Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: iptables: Devel

nf_conntrack_ipv4 must be loaded explicitly

 

 

iptables devel RSS feed   Index | Next | Previous | View Threaded


jengelh at computergmbh

Aug 2, 2007, 11:11 AM

Post #1 of 5 (1195 views)
Permalink
nf_conntrack_ipv4 must be loaded explicitly

Hi,


in recent git kernels, I experience the following "regression" that no
packets traverse the nat table (esp. the POSTROUTING counters just stand
still) - and hence things like ping+SNAT do not work. Bisect nailed it
down to:

ff09b7493c8f433d3ffd6a31ad58d190f82ef0c5 is first bad commit
commit ff09b7493c8f433d3ffd6a31ad58d190f82ef0c5
Author: Yasuyuki Kozakai <yasuyuki.kozakai [at] toshiba>
Date: Sat Jul 7 22:25:28 2007 -0700

[NETFILTER]: nf_nat: remove unused nf_nat_module_is_loaded

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai [at] toshiba>
Signed-off-by: Patrick McHardy <kaber [at] trash>
Signed-off-by: David S. Miller <davem [at] davemloft>

:040000 040000 177886eca60385293ac736c8e4861a2d4910d90a 32e63b6a9399e1ea65dc6cd0b357ca811e4dc835 M include
:040000 040000 e1c20c3db28c927af62df067b2a20f8604a5fe06 84a277d1f81e3be9ce37ce6040c6d814ca20b3b0 M net


The diff from ff09b7^...ff09b7 made me think...

End result:

After loading nf_conntrack_ipv4.ko, everything works again (also with
the "bad" ff09b7). But I have to load it explicitly, and I think that
unfortunately breaks a lot of setups (such as mine) which assume ipv4
connection tracking is always there.

Comments?


Jan
--


kaber at trash

Aug 2, 2007, 11:33 AM

Post #2 of 5 (1128 views)
Permalink
Re: nf_conntrack_ipv4 must be loaded explicitly [In reply to]

Jan Engelhardt wrote
> in recent git kernels, I experience the following "regression" that no
> packets traverse the nat table (esp. the POSTROUTING counters just stand
> still) - and hence things like ping+SNAT do not work. Bisect nailed it
> down to:
>
> ff09b7493c8f433d3ffd6a31ad58d190f82ef0c5 is first bad commit
> commit ff09b7493c8f433d3ffd6a31ad58d190f82ef0c5
> Author: Yasuyuki Kozakai <yasuyuki.kozakai [at] toshiba>
> Date: Sat Jul 7 22:25:28 2007 -0700
>
> [NETFILTER]: nf_nat: remove unused nf_nat_module_is_loaded
>
> Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai [at] toshiba>
> Signed-off-by: Patrick McHardy <kaber [at] trash>
> Signed-off-by: David S. Miller <davem [at] davemloft>
>
> :040000 040000 177886eca60385293ac736c8e4861a2d4910d90a 32e63b6a9399e1ea65dc6cd0b357ca811e4dc835 M include
> :040000 040000 e1c20c3db28c927af62df067b2a20f8604a5fe06 84a277d1f81e3be9ce37ce6040c6d814ca20b3b0 M net
>
>
> The diff from ff09b7^...ff09b7 made me think...
>
> End result:
>
> After loading nf_conntrack_ipv4.ko, everything works again (also with
> the "bad" ff09b7). But I have to load it explicitly, and I think that
> unfortunately breaks a lot of setups (such as mine) which assume ipv4
> connection tracking is always there.
>

I already have a patch for this queued. I'll push it upstream once
I get a new power supply for the box I keep that tree on, hopefully
tommorrow.


jengelh at computergmbh

Aug 17, 2007, 3:43 AM

Post #3 of 5 (1100 views)
Permalink
Re: nf_conntrack_ipv4 must be loaded explicitly [In reply to]

On Aug 2 2007 20:33, Patrick McHardy wrote:
>> End result:
>>
>> After loading nf_conntrack_ipv4.ko, everything works again (also with the
>> "bad" ff09b7). But I have to load it explicitly, and I think that
>> unfortunately breaks a lot of setups (such as mine) which assume ipv4
>> connection tracking is always there.
>
> I already have a patch for this queued. I'll push it upstream once
> I get a new power supply for the box I keep that tree on, hopefully
> tommorrow.

What's that patch looking like?



thanks,
Jan
--


kaber at trash

Aug 23, 2007, 7:53 AM

Post #4 of 5 (1078 views)
Permalink
Re: nf_conntrack_ipv4 must be loaded explicitly [In reply to]

Jan Engelhardt wrote:
> On Aug 2 2007 20:33, Patrick McHardy wrote:
>
>>>End result:
>>>
>>>After loading nf_conntrack_ipv4.ko, everything works again (also with the
>>>"bad" ff09b7). But I have to load it explicitly, and I think that
>>>unfortunately breaks a lot of setups (such as mine) which assume ipv4
>>>connection tracking is always there.
>>
>>I already have a patch for this queued. I'll push it upstream once
>>I get a new power supply for the box I keep that tree on, hopefully
>>tommorrow.
>
>
> What's that patch looking like?


Upstream commit 591e6206. Doesn't it work for you?
Attachments: x (2.14 KB)


jengelh at computergmbh

Aug 23, 2007, 8:48 AM

Post #5 of 5 (1081 views)
Permalink
Re: nf_conntrack_ipv4 must be loaded explicitly [In reply to]

On Aug 23 2007 16:53, Patrick McHardy wrote:
>>>>After loading nf_conntrack_ipv4.ko, everything works again (also with the
>>>>"bad" ff09b7). But I have to load it explicitly, and I think that
>>>>unfortunately breaks a lot of setups (such as mine) which assume ipv4
>>>>connection tracking is always there.
>>>
>>>I already have a patch for this queued. I'll push it upstream once
>>>I get a new power supply for the box I keep that tree on, hopefully
>>>tommorrow.
>>
>>
>> What's that patch looking like?
>
>Upstream commit 591e6206. Doesn't it work for you?

I am sure it does, I just did not track the pulls or the log that
closely. Thanks for pointing out.


Jan
--

iptables devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.