Red Hat Bugzilla – Bug 114514
kernel oops caused by using masquerading with ipchains
Last modified: 2007-04-18 13:02:18 EDT
Description of problem: Oops in kernel 2.4.20-8 Version-Release number of selected component (if applicable): In all kernels from kernel-2.4.20-8 to kernel-2.4.23 How reproducible: As soon as a number of packets have been sent from one network to another the system locks up. This happens to frequently for the gateway machine to be usable as a gateway. NB Sometimes the machine will crash even when there is no other machines on the net and X windows is closed if Xwindows is set up to use XDMCP. Steps to Reproduce: 1. Build a kernel with CONFIG_IP_NF_TARGET_MASQUERADE=m CONFIG_IP_NF_COMPAT_IPCHAINS=m 2.enable ipchains MASQ /etc/sysconfig/ipchains # # Masqurade any other machine on the network # -A forward -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p tcp -j MASQ -A forward -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p udp -j MASQ -A forward -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p icmp -j MASQ 3. send a few packets from one network to another via the RH9 kernel. Actual results: system hangs so abruptly that there is often not enough time for the oops to be printed even on to a serial port. I finally captured this one using kermit attached to a serial port. From the oops here is the top of the stack: Trace; ce8afc0e <[ipchains]get_unique_tuple+16e/1c0> Trace; ce8b7180 <[ipchains]ip_nat_protocol_udp+0/40> Trace; ce8ac62b <[ipchains]invert_tuple+2b/30> Trace; ce8ad68b <[ipchains]invert_tuplepr+2b/30> Trace; ce8afcc1 <[ipchains]ip_nat_setup_info+61/310> Trace; c0250c4b <ip_route_output_slow+35b/6f0> [snip] Expected results: No Oops Additional info: This is a known kernel bug in the NETFILTER code and has been fixed in version kernel-2.4.24. The code is identical to that use in the 2.6 and the bug was found by someone testing the 2.6.0 kernel. I belive it has also been fixed in the 2.6.1 kernel. It can be fixed by hand in the current kernel by editing ip_fw_compat_masq.c and removing the two offending lines in the function do_masquerade(): diff linux-2.4.20-8/net/ipv4/netfilter/ip_fw_compat_masq.c linux-2.4.24/net/ipv4/netfilter/ip_fw_compat_masq.c 94,96d93 < < place_in_hashes(ct, info); < info->initialized = 1; diff -e linux-2.4.20-8/net/ipv4/netfilter/ip_fw_compat_masq.c linux-2.4.24/net/ipv4/netfilter/ip_fw_compat_masq.c 94,96d The work around is to use the recommended iptables instead of ipchains.
Created attachment 97317 [details] Opps from a 2.4.23 kernel -- same bug as in 2.4.20-8custom Opps caused by ipv4, ipchains and masquerade
Created attachment 97319 [details] Official kernel ChangeLog with "Fix ipchains MASQUERADE oops" mentioned
Thanks for the bug report. However, Red Hat no longer maintains this version of the product. Please upgrade to the latest version and open a new bug if the problem persists. The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, and if you believe this bug is interesting to them, please report the problem in the bug tracker at: http://bugzilla.fedora.us/