Hello,
Some time ago I've read somewhere that local traffic in IMQ
could hung up the whole system but it was corrected long time
ago. So I was very surprised yesterday when it occurred not true.
While testing IMQ I've observed for some time that - if you tag
some local traffic with iptables both in pre- and postrouting -
kernel is hunging up. It is happening quite quick with SMP
compiled kernel but without SMP is also possible. After setting
soft lockups debbuging they are visible.
And then I've found this strange thing: packets outgoing from lo
to any local address are hooked to IMQ queue from PREROUTING (on
ingress). I know they are going there from OUTPUT for routing
decision and should be delivered to hooks in PREROUTING like IMQ,
but they also should not have IMQ flag set at the moment (they
will be tagged by iptables in the POSTROUTING future!). But for
some reasons (probably some shortcut) they do have this flag and
IMQ egress queue is not on their way.
So I added this short test in imq_nf_hook and my soft lockups
are gone.
Jarek P.
PS: The included patch could be applied after linux-2.6.16-imq2
patch or eg. my yesterday version linux-2.6.17.4-imq0.
diff -Nru linux-2.6.17.4-imq/drivers/net/imq.c
linux-2.6.17.4-imq2/drivers/net/imq.c
--- linux-2.6.17.4-imq/drivers/net/imq.c2006-07-11 22:00:00.0
+0200
+++ linux-2.6.17.4-imq2/drivers/net/imq.c 2006-07-12 22:15:51.0
+0200
@@ -234,7 +234,8 @@
const struct net_device *outdev,
int (*okfn)(struct sk_buff *))
{
- if ((*pskb)-imq_flags IMQ_F_ENQUEUE)
+ if ((*pskb)-imq_flags IMQ_F_ENQUEUE !(hook == NF_IP_PRE_ROUTING
+indev == loopback_dev))
return NF_QUEUE;
return NF_ACCEPT;
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
