bugzilla-daemon at netfilter.org
2023-Apr-14 09:11 UTC
[Bug 1672] New: bug egress hook virtio interface with VLAN
https://bugzilla.netfilter.org/show_bug.cgi?id=1672 Bug ID: 1672 Summary: bug egress hook virtio interface with VLAN Product: nftables Version: 1.0.x Hardware: All OS: other Status: NEW Severity: normal Priority: P5 Component: kernel Assignee: pablo at netfilter.org Reporter: r.gabet at biche.org Linux test 6.2.10-arch1-1 #1 SMP PREEMPT_DYNAMIC Fri, 07 Apr 2023 02:10:43 +0000 x86_64 GNU/Linux nftables v1.0.7 (Old Doc Yak) dhcpcd 9.4.1 isc-dhclient-4.4.3-P1 virtio interface : enp6s19 E1000 interface : enp6s20 I made tests with this ruleset : table netdev filter { chain egress { type filter hook egress device "enp6s19.100" priority filter; policy accept; meta nftrace set 1 log group 30 udp sport 68 udp dport 67 counter packets 0 bytes 0 } chain egress2 { type filter hook egress device "enp6s20.100" priority filter; policy accept; meta nftrace set 1 log group 31 udp sport 68 udp dport 67 counter packets 0 bytes 0 } } With virtio, captured packet : tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on nflog:30, link-type NFLOG (Linux netfilter log messages), snapshot length 262144 bytes 10:02:24.310780 version 0, resource ID 30, family Unknown (5), length 348: 0x0000: ffff ffff ffff e628 5968 daab 0800 4500 .......(Yh....E. 0x0010: 0148 e505 0000 4011 94a0 0000 0000 ffff .H.... at ......... 0x0020: ffff 0044 0043 0134 86f5 0101 0600 f97b ...D.C.4.......{ 0x0030: 4c02 0000 0000 0000 0000 0000 0000 0000 L............... 0x0040: 0000 0000 0000 e628 5968 daab 0000 0000 .......(Yh...... 0x0050: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00c0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00d0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0100: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0110: 0000 0000 0000 6382 5363 3501 0137 0e01 ......c.Sc5..7.. 0x0120: 7903 060c 0f1a 1c21 3336 3a3b 7739 0205 y......!36:;w9.. 0x0130: c03d 17ff ff00 0064 0004 c75b 2dfc 6e1b .=.....d...[-.n. 0x0140: 42ba 8108 c849 f941 dfcb 5000 9101 01ff B....I.A..P..... 0x0150: 0000 0000 0000 0000 ........ nft monitor : trace id 195bb0a6 netdev filter egress packet: oif "enp6s19.100" @nh,0,320 0xe5050000401194a000000000ffffffff00440043013486f501010600f97b4c020000000000000000 trace id 195bb0a6 netdev filter egress rule meta nftrace set 1 (verdict continue) trace id 195bb0a6 netdev filter egress rule log group 30 (verdict continue) trace id 195bb0a6 netdev filter egress verdict continue trace id 195bb0a6 netdev filter egress policy accept With E1000, captured packet : tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on nflog:31, link-type NFLOG (Linux netfilter log messages), snapshot length 262144 bytes 10:06:28.977551 version 0, resource ID 31, family Unknown (5), length 348: 0x0000: ffff ffff ffff 4e08 9cea 5529 0800 4500 ......N...U)..E. 0x0010: 0148 2898 0000 4011 510e 0000 0000 ffff .H(... at .Q....... 0x0020: ffff 0044 0043 0134 0b0d 0101 0600 ff02 ...D.C.4........ 0x0030: 9c84 0000 0000 0000 0000 0000 0000 0000 ................ 0x0040: 0000 0000 0000 4e08 9cea 5529 0000 0000 ......N...U).... 0x0050: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00c0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00d0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0100: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0110: 0000 0000 0000 6382 5363 3501 0137 0e01 ......c.Sc5..7.. 0x0120: 7903 060c 0f1a 1c21 3336 3a3b 7739 0205 y......!36:;w9.. 0x0130: c03d 17ff ff00 0064 0004 c75b 2dfc 6e1b .=.....d...[-.n. 0x0140: 42ba 8108 c849 f941 dfcb 5000 9101 01ff B....I.A..P..... 0x0150: 0000 0000 0000 0000 ........ nft monitor : trace id 2e00e339 netdev filter egress2 packet: oif "enp6s20.100" @nh,0,48 0x450001482898 @th,0,160 0x4011510e00000000ffffffff004400430134 trace id 2e00e339 netdev filter egress2 rule meta nftrace set 1 (verdict continue) trace id 2e00e339 netdev filter egress2 rule log group 31 (verdict continue) trace id 2e00e339 netdev filter egress2 rule udp sport 68 udp dport 67 counter packets 0 bytes 0 (verdict continue) trace id 2e00e339 netdev filter egress2 verdict continue trace id 2e00e339 netdev filter egress2 policy accept If think the problem is related to incorrect @nh base, with virtio : oif "enp6s19.100" @nh,0,320 0xe5050000401194a000000000ffffffff00440043013486f501010600f97b4c020000000000000000, with E1000 @nh,0,48 0x450001482898 @th,0,160 0x4011510e00000000ffffffff004400430134 PS : I tried with dhcpcd and dhclient, I have the same issue. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230414/7477bdb7/attachment.html>
bugzilla-daemon at netfilter.org
2023-Apr-14 09:16 UTC
[Bug 1672] bug egress hook virtio interface with VLAN
https://bugzilla.netfilter.org/show_bug.cgi?id=1672 r.gabet at biche.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |INVALID -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230414/8f0d2ca4/attachment.html>
bugzilla-daemon at netfilter.org
2023-Oct-06 15:49 UTC
[Bug 1672] bug egress hook virtio interface with VLAN
https://bugzilla.netfilter.org/show_bug.cgi?id=1672 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID |--- -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20231006/5581a809/attachment.html>
bugzilla-daemon at netfilter.org
2023-Oct-06 15:49 UTC
[Bug 1672] bug egress hook virtio interface with VLAN
https://bugzilla.netfilter.org/show_bug.cgi?id=1672 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |DUPLICATE --- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> --- *** This bug has been marked as a duplicate of bug 1673 *** -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20231006/c64a1b24/attachment.html>
Apparently Analagous Threads
- [Bug 1673] New: bug egress hook virtio interface with VLAN
- [ANNOUNCE] nftables 0.6 release
- [Bug 1261] New: nft trace crash with msg "BUG: invalid verdict value 2"
- [Bug 1399] New: tables/chains priority doesn't work
- [Bug 1169] New: Bug in altering IP TTL field of a packet?