Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !
Hi, I'm sorry for not being able to be really polite this time, but: Roy, can you please STOP telling that egress crashs IMQ!? We've discussed it lots of times before, here and at linuximq mailling list and the only known functionality that crashs IMQ (oriinal) is to touch local generated traffic... I've being using ingress+egress with IMQ in a server with a great amouunt of traffic, for a long period without any crashs. Please don't keep telling something known to be wrong or otherwise proove it so we can fix it... tks Andre Roy wrote: Roy, ''But this stability is probably not because my code is better but because I don't use egress shaping so the crash reasons still unknown.'' I need both ingress and egress traffic shaping, that's why I used the classic IMQ version. Egress shaping will crash original wersion even faster then mine, they both can do this , but then both will likely crash anyway you can do egress shaping on interface directly, and input+forward on imq device. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !
Hi, I'm sorry for not being able to be really polite this time, but: Roy, can you please STOP telling that egress crashs IMQ!? You are to late, I anot teling thi anymore, and I even wont use ingres and egress definitions anymore because they may cause missundersatndings. the better ones are input forward and output. This my post is probably too old to reply. seems I forgot to fix it on my page, I will do this now. But I cant edit or erase it from mailing list afterall ! We've discussed it lots of times before, here and at linuximq mailling list and the only known functionality that crashs IMQ (oriinal) is to touch local generated traffic... That is correct. I've being using ingress+egress with IMQ in a server with a great amouunt of traffic, for a long period without any crashs. Please don't keep telling something known to be wrong or otherwise proove it so we can fix it... As I told before I just used incorrect definitions, I will not use word egress anymore. tks Andre Roy wrote: Roy, But this stability is probably not because my code is better but because I don't use egress shaping so the crash reasons still unknown. I need both ingress and egress traffic shaping, that's why I used the classic IMQ version. Egress shaping will crash original wersion even faster then mine, they both can do this , but then both will likely crash anyway you can do egress shaping on interface directly, and input+forward on imq device. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !
Andre, thanks for doing this. I also felt like I need to say something for some time. Roy, you should also stop telling people your version would be more stable. IMQ's problems are related to specific setups, so I don't understand how you can state this without even understanding the problem. Evidence points to IMQs use of skb-destructor, which means you'll probably see problems when using IMQ with local tcp/udp traffic. Your approach of using NF_STOLEN instead of NF_QUEUE seems like a good idea, but besides beeing butt-ugly your code isn't usable for ingress traffic, so it's not a replacement for many people. Other bugs probably exist, I just had a short look. Patrick BTW: Not that I would care much, but why did you replace my copyright with credits for hook registration to Martin ? Martin's version did not even hook netfilter, it's clearly derived from my version. Andre Correa wrote: Hi, I'm sorry for not being able to be really polite this time, but: Roy, can you please STOP telling that egress crashs IMQ!? We've discussed it lots of times before, here and at linuximq mailling list and the only known functionality that crashs IMQ (oriinal) is to touch local generated traffic... I've being using ingress+egress with IMQ in a server with a great amouunt of traffic, for a long period without any crashs. Please don't keep telling something known to be wrong or otherwise proove it so we can fix it... tks Andre ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !
On Thursday 19 February 2004 17:19, The Codrinus wrote: Hi, I have successfully applied the IMQ patch for kernel-2.6.2 (final release) from http://www.linuximq.net, and now I have support for 4 IMQ devices loaded in kernel. But I don't know how to patch the iptables-1.2.9 to support the -j IMQ target. I tried the patch-o-matic for 2.4.x kernels, but it doesn't work for 2.6.x kernels. I also tried the patch-o-matic-ng for 2.6.x kernels, but when I give the batch script commands it says it's not implemented yet. I don't know how to manually apply the IMQ patches. ./runme --batch userspace/IMQ.patch Could anyone help me how to do this final step and append IMQ support to iptables? I'm not sure, but I think you don't need iptables for the latest imq. All traffic is also flowing thru the imq devices. But I'm not sure. Stef -- [EMAIL PROTECTED] Using Linux as bandwidth manager http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !
