[Bug 1766] nfqueue randomly drops packets with same tuple

Sun Sep 1 22:13:13 CEST 2024

https://bugzilla.netfilter.org/show_bug.cgi?id=1766

--- Comment #4 from Antonio Ojea <antonio.ojea.garcia at gmail.com> ---
An interesting observation, the problem only seems to happen when at least one
of the DNAT destinations is in the same namespace where the nfqueue program
runs, I imaging this causes the packet to follow a different codepath than if
the packet is sent out.

What I'm puzzled is why the packets gets dnated twice, after __nf_queue and
before  nf_reroute

1500  60    10.244.1.3:45957->10.244.1.5:53(udp) __nf_queue
0xffff9523b3207080 16  <empty>:3178406  4026533244 0         veth271ea3e0:5 
0x0800 1500  60    10.244.1.3:45957->10.244.1.5:53(udp) skb_ensure_writable
0xffff9523b3207080 16  <empty>:3178406  4026533244 0         veth271ea3e0:5 
0x0800 1500  60    10.244.1.3:45957->10.244.1.5:53(udp) skb_ensure_writable
0xffff9523b3207080 16  <empty>:3178406  4026533244 0         veth271ea3e0:5 
0x0800 1500  60    10.244.1.3:45957->10.244.1.5:53(udp)
inet_proto_csum_replace4
0xffff9523b3207080 16  <empty>:3178406  4026533244 0         veth271ea3e0:5 
0x0800 1500  60    10.244.1.3:45957->10.244.1.5:53(udp)
inet_proto_csum_replace4
0xffff9523b3207080 16  <empty>:3178406  4026533244 0         veth271ea3e0:5 
0x0800 1500  60    10.244.1.3:45957->10.244.2.4:53(udp) nf_reroute

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240901/319fb3a5/attachment.html>