[Bug 559740] New: iptables packet counts incorrect under rt kernel
http://bugzilla.novell.com/show_bug.cgi?id=559740 http://bugzilla.novell.com/show_bug.cgi?id=559740#c0 Summary: iptables packet counts incorrect under rt kernel Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: i586 OS/Version: openSUSE 11.2 Status: NEW Severity: Major Priority: P5 - None Component: Kernel AssignedTo: kernel-maintainers@forge.provo.novell.com ReportedBy: support@microtechniques.com QAContact: qa@suse.de Found By: --- Blocker: --- Created an attachment (id=330382) --> (http://bugzilla.novell.com/attachment.cgi?id=330382) iptables -L listing User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729) I have attached an iptables listing showing 10862780T packets several seconds after a reboot using the rt kernel. An ifconfig shows only several packets have been received. I have also attached the same listing taken on the default kernel. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=559740 http://bugzilla.novell.com/show_bug.cgi?id=559740#c1 --- Comment #1 from Don Hughes <support@microtechniques.com> 2009-12-02 00:12:39 UTC --- Created an attachment (id=330383) --> (http://bugzilla.novell.com/attachment.cgi?id=330383) iptables -L on default kernel -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=559740 http://bugzilla.novell.com/show_bug.cgi?id=559740#c Greg Kroah-Hartman <gregkh@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|kernel-maintainers@forge.pr |sdietrich@novell.com |ovo.novell.com | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=559740 http://bugzilla.novell.com/show_bug.cgi?id=559740#c Sven-Thorsten Dietrich <sdietrich@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #330382|application/octet-stream |text/plain mime type| | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=559740 http://bugzilla.novell.com/show_bug.cgi?id=559740#c2 Sven-Thorsten Dietrich <sdietrich@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #2 from Sven-Thorsten Dietrich <sdietrich@novell.com> 2009-12-02 00:35:14 UTC --- Hi. Could you also provide the output of uname -a for the RT Kernel you are using. Thanks. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=559740 http://bugzilla.novell.com/show_bug.cgi?id=559740#c Sven-Thorsten Dietrich <sdietrich@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #330383|application/octet-stream |text/plain mime type| | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=559740 http://bugzilla.novell.com/show_bug.cgi?id=559740#c3 --- Comment #3 from Don Hughes <support@microtechniques.com> 2009-12-02 13:09:38 UTC --- Not running that kernel anymore since it messed up our traffic analysis routines, but here is the top of the boot log from the test session: klogd 1.4.1, log source = ksyslog started. <6>[ 0.000000] Initializing cgroup subsys cpuset <6>[ 0.000000] Initializing cgroup subsys cpu <5>[ 0.000000] Linux version 2.6.31-rc8-rt9-4-rt (geeko@buildhost) (gcc version 4.4.1 [gcc-4_4-branch revision 150839] (SUSE Linux) ) #1 SMP PREEMPT RT 2009-09-03 21:06:06 +0200 <6>[ 0.000000] KERNEL supported cpus: <6>[ 0.000000] Intel GenuineIntel <6>[ 0.000000] AMD AuthenticAMD -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=559740 http://bugzilla.novell.com/show_bug.cgi?id=559740#c4 --- Comment #4 from Sven-Thorsten Dietrich <sdietrich@novell.com> 2009-12-02 14:32:07 UTC --- (In reply to comment #3)
Not running that kernel anymore since it messed up our traffic analysis routines, but here is the top of the boot log from the test session:
klogd 1.4.1, log source = ksyslog started. <6>[ 0.000000] Initializing cgroup subsys cpuset <6>[ 0.000000] Initializing cgroup subsys cpu <5>[ 0.000000] Linux version 2.6.31-rc8-rt9-4-rt (geeko@buildhost) (gcc version 4.4.1 [gcc-4_4-branch revision 150839] (SUSE Linux) ) #1 SMP PREEMPT RT 2009-09-03 21:06:06 +0200
This is quite old. A more recent version is here if you'd like to try it. http://download.opensuse.org/repositories/home://sdietrich://Kernel-RT/openS... -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=559740 http://bugzilla.novell.com/show_bug.cgi?id=559740#c5 --- Comment #5 from Don Hughes <support@microtechniques.com> 2009-12-02 17:21:16 UTC --- OK. The results change slightly. Now a few (3) of the counters are correct, but the rest are still incorrect: *** iptables listing *** --- raw --- Chain PREROUTING (policy ACCEPT 2335 packets, 381K bytes) pkts bytes target prot opt in out source destination 7 430 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 recent: UPDATE seconds: 172800 name: attack side: source most are like this example: --- nat --- Chain PREROUTING (policy ACCEPT 14075070T packets, 14907746T bytes) pkts bytes target prot opt in out source destination 11190039T 10545297T mark-address all -- * * 0.0.0.0/0 0.0.0.0/0 **** system uptime *** 279.04 183.75 **** uname *** Linux Testsys 2.6.31.6-rt19-14-rt #1 SMP PREEMPT RT 2009-11-28 05:42:54 -0800 i686 athlon i386 GNU/Linux -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=559740 http://bugzilla.novell.com/show_bug.cgi?id=559740#c6 --- Comment #6 from Don Hughes <support@microtechniques.com> 2009-12-02 18:05:49 UTC --- While researching another issue, I came across the following in ip_tables.c which may be related: /* We keep a set of rules for each CPU, so we can avoid write-locking them in the softirq when updating the counters and therefore only need to read-lock in the softirq; doing a write_lock_bh() in user context stops packets coming through and allows user context to read the counters or update the rules. Hence the start of any table is given by get_table() below. */ -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=559740 http://bugzilla.novell.com/show_bug.cgi?id=559740#c7 --- Comment #7 from Don Hughes <support@microtechniques.com> 2010-01-08 16:20:08 UTC --- Ping? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=559740 http://bugzilla.novell.com/show_bug.cgi?id=559740#c8 Jan Engelhardt <jengelh@medozas.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jengelh@medozas.de --- Comment #8 from Jan Engelhardt <jengelh@medozas.de> 2010-01-19 18:37:48 UTC --- Please do not use ifconfig, it's obsolete: ip -s link. Counter extraction usually adds up all counters so that iptables -nvL is always consistent. I do not observe this counter problem with 2.6.31.11-jen93-rt on UP. Could you try that kernel? Are you running on SMP? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=559740 http://bugzilla.novell.com/show_bug.cgi?id=559740#c9 --- Comment #9 from Don Hughes <support@microtechniques.com> 2010-01-19 21:18:06 UTC --- I will retest later this week. I am not running on SMP. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=559740 http://bugzilla.novell.com/show_bug.cgi?id=559740#c Sven-Thorsten Dietrich <sdietrich@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|sdietrich@novell.com |kernel-maintainers@forge.pr | |ovo.novell.com -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=559740 http://bugzilla.novell.com/show_bug.cgi?id=559740#c10 Jeff Mahoney <jeffm@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |NORESPONSE --- Comment #10 from Jeff Mahoney <jeffm@novell.com> 2010-06-09 19:34:58 UTC --- Closing as NORESPONSE. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com