[Bug 36] New: Possible SMP-race in rule handling (or other memorycorrupting thing)
bugzilla-daemon@netfilter.org
bugzilla-daemon@netfilter.org
Sun, 02 Feb 2003 22:20:05 +0100
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=36
Summary: Possible SMP-race in rule handling (or other
memorycorrupting thing)
Product: netfilter/iptables
Version: linux-2.4.x
Platform: other
OS/Version: other
Status: NEW
Severity: minor
Priority: P2
Component: ip_tables (kernel)
AssignedTo: laforge@netfilter.org
ReportedBy: gandalf@wlug.westbo.se
CC: netfilter-buglog@lists.netfilter.org
I'm not certain this is a SMP-race, it could be any other kind of memory
corrupting thing...
Inserting a rule on an quite active SMP (2cpus) router may give you some
suprises it seems. Only seen once and I havn't tried to reproduce it yet since
it's an important productionrouter but I'll test it on a testmachine.
Ok so here we go, the router enables forwarding before any iptables stuff is
activated (I should change the scripts :) and then it loads a few modules and
inserts a bunch of rules (not very many) and one of these rules got corrupted.
Inserted rule:
iptables -t mangle -A FORWARD -i hemmet -o eth1 -p tcp -m connmark \! --mark 0
-j CONNMARK --restore-mark
Resulting rule (iptables -vnL output):
0 0 CONNMARK 144 -- hemmet !eth1 0.0.0.0/0 0.0.0.0/0
CONNMARK match !0x0 CONNMARK restore
so proto was set to 144 not tcp, and output interface was !eth1 not eth1 as it
should.
And this is not all, no packets matched this rule as you can see but somehow all
packets get the TRACE target applied so all further matches was logged. I don't
have any rule witch uses the TRACE target.
The TRACE stuff stopped after I replaced this rule with the same rule. Now it
looks correct and no more TRACE stuff. This is really weird and I'll see if I
can reproduce it, although I don't have very high hopes for it. This report is
mostly a note that we might have something wrong somewere (or maybe I have bad
memory, we'll see if the router crashes :)
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.