[Bug 442] New: skb->data_len corrupted in NF_IP_LOCAL_OUT in mangle
table
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Mon Feb 6 20:07:25 CET 2006
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=442
Summary: skb->data_len corrupted in NF_IP_LOCAL_OUT in mangle
table
Product: netfilter/iptables
Version: linux-2.6.x
Platform: i386
OS/Version: Debian GNU/Linux
Status: NEW
Severity: major
Priority: P2
Component: ip_tables (kernel)
AssignedTo: laforge at netfilter.org
ReportedBy: tpaskett at cymphonix.com
I have confirmed this does not happen in 2.6.13.5 and below and starts to happen
in 2.6.14 all the way to 2.6.15.2 If you have a REDIRECT rule for squid like this:
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 172.16.1.5/32 -j REDIRECT
--to 3128
The skb->data_len and skb->len get messed up in mangle->NF_IP_LOCAL_OUT. The skb
is fine in NF_IP_LOCAL_IN. Values in the pre 2.6.14 kernels have 1500 or less
for the values as it should be. In 2.6.14+ it will be random high numbers like
23344. I'm looking into the patch for 2.6.14, but thought I would enlist your
help. To track this down I made a simple target that prink'd the value of those
vars and put it in the OUTPUT chain of the mangle table. iptables user space
v1.2.9. Thanks!
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
More information about the netfilter-buglog
mailing list