nf_reinject() and ip_queue -- hmm...
Alexander Demenshin
aldem-nf@aldem.net
Sun, 16 Jul 2000 01:13:26 +0200
Hello folks,
So I've found another problem... So far only description - will dig
in later...
In case of (I assume clean tables):
iptables -A INPUT -d 127.1.1.1 -j QUEUE
iptables -A OUTPUT -d 127.1.1.1 -j QUEUE
iptables -t mangle -A OUTPUT -d 127.1.1.1 -j QUEUE
Then:
ping -c1 127.1.1.1
I get OOPS. Without QUEUE in mangle table it is OK,
without QUEUE in filter table it is also OK.
(OOPS is in net/ipv4/ip_output:output_maybe_reroute(), called from nf_reinject()).
Problem exists in test2-ac2 thru test4. Even though system _looks_ usable after
that, it is in fact unstable (so better to reboot - I had very bad experience).
Moreover... Concerning recent change to netfilter.c:
====
diff -u --recursive --new-file v2.4.0-test3/linux/net/core/netfilter.c linux/net/core/netfilter.c
--- v2.4.0-test3/linux/net/core/netfilter.c Wed Apr 26 16:34:09 2000
+++ linux/net/core/netfilter.c Tue Jul 11 19:02:37 2000
@@ -512,7 +512,6 @@
info->indev, info->outdev, &elem,
info->okfn);
}
- br_read_unlock_bh(BR_NETPROTO_LOCK);
switch (verdict) {
case NF_ACCEPT:
@@ -527,6 +526,7 @@
kfree_skb(skb);
break;
}
+ br_read_unlock_bh(BR_NETPROTO_LOCK);
/* Release those devices we held, or Alexey will kill me. */
if (info->indev) dev_put(info->indev);
====
When it is in effect, I've something more terrible (additionally
to OOPS) - freezing of kernel with some backtrack (too many
lines), sometimes after this SysRq doesn't work too.
I've some suspects, but... I need time, of course :)
Good luck!
(sometimes I am going to hate Linux - too many reboots, but I had
no one so far on my Win2K :))
/Al