This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 845435 - "--queue-bypass" backport
"--queue-bypass" backport
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: iptables (Show other bugs)
6.2
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Thomas Woerner
Ales Zelinka
: FutureFeature, Patch
Depends On: 854259
Blocks: 1067042
  Show dependency treegraph
 
Reported: 2012-08-03 01:54 EDT by Khramov Anton
Modified: 2014-02-19 09:46 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 854259 1061183 1067042 (view as bug list)
Environment:
Last Closed: 2013-11-21 18:34:21 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
kernel patch for queue-bypass (11.95 KB, application/octet-stream)
2012-08-03 01:58 EDT, Khramov Anton
no flags Details
iptables queue-bypass patch (4.66 KB, patch)
2012-08-03 01:59 EDT, Khramov Anton
no flags Details | Diff

  None (edit)
Description Khramov Anton 2012-08-03 01:54:27 EDT
Description of problem:

I've backported 'queue bypass' patch from 2.6.39 to RHEL 2.6.32 kernel
 (centos6.2). Many thanks to Florian Westphal.

 The origin patches I used:
https://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=6924b4987d88fbe383bec4da4cf331cc466c245e
https://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=3c461ceeed5f55599930051f6feaec014b08f730
http://bugzilla.netfilter.org/show_bug.cgi?id=778
http://thread.gmane.org/gmane.linux.network/184302/focus=184239 (patches 72-75)

 Patches attached are ready to be applied by rpmbuild spec.

 It works fine for me but I would like to publish it for review. Maybe
 someone needs this functionality too or will find some bugs. It would be great if you implement it in your stable kernel.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Khramov Anton 2012-08-03 01:57:11 EDT
Pleae ignore the http://bugzilla.netfilter.org/show_bug.cgi?id=778 link. My patch doesn't contain this code.
Comment 2 Khramov Anton 2012-08-03 01:58:34 EDT
Created attachment 602066 [details]
kernel patch for queue-bypass
Comment 3 Khramov Anton 2012-08-03 01:59:58 EDT
Created attachment 602068 [details]
iptables queue-bypass patch
Comment 5 Thomas Woerner 2012-09-04 10:03:02 EDT
I have created kernel bug for this. The kernel part needs to be done first.
Comment 7 RHEL Product and Program Management 2012-12-14 03:01:43 EST
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 8 Khramov Anton 2012-12-14 03:53:34 EST
Please implement this feature in next redhat releases.
Comment 11 Ales Zelinka 2013-10-28 12:57:45 EDT
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: TEST PROTOCOL
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Package       : iptables
:: [   LOG    ] :: Installed:    : iptables-1.4.7-11.el6.i686 
:: [   LOG    ] :: Test started  : 2013-10-28 12:55:41 EDT
:: [   LOG    ] :: Test finished : 2013-10-28 12:55:49 EDT
:: [   LOG    ] :: Test name     : /CoreOS/iptables/Sanity/NFQUEUE-queue-bypass
:: [   LOG    ] :: Distro:       : Red Hat Enterprise Linux Server release 6.5 Beta (Santiago)
:: [   LOG    ] :: Hostname      : auto-i386-001.ss.eng.bos.redhat.com
:: [   LOG    ] :: Architecture  : i686

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Test description
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

PURPOSE of /CoreOS/iptables/Sanity/NFQUEUE-queue-bypass
Description: Test for BZ#845435 ("--queue-bypass" backport)
Author: Ales Zelinka <azelinka@redhat.com>
Bug summary: "--queue-bypass" backport
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=845435


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: control-ping
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'ping -w 2 -c 2 localhost' (Expected 0, got 0)
:: [   LOG    ] :: Duration: 2s
:: [   LOG    ] :: Assertions: 1 good, 0 bad
:: [   PASS   ] :: RESULT: control-ping

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: NFQUEUE-no-listener
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: queue all icmp for userspace processing (Expected 0, got 0)
:: [   PASS   ] :: ping localhost - none is listening on queue so packets will be dropped (Expected 1-255, got 1)
:: [   PASS   ] :: removing the queue rule (Expected 0, got 0)
:: [   LOG    ] :: Duration: 3s
:: [   LOG    ] :: Assertions: 3 good, 0 bad
:: [   PASS   ] :: RESULT: NFQUEUE-no-listener

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: NFQUEUE-no-listener-bypass
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: queue all icmp for userspace processing, bypass if no one is listening (Expected 0, got 0)
:: [   PASS   ] :: ping localhost - none is listening on queue - bypass will make packets go through (Expected 0, got 0)
:: [   PASS   ] :: removing the queue rule (Expected 0, got 0)
:: [   LOG    ] :: Duration: 2s
:: [   LOG    ] :: Assertions: 3 good, 0 bad
:: [   PASS   ] :: RESULT: NFQUEUE-no-listener-bypass

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: /CoreOS/iptables/Sanity/NFQUEUE-queue-bypass
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Phases: 3 good, 0 bad
:: [   PASS   ] :: RESULT: /CoreOS/iptables/Sanity/NFQUEUE-queue-bypass
Comment 12 errata-xmlrpc 2013-11-21 18:34:21 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1710.html

Note You need to log in before you can comment on or make changes to this bug.