On Thursday 19 February 2004 17:19, The Codrinus wrote: Hi, I have successfully applied the IMQ patch for kernel-2.6.2 (final release) from http://www.linuximq.net, and now I have support for 4 IMQ devices loaded in kernel. But I don't know how to patch the iptables-1.2.9 to support the -j IMQ target. I tried the patch-o-matic for 2.4.x kernels, but it doesn't work for 2.6.x kernels. I also tried the patch-o-matic-ng for 2.6.x kernels, but when I give the batch script commands it says it's not implemented yet. I don't know how to manually apply the IMQ patches. ./runme --batch userspace/IMQ.patch Could anyone help me how to do this final step and append IMQ support to iptables? I'm not sure, but I think you don't need iptables for the latest imq. All traffic is also flowing thru the imq devices. But I'm not sure. Stef Well, iptables need in the extensions dir the following IMQ patch files: .IMQ-test .IMQ-test6 libipt_IMQ.c and libip6t_IMQ.c in order to support the -j IMQ --todev device option. I manually added these files because the patch-o-matic-ng doesn't know how to apply --batch option. (not implemented yet) The problem is after all, when I try to give an iptables command like: iptables -j IMQ --todev eth0 when running the patched kernel-2.6.2 i get segmentation fault and dmesg says the following coredump error: Unable to handle kernel NULL pointer dereference at virtual address 0001 printing eip: c0372908 *pde = 18ddc067 Oops: [#1] CPU:0 EIP:0060:[c0372908]Not tainted EFLAGS: 00010202 EIP is at imq_target+0x8/0x30 eax: 0001 ebx: c045f820 ecx: d8db7c04 edx: c045f820 esi: e08170f0 edi: e0817080 ebp: 0001 esp: d8db7b64 ds: 007b es: 007b ss: 0068 Process iptables (pid: 1648, threadinfo=d8db6000 task=d9e69900) Stack: c03695ee d8db7c04 e0817080 e0817110 0004 0001 e0817080 d8db7ba8 d8db6000 deff9420 deff9480 0070 0163 Call Trace: [c03695ee] translate_table+0x4be/0x760 [c0369e13] do_replace+0x193/0x6e0 [c0150087] vfree+0x27/0x40 [c036a5bd] do_ipt_set_ctl+0x6d/0x70 [c03079df] nf_sockopt+0x12f/0x140 [c0307a27] nf_setsockopt+0x37/0x40 [c032d317] ip_setsockopt+0x4a7/0xd90 [c0307964] nf_sockopt+0xb4/0x140 [c0307a67] nf_getsockopt+0x37/0x40 [c032e281] ip_getsockopt+0x681/0x7c0 [c01a2c01] journal_stop+0x201/0x360 [c0195d98] ext3_mark_iloc_dirty+0x28/0x40 [c0195ed0] ext3_mark_inode_dirty+0x50/0x60 [c019a5c4] __ext3_journal_stop+0x24/0x50 [c0195f49] ext3_dirty_inode+0x69/0xd0 [c0175d1e] __mark_inode_dirty+0xde/0xf0 [c013d0f1] buffered_rmqueue+0xd1/0x170 [c013d0f1] buffered_rmqueue+0xd1/0x170 [c013d22f] __alloc_pages+0x9f/0x330 [c013d22f] __alloc_pages+0x9f/0x330 [c013939c] find_get_page+0x2c/0x60 [c014726a] do_anonymous_page+0x17a/0x260 [c01473b5] do_no_page+0x65/0x3a0 [c014558b] pte_alloc_map+0x9b/0xc0 [c01478f4] handle_mm_fault+0xd4/0x180 [c011afec] do_page_fault+0x2fc/0x4dc [c034fce6] inet_setsockopt+0x36/0x40 [c02f69e2] sys_setsockopt+0x82/0xd0 [c02f7240] sys_socketcall+0x220/0x2a0 [c010aa35] sysenter_past_esp+0x52/0x71 Code: 0f b6 00 8b 11 83 c8 80 88 82 94 00 00 00 8b 01 81 88 84 00 I really don't know why it crashes and how can I handle this mess, Codrin. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !
