Bug 114514 - kernel oops caused by using masquerading with ipchains
Summary: kernel oops caused by using masquerading with ipchains
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
(Show other bugs)
Version: 9
Hardware: All Linux
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2004-01-28 23:44 UTC by Philip Shearer
Modified: 2007-04-18 17:02 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-30 15:41:49 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Opps from a 2.4.23 kernel -- same bug as in 2.4.20-8custom (4.21 KB, text/plain)
2004-01-28 23:51 UTC, Philip Shearer
no flags Details
Official kernel ChangeLog with "Fix ipchains MASQUERADE oops" mentioned (560 bytes, text/plain)
2004-01-28 23:56 UTC, Philip Shearer
no flags Details

Description Philip Shearer 2004-01-28 23:44:48 UTC
Description of problem:

Oops in kernel 2.4.20-8

Version-Release number of selected component (if applicable):
In all kernels from kernel-2.4.20-8 to kernel-2.4.23

How reproducible:

As soon as a number of packets have been sent from one network
to another the system locks up. This happens to frequently for
the gateway machine to be usable as a gateway. 

NB Sometimes the machine will crash even when there is no other
machines on the net and X windows is closed if Xwindows is set
up to use XDMCP. 

Steps to Reproduce:
1. Build a kernel with

2.enable ipchains MASQ
# Masqurade any other machine on the network
-A forward -s -d -p tcp -j MASQ
-A forward -s -d -p udp -j MASQ
-A forward -s -d -p icmp -j MASQ

send a few packets from one network to another via the RH9 
Actual results:

system hangs so abruptly that there is often not enough time for the
oops to be printed even on to a serial port. I finally captured this
one using kermit attached to a serial port.

From the oops here is the top of the stack:
 Trace; ce8afc0e <[ipchains]get_unique_tuple+16e/1c0>
 Trace; ce8b7180 <[ipchains]ip_nat_protocol_udp+0/40>
 Trace; ce8ac62b <[ipchains]invert_tuple+2b/30>
 Trace; ce8ad68b <[ipchains]invert_tuplepr+2b/30>
 Trace; ce8afcc1 <[ipchains]ip_nat_setup_info+61/310>
 Trace; c0250c4b <ip_route_output_slow+35b/6f0>

Expected results:

No Oops

Additional info:

This is a known kernel bug in the NETFILTER code and has been fixed in
version kernel-2.4.24. The code is identical to that use in the 2.6
and the bug was found by someone testing the 2.6.0 kernel. I belive it
has also been fixed in the 2.6.1 kernel.

It can be fixed by hand in the current kernel by editing
ip_fw_compat_masq.c and removing the two offending lines in the
function do_masquerade():

diff linux-2.4.20-8/net/ipv4/netfilter/ip_fw_compat_masq.c
<               place_in_hashes(ct, info);
<               info->initialized = 1;

diff -e linux-2.4.20-8/net/ipv4/netfilter/ip_fw_compat_masq.c

The work around is to use the recommended iptables instead of

Comment 1 Philip Shearer 2004-01-28 23:51:06 UTC
Created attachment 97317 [details]
Opps from a 2.4.23 kernel -- same bug as in 2.4.20-8custom

Opps caused by ipv4, ipchains and masquerade

Comment 2 Philip Shearer 2004-01-28 23:56:02 UTC
Created attachment 97319 [details]
Official kernel ChangeLog with "Fix ipchains MASQUERADE oops" mentioned

Comment 3 Bugzilla owner 2004-09-30 15:41:49 UTC
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/

Note You need to log in before you can comment on or make changes to this bug.