traffic shaping & tunneling & 2.3 kernels.

Paul Rusty Russell
Tue, 30 Nov 1999 20:41:29 +1100

In message <> you write:
> Without ipnatctl & iptables rules (i.e. only one NIC configured) and 
> traffic shaping (cbq) turned on, the system is stable.
> With masquerading & forwarding/accounting & traffic shaping (cbq), the system
> crashes within a few minutes. The same configuration without traffic shaping
> is stable again. Wether ipip-tunneling is used or not does not seem to
> change this.
> Based on these results one could conclude that the netfilter code clashes
> with traffic shaping.

There is definitely a netfilter bug, since people are seeing with
without cbq.  Probably cbq exacerbates it, but I'm waiting until I've
squished that bug first...

> >
> The debug noise is now reduced to a repetitive:
> ---8<---
> Nov 25 21:13:40 mp3 kernel: nf_hook: hook 4 already set. 
> Nov 25 21:13:40 mp3 kernel: skb: pf=2 (unowned) dev=eth0 len=252 
> Nov 25 21:13:40 mp3 kernel: PROTO=4 L=252 S=0
x00 I=29729 F=0x0000 T=63 
> ---8<---

I've decided that the CONFIG_NETFILTER_DEBUG option was too
problematic in the presence of stuff like fragmentation and
tunnelling, and have submitted a patch to drop it.  It hasn't found
any real problems since the early days, just a growing number of false

Hacking time.