traffic shaping & tunneling & 2.3 kernels.
Paul Rusty Russell
Paul.Russell@linuxcare.com.au
Tue, 30 Nov 1999 20:41:29 +1100
In message <19991125211412.A1237@mp3.dcg.net> you write:
> Without ipnatctl & iptables rules (i.e. only one NIC configured) and
> traffic shaping (cbq) turned on, the system is stable.
> With masquerading & forwarding/accounting & traffic shaping (cbq), the system
> crashes within a few minutes. The same configuration without traffic shaping
> is stable again. Wether ipip-tunneling is used or not does not seem to
> change this.
> Based on these results one could conclude that the netfilter code clashes
> with traffic shaping.
There is definitely a netfilter bug, since people are seeing with
without cbq. Probably cbq exacerbates it, but I'm waiting until I've
squished that bug first...
> >
> The debug noise is now reduced to a repetitive:
> ---8<---
> Nov 25 21:13:40 mp3 kernel: nf_hook: hook 4 already set.
> Nov 25 21:13:40 mp3 kernel: skb: pf=2 (unowned) dev=eth0 len=252
> Nov 25 21:13:40 mp3 kernel: PROTO=4 212.83.81.124:0 212.83.88.206:0 L=252 S=0
x00 I=29729 F=0x0000 T=63
> ---8<---
I've decided that the CONFIG_NETFILTER_DEBUG option was too
problematic in the presence of stuff like fragmentation and
tunnelling, and have submitted a patch to drop it. It hasn't found
any real problems since the early days, just a growing number of false
positives.
Rusty.
--
Hacking time.