You can try my imq version, which dows not require paching anything http://pupa.da.ru/imq and I think it should be more stable. - Original Message - From: The Codrinus [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 19, 2004 6:19 PM Subject: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final ! Hi, I have successfully applied the IMQ patch for kernel-2.6.2 (final release) from http://www.linuximq.net, and now I have support for 4 IMQ devices loaded in kernel. But I don't know how to patch the iptables-1.2.9 to support the -j IMQ target. I tried the patch-o-matic for 2.4.x kernels, but it doesn't work for 2.6.x kernels. I also tried the patch-o-matic-ng for 2.6.x kernels, but when I give the batch script commands it says it's not implemented yet. I don't know how to manually apply the IMQ patches. ./runme --batch userspace/IMQ.patch Could anyone help me how to do this final step and append IMQ support to iptables? -- - Hi again. I manually patched in the iptables-1.2.9/extensions directory, the files: .IMQ-test .IMQ-test6 libip6t-IMQ.c libipt-IMQ.c from the pom-20030625.diff file, and it passed. Now I have the imq devices up and running with kernel-2.6.2, but there is another problem: when I use iptables . -j IMQ I got Segmentation fault, and dmesg says: Unable to handle kernel NULL pointer dereference at virtual address 0001 printing eip: c0372908 *pde = 18ddc067 Oops: [#1] CPU:0 EIP:0060:[c0372908]Not tainted EFLAGS: 00010202 EIP is at imq_target+0x8/0x30 eax: 0001 ebx: c045f820 ecx: d8db7c04 edx: c045f820 esi: e08170f0 edi: e0817080 ebp: 0001 esp: d8db7b64 ds: 007b es: 007b ss: 0068 Process iptables (pid: 1648, threadinfo=d8db6000 task=d9e69900) Stack: c03695ee d8db7c04 e0817080 e0817110 0004 0001 e0817080 d8db7ba8 d8db6000 deff9420 deff9480 0070 0163 Call Trace: [c03695ee] translate_table+0x4be/0x760 [c0369e13] do_replace+0x193/0x6e0 [c0150087] vfree+0x27/0x40 [c036a5bd] do_ipt_set_ctl+0x6d/0x70 [c03079df] nf_sockopt+0x12f/0x140 [c0307a27] nf_setsockopt+0x37/0x40 [c032d317] ip_setsockopt+0x4a7/0xd90 [c0307964] nf_sockopt+0xb4/0x140 [c0307a67] nf_getsockopt+0x37/0x40 [c032e281] ip_getsockopt+0x681/0x7c0 [c01a2c01] journal_stop+0x201/0x360 [c0195d98] ext3_mark_iloc_dirty+0x28/0x40 [c0195ed0] ext3_mark_inode_dirty+0x50/0x60 [c019a5c4] __ext3_journal_stop+0x24/0x50 [c0195f49] ext3_dirty_inode+0x69/0xd0 [c0175d1e] __mark_inode_dirty+0xde/0xf0 [c013d0f1] buffered_rmqueue+0xd1/0x170 [c013d0f1] buffered_rmqueue+0xd1/0x170 [c013d22f] __alloc_pages+0x9f/0x330 [c013d22f] __alloc_pages+0x9f/0x330 [c013939c] find_get_page+0x2c/0x60 [c014726a] do_anonymous_page+0x17a/0x260 [c01473b5] do_no_page+0x65/0x3a0 [c014558b] pte_alloc_map+0x9b/0xc0 [c01478f4] handle_mm_fault+0xd4/0x180 [c011afec] do_page_fault+0x2fc/0x4dc [c034fce6] inet_setsockopt+0x36/0x40 [c02f69e2] sys_setsockopt+0x82/0xd0 [c02f7240] sys_socketcall+0x220/0x2a0 [c010aa35] sysenter_past_esp+0x52/0x71 Code: 0f b6 00 8b 11 83 c8 80 88 82 94 00 00 00 8b 01 81 88 84 00 Does anybody know why it crashes and how can I handle this mess ? thank you, Codrin. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !
