Bug 114514 - kernel oops caused by using masquerading with ipchains
kernel oops caused by using masquerading with ipchains
Status: CLOSED WONTFIX
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
9
All Linux
medium Severity high
: ---
: ---
Assigned To: Arjan van de Ven
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-01-28 18:44 EST by Philip Shearer
Modified: 2007-04-18 13:02 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-30 11:41:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Opps from a 2.4.23 kernel -- same bug as in 2.4.20-8custom (4.21 KB, text/plain)
2004-01-28 18:51 EST, Philip Shearer
no flags Details
Official kernel ChangeLog with "Fix ipchains MASQUERADE oops" mentioned (560 bytes, text/plain)
2004-01-28 18:56 EST, Philip Shearer
no flags Details

  None (edit)
Description Philip Shearer 2004-01-28 18:44:48 EST
Description of problem:

Oops in kernel 2.4.20-8

Version-Release number of selected component (if applicable):
In all kernels from kernel-2.4.20-8 to kernel-2.4.23

How reproducible:

As soon as a number of packets have been sent from one network
to another the system locks up. This happens to frequently for
the gateway machine to be usable as a gateway. 

NB Sometimes the machine will crash even when there is no other
machines on the net and X windows is closed if Xwindows is set
up to use XDMCP. 

Steps to Reproduce:
1. Build a kernel with
CONFIG_IP_NF_TARGET_MASQUERADE=m 
CONFIG_IP_NF_COMPAT_IPCHAINS=m

2.enable ipchains MASQ
/etc/sysconfig/ipchains
#
# Masqurade any other machine on the network
#
-A forward -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p tcp -j MASQ
-A forward -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p udp -j MASQ
-A forward -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p icmp -j MASQ

3.
send a few packets from one network to another via the RH9 
kernel.
  
Actual results:

system hangs so abruptly that there is often not enough time for the
oops to be printed even on to a serial port. I finally captured this
one using kermit attached to a serial port.

From the oops here is the top of the stack:
 Trace; ce8afc0e <[ipchains]get_unique_tuple+16e/1c0>
 Trace; ce8b7180 <[ipchains]ip_nat_protocol_udp+0/40>
 Trace; ce8ac62b <[ipchains]invert_tuple+2b/30>
 Trace; ce8ad68b <[ipchains]invert_tuplepr+2b/30>
 Trace; ce8afcc1 <[ipchains]ip_nat_setup_info+61/310>
 Trace; c0250c4b <ip_route_output_slow+35b/6f0>
[snip]

Expected results:

No Oops

Additional info:

This is a known kernel bug in the NETFILTER code and has been fixed in
version kernel-2.4.24. The code is identical to that use in the 2.6
and the bug was found by someone testing the 2.6.0 kernel. I belive it
has also been fixed in the 2.6.1 kernel.

It can be fixed by hand in the current kernel by editing
ip_fw_compat_masq.c and removing the two offending lines in the
function do_masquerade():

diff linux-2.4.20-8/net/ipv4/netfilter/ip_fw_compat_masq.c
linux-2.4.24/net/ipv4/netfilter/ip_fw_compat_masq.c
94,96d93
<
<               place_in_hashes(ct, info);
<               info->initialized = 1;

diff -e linux-2.4.20-8/net/ipv4/netfilter/ip_fw_compat_masq.c
linux-2.4.24/net/ipv4/netfilter/ip_fw_compat_masq.c
94,96d

The work around is to use the recommended iptables instead of
ipchains.
Comment 1 Philip Shearer 2004-01-28 18:51:06 EST
Created attachment 97317 [details]
Opps from a 2.4.23 kernel -- same bug as in 2.4.20-8custom

Opps caused by ipv4, ipchains and masquerade
Comment 2 Philip Shearer 2004-01-28 18:56:02 EST
Created attachment 97319 [details]
Official kernel ChangeLog with "Fix ipchains MASQUERADE oops" mentioned
Comment 3 Bugzilla owner 2004-09-30 11:41:49 EDT
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem
persists.

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/

Note You need to log in before you can comment on or make changes to this bug.