Hello, I am using the IMQ with iptables (latest versions) and asking all packets to be enqueued to IMQ0 from both prerouting and postrouting (using different iptables rules to mark different streams). When I do this I get the kernel saying: "Dead loop on netdevice imq0, fix it urgently!" and communications stop intermittently. If I remove the jump from either preroute or postroute it works fine but won''t work together. Is this what is mean''t to happen, because as far as I can see there is no loop happening here? Thanks and regards, Andrew. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Patrick McHardy
2003-Feb-19 11:43 UTC
Re: IMQ device problems with iptables: dead looping?
Andrew Hall wrote:>Hello, > >I am using the IMQ with iptables (latest versions) and asking all packets to >be enqueued to IMQ0 from both prerouting and postrouting (using different >iptables rules to mark different streams). When I do this I get the kernel >saying: > >"Dead loop on netdevice imq0, fix it urgently!" and communications stop >intermittently. If I remove the jump from either preroute or postroute it >works fine but won''t work together. > >Is this what is mean''t to happen, because as far as I can see there is no >loop happening here? >You probably forward packets. The loop happening ist input-device -> prerouting -> imq (xmit_lock locked) -> reinject -> ... -> postrouting -> imq (LOCKED!!) To avoid this one has to drop xmit_lock in imq_xmit function before reinjecteing and grab it back afterwards. unfortunately this allows for endless recursion which is not possible in the kernel due to limited stack space. I''ve completed a version which should hopefully fix this as many people requested such a feature. I haven''t released it yet because i have to do alot for my university atm and haven''t got the time for testing although i promised the new version to some people for january ;( In about two weeks my semester-vacation start, i hope to release the new version very quickly afterwards. Thanks for your patience, Patrick _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi Patrick, Just wondering if you''ve had a chance to get your new version of the IMQ device completed as yet to fix this deadlooping problem? thanks and regards, Andrew. ----- Original Message ----- From: "Patrick McHardy" <kaber@trash.net> To: "Andrew Hall" <temp02@bluereef.com.au> Cc: <lartc@mailman.ds9a.nl> Sent: Wednesday, February 19, 2003 9:43 PM Subject: Re: IMQ device problems with iptables: dead looping?> Andrew Hall wrote: > > >Hello, > > > >I am using the IMQ with iptables (latest versions) and asking all packetsto> >be enqueued to IMQ0 from both prerouting and postrouting (using different > >iptables rules to mark different streams). When I do this I get thekernel> >saying: > > > >"Dead loop on netdevice imq0, fix it urgently!" and communications stop > >intermittently. If I remove the jump from either preroute or postroute it > >works fine but won''t work together. > > > >Is this what is mean''t to happen, because as far as I can see there is no > >loop happening here? > > > > You probably forward packets. The loop happening ist > input-device -> prerouting -> imq (xmit_lock locked) -> reinject -> ... > -> postrouting -> imq (LOCKED!!) > > To avoid this one has to drop xmit_lock in imq_xmit function before > reinjecteing and grab it back afterwards. > unfortunately this allows for endless recursion which is not possible in > the kernel due to limited stack space. > I''ve completed a version which should hopefully fix this as many people > requested such a feature. > I haven''t released it yet because i have to do alot for my university > atm and haven''t got the time for testing > although i promised the new version to some people for january ;( > In about two weeks my semester-vacation start, i hope to release the new > version very quickly afterwards. > > Thanks for your patience, > Patrick > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/