Roy, But this stability is probably not because my code is better but because I don't use egress shaping so the crash reasons still unknown. I need both ingress and egress traffic shaping, that's why I used the classic IMQ version. You can try my imq version, which dows not require paching anything http://pupa.da.ru/imq and I think it should be more stable. Hi, I have successfully applied the IMQ patch for kernel-2.6.2 (final release) from http://www.linuximq.net, and now I have support for 4 IMQ devices loaded in kernel. But I don't know how to patch the iptables-1.2.9 to support the -j IMQ target. I tried the patch-o-matic for 2.4.x kernels, but it doesn't work for 2.6.x kernels. I also tried the patch-o-matic-ng for 2.6.x kernels, but when I give the batch script commands it says it's not implemented yet. I don't know how to manually apply the IMQ patches. ./runme --batch userspace/IMQ.patch Could anyone help me how to do this final step and append IMQ support to iptables? -- - Hi again. I manually patched in the iptables-1.2.9/extensions directory, the files: .IMQ-test .IMQ-test6 libip6t-IMQ.c libipt-IMQ.c from the pom-20030625.diff file, and it passed. Now I have the imq devices up and running with kernel-2.6.2, but there is another problem: when I use iptables . -j IMQ I got Segmentation fault, and dmesg says: Unable to handle kernel NULL pointer dereference at virtual address 0001 printing eip: c0372908 *pde = 18ddc067 Oops: [#1] CPU:0 EIP:0060:[c0372908]Not tainted EFLAGS: 00010202 EIP is at imq_target+0x8/0x30 eax: 0001 ebx: c045f820 ecx: d8db7c04 edx: c045f820 esi: e08170f0 edi: e0817080 ebp: 0001 esp: d8db7b64 ds: 007b es: 007b ss: 0068 Process iptables (pid: 1648, threadinfo=d8db6000 task=d9e69900) Stack: c03695ee d8db7c04 e0817080 e0817110 0004 0001 e0817080 d8db7ba8 d8db6000 deff9420 deff9480 0070 0163 Call Trace: [c03695ee] translate_table+0x4be/0x760 [c0369e13] do_replace+0x193/0x6e0 [c0150087] vfree+0x27/0x40 [c036a5bd] do_ipt_set_ctl+0x6d/0x70 [c03079df] nf_sockopt+0x12f/0x140 [c0307a27] nf_setsockopt+0x37/0x40 [c032d317] ip_setsockopt+0x4a7/0xd90 [c0307964] nf_sockopt+0xb4/0x140 [c0307a67] nf_getsockopt+0x37/0x40 [c032e281] ip_getsockopt+0x681/0x7c0 [c01a2c01] journal_stop+0x201/0x360 [c0195d98] ext3_mark_iloc_dirty+0x28/0x40 [c0195ed0] ext3_mark_inode_dirty+0x50/0x60 [c019a5c4] __ext3_journal_stop+0x24/0x50 [c0195f49] ext3_dirty_inode+0x69/0xd0 [c0175d1e] __mark_inode_dirty+0xde/0xf0 [c013d0f1] buffered_rmqueue+0xd1/0x170 [c013d0f1] buffered_rmqueue+0xd1/0x170 [c013d22f] __alloc_pages+0x9f/0x330 [c013d22f] __alloc_pages+0x9f/0x330 [c013939c] find_get_page+0x2c/0x60 [c014726a] do_anonymous_page+0x17a/0x260 [c01473b5] do_no_page+0x65/0x3a0 [c014558b] pte_alloc_map+0x9b/0xc0 [c01478f4] handle_mm_fault+0xd4/0x180 [c011afec] do_page_fault+0x2fc/0x4dc [c034fce6] inet_setsockopt+0x36/0x40 [c02f69e2] sys_setsockopt+0x82/0xd0 [c02f7240] sys_socketcall+0x220/0x2a0 [c010aa35] sysenter_past_esp+0x52/0x71 Code: 0f b6 00 8b 11 83 c8 80 88 82 94 00 00 00 8b 01 81 88 84 00 Does anybody know why it crashes and how can I handle this mess ? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !
Roy, ''But this stability is probably not because my code is better but because I don't use egress shaping so the crash reasons still unknown.'' I need both ingress and egress traffic shaping, that's why I used the classic IMQ version. Egress shaping will crash original wersion even faster then mine, they both can do this , but then both will likely crash anyway you can do egress shaping on interface directly, and input+forward on imq device. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/