policy routing bugs?

Tudor Popescu (top@kappa.ro)
Thu, 2 Sep 1999 16:05:17 +0300 (EEST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: portmap fails after NR_OPEN increased (Cont)"
Previous message: Frank Heldt: "Re: [linux-usb] modutils/depmod doesn't support /lib/modules/*/usb"

Hi,

It seems to me that the lookup in the rule database is not done corectly
as of 2.2.12.
For example, I have a newly booted system with no firewall records, no
messing with the ip rule table, etc. I do:

[root@Invasion /root]# ipchains -A input -s 193.231.203.17 -d
193.231.236.130 -m 10
[root@Invasion /root]# ip rule add from 0/0 fwmark 10 table 10 pref 10

Output of 'ip rule list':
0: from all lookup local
10: from all fwmark 10 lookup 10
32766: from all lookup main
32767: from all lookup 253

After this, sending 1 ping packet from host 193.231.203.17 to
193.231.236.130 does NOT follow rule 10.
I've added some printk's in kernel space, and this is what I get from
syslog:

Sep 2 15:45:02 Invasion kernel: Received packet with fwmark 10, saddr
193.231.203.17 daddr 193.231.236.130.

--this message is printk'ed in ip_rcv(), just before the line:
if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, dev))

Sep 2 15:45:02 Invasion kernel: Ip route input slow: from 193.231.203.17
to 193.231.236.130 fwmarked with 10.

--this message is printk'ed in ip_route_input_slow(), just before the
line:
key.iif = dev->ifindex;

Sep 2 15:45:02 Invasion kernel: Fib lookup: we found a rule for a packet
with fwmark 10, that goes into table 255. Next is tblookup..
Sep 2 15:45:02 Invasion kernel: Fib lookup: we found a rule for a packet
with fwmark 10, that goes into table 254. Next is tblookup..

--this 2 messages are printk'ed in fib_lookup(), just before the line:
FRprintk("tb %d r %d ", r->r_table, r->r_action);

So as far as I can see and with what I understood from the kernel source
the lookup is not done correctly.. it should lookup rule 10 before these
rules. If I haven't understood right, please corect me. :)

uname -a gives:
Linux Invasion.Kappa.RO 2.2.12 #13 Thu Sep 2 15:14:52 EEST 1999 i686
unknown

cat /proc/cpuinfo:
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 5
model name : Pentium II (Deschutes)
stepping : 2
cpu MHz : 400.917037
cache size : 512 KB
fdiv_bug : no
hlt_bug : no
sep_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov
pat pse36 mmx osfxsr
bogomips : 399.77

Thanks for reading this (if you do read it ofc :)

-- Tudor Popescu top@kappa.ro

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: portmap fails after NR_OPEN increased (Cont)"
Previous message: Frank Heldt: "Re: [linux-usb] modutils/depmod doesn't support /lib/modules/*/usb"