search for: nf_ip_local_out

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=442 Summary: skb->data_len corrupted in NF_IP_LOCAL_OUT in mangle table Product: netfilter/iptables Version: linux-2.6.x Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: major Priority: P2 Component: ip_tables (kernel) AssignedTo...

...5 and below and starts to happen > in 2.6.14 all the way to 2.6.15.2 If you have a REDIRECT rule for squid like this: > > iptables -t nat -A PREROUTING -p tcp --dport 80 -s 172.16.1.5/32 -j REDIRECT > --to 3128 > > The skb->data_len and skb->len get messed up in mangle->NF_IP_LOCAL_OUT. The skb > is fine in NF_IP_LOCAL_IN. Values in the pre 2.6.14 kernels have 1500 or less > for the values as it should be. In 2.6.14+ it will be random high numbers like > 23344. I'm looking into the patch for 2.6.14, but thought I would enlist your > help. To track this down I made...

...; > One idea goes like this, we create little descriptors of the form: > > struct nf_hook_desc { > int (*okfn)(struct sk_buff *); > int pf; > int hook; > }; > > Then NF_HOOK*() callsites do something like this: > > static const struct nf_hook_desc nf_ip_local_out = { > .okfn = dst_output, > .pf = PF_INET, > .hook = NF_IP_LOCAL_OUT, > }; > > ... > > /* Send it out. */ > return NF_HOOK(&nf_ip_local_out, skb, NULL, rt->u.dst.dev); > > This gets us down to 4 arguments from 6. I think we can kill >...

...unsigned length, struct ipcm_cookie *ipc, struct rtable *rt, - int flags) + int flags, + struct nf_ct_info *nfct) { unsigned int fraglen, maxfraglen, fragheaderlen; int err; @@ -599,6 +616,7 @@ =20 nfrags++; =20 + nfct_attach(skb, nfct); err =3D NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL,=20 skb->dst->dev, output_maybe_reroute); if (err) { @@ -633,7 +651,8 @@ unsigned length, struct ipcm_cookie *ipc, struct rtable *rt, - int flags) + int flags, + struct nf_ct_info *nfct) { int err; struct sk_buff *skb; @@ -652,7 +671,7 @@...

On Fri, 07 Jan 2005 17:05:59 +0000 David Woodhouse <dwmw2@infradead.org> wrote: > On Sat, 2004-12-18 at 08:50 +0100, Andi Kleen wrote: > > It's not really an oops, just a warning that stack space got quiet > > tight. > > > > The problem seems to be that the br netfilter code is nesting far too > > deeply and recursing several times. Looks like a design

...F_IP_FORWARD, skb, realindev, - bridge_parent(skb->dev), okfn, + realoutdev, okfn, NF_IP_PRI_BRIDGE_SABOTAGE_FORWARD + 1); } else { #ifdef CONFIG_NETFILTER_DEBUG @@ -466,7 +534,7 @@ static unsigned int br_nf_local_out(unsi #endif NF_HOOK_THRESH(PF_INET, NF_IP_LOCAL_OUT, skb, realindev, - bridge_parent(skb->dev), okfn, + realoutdev, okfn, NF_IP_PRI_BRIDGE_SABOTAGE_LOCAL_OUT + 1); } } @@ -482,6 +550,8 @@ static unsigned int br_nf_post_routing(u { struct sk_buff *skb = *pskb; struct nf_bridge_info *nf_bridge = (*pskb)-&gt...