Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. iptables>
  3. Devel
nf_conntrack_ipv4 must be loaded explicitly
jengelh at computergmbh
Aug 2, 2007, 11:11 AM
Post #1 of 5 (2639 views)
Permalink
Hi,


in recent git kernels, I experience the following "regression" that no
packets traverse the nat table (esp. the POSTROUTING counters just stand
still) - and hence things like ping+SNAT do not work. Bisect nailed it
down to:

ff09b7493c8f433d3ffd6a31ad58d190f82ef0c5 is first bad commit
commit ff09b7493c8f433d3ffd6a31ad58d190f82ef0c5
Author: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Date: Sat Jul 7 22:25:28 2007 -0700

[NETFILTER]: nf_nat: remove unused nf_nat_module_is_loaded

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

:040000 040000 177886eca60385293ac736c8e4861a2d4910d90a 32e63b6a9399e1ea65dc6cd0b357ca811e4dc835 M include
:040000 040000 e1c20c3db28c927af62df067b2a20f8604a5fe06 84a277d1f81e3be9ce37ce6040c6d814ca20b3b0 M net


The diff from ff09b7^...ff09b7 made me think...

End result:

After loading nf_conntrack_ipv4.ko, everything works again (also with
the "bad" ff09b7). But I have to load it explicitly, and I think that
unfortunately breaks a lot of setups (such as mine) which assume ipv4
connection tracking is always there.

Comments?


Jan
--
Re: nf_conntrack_ipv4 must be loaded explicitly [ In reply to ]
kaber at trash
Aug 2, 2007, 11:33 AM
Post #2 of 5 (2555 views)
Permalink
Jan Engelhardt wrote
> in recent git kernels, I experience the following "regression" that no
> packets traverse the nat table (esp. the POSTROUTING counters just stand
> still) - and hence things like ping+SNAT do not work. Bisect nailed it
> down to:
>
> ff09b7493c8f433d3ffd6a31ad58d190f82ef0c5 is first bad commit
> commit ff09b7493c8f433d3ffd6a31ad58d190f82ef0c5
> Author: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
> Date: Sat Jul 7 22:25:28 2007 -0700
>
> [NETFILTER]: nf_nat: remove unused nf_nat_module_is_loaded
>
> Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
> Signed-off-by: Patrick McHardy <kaber@trash.net>
> Signed-off-by: David S. Miller <davem@davemloft.net>
>
> :040000 040000 177886eca60385293ac736c8e4861a2d4910d90a 32e63b6a9399e1ea65dc6cd0b357ca811e4dc835 M include
> :040000 040000 e1c20c3db28c927af62df067b2a20f8604a5fe06 84a277d1f81e3be9ce37ce6040c6d814ca20b3b0 M net
>
>
> The diff from ff09b7^...ff09b7 made me think...
>
> End result:
>
> After loading nf_conntrack_ipv4.ko, everything works again (also with
> the "bad" ff09b7). But I have to load it explicitly, and I think that
> unfortunately breaks a lot of setups (such as mine) which assume ipv4
> connection tracking is always there.
>

I already have a patch for this queued. I'll push it upstream once
I get a new power supply for the box I keep that tree on, hopefully
tommorrow.
Re: nf_conntrack_ipv4 must be loaded explicitly [ In reply to ]
jengelh at computergmbh
Aug 17, 2007, 3:43 AM
Post #3 of 5 (2524 views)
Permalink
On Aug 2 2007 20:33, Patrick McHardy wrote:
>> End result:
>>
>> After loading nf_conntrack_ipv4.ko, everything works again (also with the
>> "bad" ff09b7). But I have to load it explicitly, and I think that
>> unfortunately breaks a lot of setups (such as mine) which assume ipv4
>> connection tracking is always there.
>
> I already have a patch for this queued. I'll push it upstream once
> I get a new power supply for the box I keep that tree on, hopefully
> tommorrow.

What's that patch looking like?



thanks,
Jan
--
Re: nf_conntrack_ipv4 must be loaded explicitly [ In reply to ]
kaber at trash
Aug 23, 2007, 7:53 AM
Post #4 of 5 (2496 views)
Permalink
Jan Engelhardt wrote:
> On Aug 2 2007 20:33, Patrick McHardy wrote:
>
>>>End result:
>>>
>>>After loading nf_conntrack_ipv4.ko, everything works again (also with the
>>>"bad" ff09b7). But I have to load it explicitly, and I think that
>>>unfortunately breaks a lot of setups (such as mine) which assume ipv4
>>>connection tracking is always there.
>>
>>I already have a patch for this queued. I'll push it upstream once
>>I get a new power supply for the box I keep that tree on, hopefully
>>tommorrow.
>
>
> What's that patch looking like?


Upstream commit 591e6206. Doesn't it work for you?

Attached Files:

  • text/plain x (2.14 KB)
Re: nf_conntrack_ipv4 must be loaded explicitly [ In reply to ]
jengelh at computergmbh
Aug 23, 2007, 8:48 AM
Post #5 of 5 (2503 views)
Permalink
On Aug 23 2007 16:53, Patrick McHardy wrote:
>>>>After loading nf_conntrack_ipv4.ko, everything works again (also with the
>>>>"bad" ff09b7). But I have to load it explicitly, and I think that
>>>>unfortunately breaks a lot of setups (such as mine) which assume ipv4
>>>>connection tracking is always there.
>>>
>>>I already have a patch for this queued. I'll push it upstream once
>>>I get a new power supply for the box I keep that tree on, hopefully
>>>tommorrow.
>>
>>
>> What's that patch looking like?
>
>Upstream commit 591e6206. Doesn't it work for you?

I am sure it does, I just did not track the pulls or the log that
closely. Thanks for pointing out.


Jan
--

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal