Red Hat Bugzilla – Bug 133788
ip_conntrack_in: Frag of proto 17
Last modified: 2015-01-04 17:10:02 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2)
Description of problem:
I have been using SFS (http://www.fs.net/sfswww/) for quite a while
but it has failed when I upgraded to the mentioned kernel. The failure
is that I cannot access any files on the remote sfs server, i.e. the
linux box with the problem runs the sfs client.
The problem appears to be linked with the ip_conntrack module as it is
causing a lot of log entries in /var/log/messages:
Sep 27 15:38:25 overmind kernel: ip_conntrack_in: Frag of proto 17
Sep 27 15:39:21 overmind last message repeated 3 times
Sep 27 15:40:29 overmind last message repeated 2 times
Sep 27 15:42:17 overmind last message repeated 3 times
Sep 27 15:44:13 overmind last message repeated 4 times
Sep 27 15:46:09 overmind last message repeated 4 times
Sep 27 15:46:33 overmind last message repeated 2 times
The messages stop when I stop the sfs client daemon. I have googled
for a solution but none appears to be available. The cause seems to be
that the ip_conntrack limits all packets to at most 8191 bytes. The
sfs client produces larger packets (UDP) and ip_conntrack fails to
handle those. SFS is effectively disabled as of kernel 2.6.8 (possibly
earlier, I didn't try every released kernel). According to articles
mentioning the problem, this happens for every loopback UDP NFS mount.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Load ip_conntrack module.
2. Make a loopback UDP NFS mount and use large rsize/wsize.
3. Access files on the loopback.
Actual Results: Command paused and ip_conntrack_in messages are logged.
Expected Results: Normal filesystem access should happen.
As I am depending on SFS I would really like to see this bug fixed
fast as I have to use older kernels (with other bugs) while I wait.
Created attachment 104488 [details]
Fix for netfilter defrag bug
This patch, from Patrick McHardy which I am about
to push upstream, fixes the problem.
fixed in updates ?
Fedora Core 2 has now reached end of life, and no further updates will be
provided by Red Hat. The Fedora legacy project will be producing further kernel
updates for security problems only.
If this bug has not been fixed in the latest Fedora Core 2 update kernel, please
try to reproduce it under Fedora Core 3, and reopen if necessary, changing the
product version accordingly.