Bug 30661 - zerocopy breaks masquerading
Summary: zerocopy breaks masquerading
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel
Version: 7.1
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Michael K. Johnson
QA Contact: Brock Organ
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2001-03-05 17:22 UTC by Michael K. Johnson
Modified: 2007-03-27 03:41 UTC (History)
3 users (show)

Clone Of:
Last Closed: 2001-03-06 22:53:51 UTC

Attachments (Terms of Use)

Description Michael K. Johnson 2001-03-05 17:22:28 UTC
Masquerading has been reported broken by zerocopy.  This is

Comment 1 Arjan van de Ven 2001-03-06 10:52:11 UTC
As per request more info

-- SNIP --

This is going to hurt a lot of cablemodem users if we ship a combination with
that bug
Forwarded message:
> From rusty@linuxcare.com.au  Mon Mar  5 00:43:20 2001
> From: Rusty Russell <rusty@linuxcare.com.au>
> To: wroberts1@home.com
> Cc: alan@redhat.com
> Subject: Re: 2.4.2 and iptables_nat forwarding aint so hot
> In-reply-to: Your message of "Sat, 03 Mar 2001 15:52:52 -0800."
>              <20010303155252.A1897@cx983858-b.orng1.occa.home.com>
> Date: Mon, 05 Mar 2001 16:42:14 +1100
> Sender: rusty@linuxcare.com.au
> Message-Id: <E14Znl9-0007ox-00@halfway>
> In message <20010303155252.A1897@cx983858-b.orng1.occa.home.com> you write:
> > Today I tried upgrading to 2.4.2ac10 and use instructions on section
> > 4.1 of nat-howto:
> >
> > modprobe iptable_nat
> > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> >
> > I try to ping thru the thing, and I only get one reply.
> > After trying that a few times, 2.4.2ac10 locked hard.
> Yeah, zero copy went in.  I'm not all that surprised.
> Rusty.

Comment 2 Derek Tattersall 2001-03-06 19:38:25 UTC
Using kernel 2.4.2-0.1.19
and following Rusty's instructions to Arjan above.
I was able to ping from the "NATee" through the "NATor" to locations both within
and without Meridian.  I also FTP'ed to metalab.  I could find no anomalies, no
lockups or oopses.

Network Diagram

NATee			   NATor    Outside world

Comment 3 David Miller 2001-03-06 20:28:40 UTC
Probably, you aren't using a zerocopy-capable ethernet card in your
testing.  For 100-baseT ethernet this currently means a 3c59x card.
We think this is necessary to reproduce at this point.

Comment 4 Michael K. Johnson 2001-03-07 15:35:21 UTC
No one else can replicate this bug, after extremely exhaustive testing.

Note You need to log in before you can comment on or make changes to this bug.