bugzilla-daemon at netfilter.org
2013-May-22 00:53 UTC
[Bug 822] New: iptables shows negative or other bad packet/byte counts
https://bugzilla.netfilter.org/show_bug.cgi?id=822 Summary: iptables shows negative or other bad packet/byte counts Product: iptables Version: unspecified Platform: All OS/Version: Fedora Status: NEW Severity: critical Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: argsvygre at zacglen.net Estimated Hours: 0.0 Under heavy system load iptables 1.4.5 can show negative or otherwise bad packet and byte counts when using "iptables -L -v". Here is one such example:>Chain acct (168 references) > pkts bytes target prot opt in out source destination >18446744073709551579 18446744073709538670 ACCEPT all -- eth0+ * 0.0.0.0/0 0.0.0.0/0 >18446744073709551593 6156 ACCEPT all -- * eth0+ 0.0.0.0/0 0.0.0.0/0The value 18446744073709551579 is 0xFFFFFFFFFFFFFFDB On other occasions I have observed values such as 18446744073763221504 (0x1000000000332F000) with just the high bit (64) set. This only appear to occur under heavy system load for some reason. -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
bugzilla-daemon at netfilter.org
2013-May-23 11:45 UTC
[Bug 822] iptables shows negative or other bad packet/byte counts
https://bugzilla.netfilter.org/show_bug.cgi?id=822 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |pablo at netfilter.org --- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> 2013-05-23 13:45:15 CEST --- That iptables version is almost 4 years old. Please, retest with current (1.4.18). You don't mention your kernel version either. -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
bugzilla-daemon at netfilter.org
2013-May-29 18:30 UTC
[Bug 822] iptables shows negative or other bad packet/byte counts
https://bugzilla.netfilter.org/show_bug.cgi?id=822 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |netfilter at linuxace.com --- Comment #2 from Phil Oester <netfilter at linuxace.com> 2013-05-29 20:29:59 CEST --- This is almost certainly a race condition, due to multiple iptables instances running simultaneously. Likely a duplicate of bug 764, and an effect of bug 325 (no locking in iptables). -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
bugzilla-daemon at netfilter.org
2013-Jun-11 16:02 UTC
[Bug 822] iptables shows negative or other bad packet/byte counts
https://bugzilla.netfilter.org/show_bug.cgi?id=822 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #3 from Phil Oester <netfilter at linuxace.com> 2013-06-11 18:02:04 CEST --- This has been resolved via the addition of locking in ip[6]tables via commit 93587a04 ("ip[6]tables: Add locking to prevent concurrent instances"). This should appear in 1.4.20. Closing. -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
Possibly Parallel Threads
- [Bug 823] New: IPv6 NAT memory leaking
- [Bug 877] New: nftables - Set - define core dumps
- [Bug 886] New: iptables-xml segfaults on "-APOSTROUTING"
- [Bug 857] New: ConnLimit unable to work properly
- [Bug 864] New: Verbose output options rejected when modifying chains