server replies with a data packet to dst port 3534
- gateway sends an ICMP destination unreachable with port unreachable
along with the UDP data packet

I am currently bisecting this, but it is taking a lot longer to build
than I thought. Attached is the non-working case PCAP file for you to
look at.

There has not been a lot happening for net/netfilter/*tftp* between v4.4
and 4.8, so can you think about something in particular that could cause
that?

Thanks!
--
Florian

[-- Attachment #2: tftp-4.8pcapng.pcapng.gz --]
[-- Type: application/gzip, Size: 1269 bytes --]

Re: nf_nat_tftp broken in 4.8?

[Florian Westphal]

Florian Fainelli <f.fainelli@gmail.com> wrote:
> After updating my workstation from 4.4 to 4.8, which also serves as a
> NAT gateway for local machines, I noticed that TFTP across this NAT box
> broke:

does 'sysctl net.netfilter.nf_conntrack_helper=1' help?

Re: nf_nat_tftp broken in 4.8?

[Florian Fainelli]

On 11/09/2016 01:56 PM, Florian Westphal wrote:
> Florian Fainelli <f.fainelli@gmail.com> wrote:
>> After updating my workstation from 4.4 to 4.8, which also serves as a
>> NAT gateway for local machines, I noticed that TFTP across this NAT box
>> broke:
> 
> does 'sysctl net.netfilter.nf_conntrack_helper=1' help?
> 

It does yes, thanks, and apologies for not seeing that earlier.
-- 
Florian