Bug 30661 - zerocopy breaks masquerading
zerocopy breaks masquerading
Status: CLOSED WORKSFORME
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
7.1
All Linux
high Severity medium
: ---
: ---
Assigned To: Michael K. Johnson
Brock Organ
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-03-05 12:22 EST by Michael K. Johnson
Modified: 2007-03-26 23:41 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-03-06 17:53:51 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michael K. Johnson 2001-03-05 12:22:28 EST
Masquerading has been reported broken by zerocopy.  This is
must-fix...
Comment 1 Arjan van de Ven 2001-03-06 05:52:11 EST
As per request more info

-- SNIP --

This is going to hurt a lot of cablemodem users if we ship a combination with
that bug
 
Forwarded message:
> From rusty@linuxcare.com.au  Mon Mar  5 00:43:20 2001
> From: Rusty Russell <rusty@linuxcare.com.au>
> To: wroberts1@home.com
> Cc: alan@redhat.com
> Subject: Re: 2.4.2 and iptables_nat forwarding aint so hot
> In-reply-to: Your message of "Sat, 03 Mar 2001 15:52:52 -0800."
>              <20010303155252.A1897@cx983858-b.orng1.occa.home.com>
> Date: Mon, 05 Mar 2001 16:42:14 +1100
> Sender: rusty@linuxcare.com.au
> Message-Id: <E14Znl9-0007ox-00@halfway>
>
> In message <20010303155252.A1897@cx983858-b.orng1.occa.home.com> you write:
> > Today I tried upgrading to 2.4.2ac10 and use instructions on section
> > 4.1 of nat-howto:
> >
> > modprobe iptable_nat
> > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> >
> > I try to ping thru the thing, and I only get one reply.
> > After trying that a few times, 2.4.2ac10 locked hard.
>
> Yeah, zero copy went in.  I'm not all that surprised.
>
> Rusty.
Comment 2 Derek Tattersall 2001-03-06 14:38:25 EST
Using kernel 2.4.2-0.1.19
and following Rusty's instructions to Arjan above.
I was able to ping from the "NATee" through the "NATor" to locations both within
and without Meridian.  I also FTP'ed to metalab.  I could find no anomalies, no
lockups or oopses.

Network Diagram

NATee			   NATor
192.168.0.1      192.168.0.20 207.175.44.115    Outside world
Comment 3 David Miller 2001-03-06 15:28:40 EST
Probably, you aren't using a zerocopy-capable ethernet card in your
testing.  For 100-baseT ethernet this currently means a 3c59x card.
We think this is necessary to reproduce at this point.
Comment 4 Michael K. Johnson 2001-03-07 10:35:21 EST
No one else can replicate this bug, after extremely exhaustive testing.

Note You need to log in before you can comment on or make changes to this bug.