Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 845435

Summary: "--queue-bypass" backport
Product: Red Hat Enterprise Linux 6 Reporter: Khramov Anton <kay.diam>
Component: iptablesAssignee: Thomas Woerner <twoerner>
Status: CLOSED ERRATA QA Contact: Ales Zelinka <azelinka>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.2CC: azelinka, pknirsch
Target Milestone: rcKeywords: FutureFeature, Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 854259 1061183 1067042 (view as bug list) Environment:
Last Closed: 2013-11-21 23:34:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 854259    
Bug Blocks: 1067042    
Attachments:
Description Flags
kernel patch for queue-bypass
none
iptables queue-bypass patch none

Description Khramov Anton 2012-08-03 05:54:27 UTC 
Description of problem:

I've backported 'queue bypass' patch from 2.6.39 to RHEL 2.6.32 kernel
 (centos6.2). Many thanks to Florian Westphal.

 The origin patches I used:
https://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=6924b4987d88fbe383bec4da4cf331cc466c245e
https://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=3c461ceeed5f55599930051f6feaec014b08f730
http://bugzilla.netfilter.org/show_bug.cgi?id=778
http://thread.gmane.org/gmane.linux.network/184302/focus=184239 (patches 72-75)

 Patches attached are ready to be applied by rpmbuild spec.

 It works fine for me but I would like to publish it for review. Maybe
 someone needs this functionality too or will find some bugs. It would be great if you implement it in your stable kernel.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Khramov Anton 2012-08-03 05:57:11 UTC 
Pleae ignore the http://bugzilla.netfilter.org/show_bug.cgi?id=778 link. My patch doesn't contain this code.
Comment 2 Khramov Anton 2012-08-03 05:58:34 UTC 
Created attachment 602066 [details]
kernel patch for queue-bypass
Comment 3 Khramov Anton 2012-08-03 05:59:58 UTC 
Created attachment 602068 [details]
iptables queue-bypass patch
Comment 5 Thomas Woerner 2012-09-04 14:03:02 UTC 
I have created kernel bug for this. The kernel part needs to be done first.
Comment 7 RHEL Program Management 2012-12-14 08:01:43 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 8 Khramov Anton 2012-12-14 08:53:34 UTC 
Please implement this feature in next redhat releases.
Comment 11 Ales Zelinka 2013-10-28 16:57:45 UTC 
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: TEST PROTOCOL
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Package       : iptables
:: [   LOG    ] :: Installed:    : iptables-1.4.7-11.el6.i686 
:: [   LOG    ] :: Test started  : 2013-10-28 12:55:41 EDT
:: [   LOG    ] :: Test finished : 2013-10-28 12:55:49 EDT
:: [   LOG    ] :: Test name     : /CoreOS/iptables/Sanity/NFQUEUE-queue-bypass
:: [   LOG    ] :: Distro:       : Red Hat Enterprise Linux Server release 6.5 Beta (Santiago)
:: [   LOG    ] :: Hostname      : auto-i386-001.ss.eng.bos.redhat.com
:: [   LOG    ] :: Architecture  : i686

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Test description
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

PURPOSE of /CoreOS/iptables/Sanity/NFQUEUE-queue-bypass
Description: Test for BZ#845435 ("--queue-bypass" backport)
Author: Ales Zelinka <azelinka>
Bug summary: "--queue-bypass" backport
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=845435


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: control-ping
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'ping -w 2 -c 2 localhost' (Expected 0, got 0)
:: [   LOG    ] :: Duration: 2s
:: [   LOG    ] :: Assertions: 1 good, 0 bad
:: [   PASS   ] :: RESULT: control-ping

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: NFQUEUE-no-listener
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: queue all icmp for userspace processing (Expected 0, got 0)
:: [   PASS   ] :: ping localhost - none is listening on queue so packets will be dropped (Expected 1-255, got 1)
:: [   PASS   ] :: removing the queue rule (Expected 0, got 0)
:: [   LOG    ] :: Duration: 3s
:: [   LOG    ] :: Assertions: 3 good, 0 bad
:: [   PASS   ] :: RESULT: NFQUEUE-no-listener

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: NFQUEUE-no-listener-bypass
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: queue all icmp for userspace processing, bypass if no one is listening (Expected 0, got 0)
:: [   PASS   ] :: ping localhost - none is listening on queue - bypass will make packets go through (Expected 0, got 0)
:: [   PASS   ] :: removing the queue rule (Expected 0, got 0)
:: [   LOG    ] :: Duration: 2s
:: [   LOG    ] :: Assertions: 3 good, 0 bad
:: [   PASS   ] :: RESULT: NFQUEUE-no-listener-bypass

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: /CoreOS/iptables/Sanity/NFQUEUE-queue-bypass
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Phases: 3 good, 0 bad
:: [   PASS   ] :: RESULT: /CoreOS/iptables/Sanity/NFQUEUE-queue-bypass
Comment 12 errata-xmlrpc 2013-11-21 23:34:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1710.html