IPv6 state match - possible bug.
Ben Skeggs
darktama at iinet.net.au
Wed Feb 15 02:11:47 CET 2006
On Tue, 2006-02-14 at 15:47 +0900, Yasuyuki KOZAKAI wrote:
> From: Ben Skeggs <darktama at iinet.net.au>
> Date: Tue, 14 Feb 2006 15:24:31 +1100
>
> > On Tue, 2006-02-14 at 13:16 +0900, Yasuyuki KOZAKAI wrote:
> > > From: Yasuyuki KOZAKAI <yasuyuki.kozakai at toshiba.co.jp>
> > > Date: Tue, 14 Feb 2006 13:03:15 +0900 (JST)
> > >
> > > > looks fine to me. I tested with recent kernel, same kernrel config,
> > > > and same rules, but couldn't reproduce above log.
> > > >
> > > > Which version of kernel(or git commit id) and ip6tables ?
> > > > And could you do
> > > > echo 255 > /proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid
> > >
> > > Sorry, right sysctl is
> > >
> > > echo 255 > /proc/sys/net/netfilter/nf_conntrack_log_invalid
> > Okay, seems there is an issue somewhere.. I'm using 2.6.16-rc3, and
> > also had the same issue with -rc2. iptables is version 1.3.5.
> >
> > nf_ct_tcp: bad TCP checksum IN= OUT=
> > SRC=2001:0200:0000:8002:0203:47ff:fea5:3085
> > DST=2001:0388:c17d:0000:020f:eaff:fe70:ebf9 LEN=80 TC=0 HOPLIMIT=56
> > FLOWLBL=525788 PROTO=TCP SPT=80 DPT=52498 SEQ=1589838125 ACK=2289866071
> > WINDOW=57344 RES=0x00 ACK SYN URGP=0 OPT
> > (020405A0010303000101080A2DA73166049359BE)
>
> checksumming with your eth0 driver might be broken.
> I'm not sure why, but I saw some reports about checksum for a few weeks.
Thank you! This was indeed the problem.
I swapped from my onboard Yukon (skge driver), to the nvidia card
(forcedeth driver) and everything seems to work correctly now.
Sorry for the noise!
Ben Skeggs.
>
> > IP6-IN: IN=eth0 OUT= MAC=00:0f:ea:70:eb:f9:00:50:8d:e3:b5:89:86:dd
> > SRC=2001:0200:0000:8002:0203:47ff:fea5:3085
> > DST=2001:0388:c17d:0000:020f:eaff:fe70:ebf9 LEN=80 TC=0 HOPLIMIT=56
> > FLOWLBL=525788 PROTO=TCP SPT=80 DPT=52498 WINDOW=57344 RES=0x00 ACK SYN
> > URGP=0
> >
> > Which is odd, without any ip6tables rules everything seems to work well.
>
> From: Ben Skeggs <darktama at iinet.net.au>
> Date: Tue, 14 Feb 2006 16:53:01 +1100
>
> > Just another followup with some more info.. I built 2.6.16-rc3 on my
> > other machine (x86) and it does indeed appear to work correctly there.
> >
> > I'm wondering if there is some amd64-specific bug?
>
> Or they have different ether card, maybe. I'm using e100 and it works fine.
>
> -- Yasuyuki Kozakai
More information about the netfilter-devel
mailing list