bugzilla-daemon@netfilter.org
2003-Mar-06 11:57 UTC
[Bug 59] sparc64 conntrack issue with expecting related connections, FTP
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=59
laforge@netfilter.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@netfilter.org
2003-Mar-31 20:07 UTC
[Bug 59] sparc64 conntrack issue with expecting related connections, FTP
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=59
laforge@netfilter.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |chris.poon@telus.com
Status|ASSIGNED |RESOLVED
Resolution| |INVALID
------- Additional Comments From laforge@netfilter.org 2003-03-31 22:07 -------
I have tested a 2.4.18 kernel on sparc64 and ftp conntrack works out of the box.
What patches did you apply?
can you point me to instructions on how to exactly reproduce this bug?
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@netfilter.org
2003-Apr-01 08:15 UTC
[Bug 59] sparc64 conntrack issue with expecting related connections, FTP
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=59
laforge@netfilter.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |
------- Additional Comments From laforge@netfilter.org 2003-04-01 10:15
------->From Chris:
I believe this problem only shows up when the PPTP NAT patch is
applied. That particular patch changed some of the fields to 32 bits
or 64 bits in ip_conntrack_manip_proto and ip_conntrack_tuple in
ip_conntrack_tuple.h. When setting the mask for the expectation
of related connections for FTP, the code in ip_conntrack_ftp.c didn't
specify the individual fields when building the mask structure. I
believe I have sent a patch to the mailing list in early February
regarding this, but I don't know if the later patches from others that
changed the structure initializations to use C99 style would have
covered this off.
To test it, I would put these very simple rules sets
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP
and test out FTP. I personally have added some logging rules and
have modified the code to dump the tuples when trying to match up
the incoming packet with the expected connection hash.
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@netfilter.org
2003-Apr-01 08:15 UTC
[Bug 59] sparc64 conntrack issue with expecting related connections, FTP
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=59
laforge@netfilter.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution| |DUPLICATE
------- Additional Comments From laforge@netfilter.org 2003-04-01 10:15 -------
*** This bug has been marked as a duplicate of 41 ***
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Reasonably Related Threads
- [Bug 59] New: sparc64 conntrack issue with expecting related connections, FTP
- [Bug 41] New: pptp-conntrack-nat and sparc64 structures/padding/maskcomp bug
- [Bug 47] conntrack breaks nfs, corrupted packets
- [Bug 49] TCP conntrack entries with huge timeouts
- [Bug 91] conntrack unload loops forever (reproducible)