Bug 133788 - ip_conntrack_in: Frag of proto 17
ip_conntrack_in: Frag of proto 17
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Dave Jones
Brian Brock
http://lists.netfilter.org/pipermail/...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-09-27 09:57 EDT by Bernhard Ege
Modified: 2015-01-04 17:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-16 00:57:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Fix for netfilter defrag bug (1.27 KB, patch)
2004-09-28 23:56 EDT, David Miller
no flags Details | Diff

  None (edit)
Description Bernhard Ege 2004-09-27 09:57:35 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2)
Gecko/20040803

Description of problem:
I have been using SFS (http://www.fs.net/sfswww/) for quite a while
but it has failed when I upgraded to the mentioned kernel. The failure
is that I cannot access any files on the remote sfs server, i.e. the
linux box with the problem runs the sfs client.

The problem appears to be linked with the ip_conntrack module as it is
causing a lot of log entries in /var/log/messages:

Sep 27 15:38:25 overmind kernel: ip_conntrack_in: Frag of proto 17
(hook=0)
Sep 27 15:39:21 overmind last message repeated 3 times
Sep 27 15:40:29 overmind last message repeated 2 times
Sep 27 15:42:17 overmind last message repeated 3 times
Sep 27 15:44:13 overmind last message repeated 4 times
Sep 27 15:46:09 overmind last message repeated 4 times
Sep 27 15:46:33 overmind last message repeated 2 times

The messages stop when I stop the sfs client daemon. I have googled
for a solution but none appears to be available. The cause seems to be
that the ip_conntrack limits all packets to at most 8191 bytes. The
sfs client produces larger packets (UDP) and ip_conntrack fails to
handle those. SFS is effectively disabled as of kernel 2.6.8 (possibly
earlier, I didn't try every released kernel). According to articles
mentioning the problem, this happens for every loopback UDP NFS mount.


Version-Release number of selected component (if applicable):
kernel-2.6.8-1.521

How reproducible:
Always

Steps to Reproduce:
1. Load ip_conntrack module.
2. Make a loopback UDP NFS mount and use large rsize/wsize.
3. Access files on the loopback.



Actual Results:  Command paused and ip_conntrack_in messages are logged.

Expected Results:  Normal filesystem access should happen.

Additional info:

As I am depending on SFS I would really like to see this bug fixed
fast as I have to use older kernels (with other bugs) while I wait.
Comment 1 David Miller 2004-09-28 23:56:17 EDT
Created attachment 104488 [details]
Fix for netfilter defrag bug

This patch, from Patrick McHardy which I am about
to push upstream, fixes the problem.
Comment 2 Dave Jones 2004-11-20 15:25:30 EST
fixed in updates ?
Comment 3 Dave Jones 2005-04-16 00:57:27 EDT
Fedora Core 2 has now reached end of life, and no further updates will be
provided by Red Hat.  The Fedora legacy project will be producing further kernel
updates for security problems only.

If this bug has not been fixed in the latest Fedora Core 2 update kernel, please
try to reproduce it under Fedora Core 3, and reopen if necessary, changing the
product version accordingly.

Thank you.

Note You need to log in before you can comment on or make changes to this bug.