Re: iptables bug

From: Stephen Jones
Date: Tue Jun 21 2005 - 14:23:22 EST

Next message: Christoph Lameter: "Re: -mm -> 2.6.13 merge status"
Previous message: William Weston: "Re: [patch] Real-Time Preemption, -RT-2.6.12-rc6-V0.7.48-00"
In reply to: Patrick McHardy: "Re: iptables bug"
Next in thread: Patrick McHardy: "Re: iptables bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Patrick McHardy wrote:

Andrew Morton wrote:

"J.A. Magallon" <jamagallon@xxxxxxx> wrote:

Are there any known problems with iptables ?

No known problems.

I see strange things.
When I use bittorrent (azureus or bittorrent-gui), at the same time as
iptables (for nat and internet access for my ibook), when I stop a download
or exit from one of this apps my external network goes down. I have tried the same without iptables loaded and it works fine.

I have observed this behavior on multiple machines, but I don't think it is specifically an iptables "bug" or kernel "bug". Most of my experience is with 2.4.x kernels, so I can't remark about the 2.6.x series.

The original poster didn't give enough info for me to correlate anything with conviction, but, consulting the tea leaves :D I would venture to guess that the machine that has the network "go down" has less than 128 MB of RAM and is probably running lower end NICs (i.e. 8139too).

There appears to be two or three issues interacting with one another in these scenarios:

a.) The various Bit Torrent clients and their ilk can generate a staggering number of conncurrent connections. This can quickly fill the conntracks on machines with little RAM and cause problems.

b.) The lower end nics (either the hardware itself, or the drivers, I don't know enough about how to isolate the two) do not appear to be able to handle the massive number of interrupts that are generated in this scenario.

c.) The problem is more likely to manifest on "fat pipe" connections (6 MB +)

I would also wager the problem goes away if the torrent clients are shut down.

I would look there, if I hade the skills requried to tease out anything useful :D

Various linux based firewall forums have posts describing the same behavior as the OP of this thread.

Here is one relatively recent example:

http://community.smoothwall.org/forum/viewtopic.php?p=43812#43812

I hope that helps in some way!

What exactly do you mean with "network goes down"? Can you find out
where the packets disappear? Do they silently disappear, or do you get
an error code from sendmsg? What about received packets?

Regards
Patrick

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christoph Lameter: "Re: -mm -> 2.6.13 merge status"
Previous message: William Weston: "Re: [patch] Real-Time Preemption, -RT-2.6.12-rc6-V0.7.48-00"
In reply to: Patrick McHardy: "Re: iptables bug"
Next in thread: Patrick McHardy: "Re: iptables bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]