Bug 72561
Summary: | missing some icmp redirects | ||
---|---|---|---|
Product: | Networking | Reporter: | Per Jessen (per) |
Component: | IPV4 | Assignee: | Stephen Hemminger (stephen) |
Status: | NEW --- | ||
Severity: | normal | CC: | alan |
Priority: | P1 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | 3.11.6-4-default | Subsystem: | |
Regression: | No | Bisected commit-id: |
Description
Per Jessen
2014-03-20 14:45:21 UTC
This isn't a support forum., just used for bug tracking Your best bet after capturing traces is netdev@vger.kernel.org ICMP error reporting is ratelimited however, so it seems a dumb way to implement a web cache (In reply to Alan from comment #1) > This isn't a support forum., just used for bug tracking > > Your best bet after capturing traces is netdev@vger.kernel.org > > ICMP error reporting is ratelimited however, so it seems a dumb way to > implement a web cache It used to work fine until very recently. I have devised a way to reproduce the problem. I have a test setup of three machines: “client”, “firewall” and “server”. All on the same network. Client: Set up default route via “firewall”. Server: Assign 10.232.1.1-2-3-4-...-15/24 to an interface. Run a tcp echo service (port 7). Firewall: Create routing table “test99”. /etc/iproute2/rt_tables. ip route add default via <server> dev eth0 table test99 ip rule add fwmark 5 table test99 iptables -A PREROUTING -t mangle -i eth0 -p tcp --dport 7 -j MARK --set-mark 5 (this setup is what will produce the ICMP redirects). On “firewall”, run tcpdump to document (missing) redirects: tcpdump -n -i eth0 proto \\icmp On “client”, create some test input: cat <<XXX >test.input klop alpha nothing tagi line1 line2 line3 line4 XXX Create a script cat <<XXX >doit for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 do telnet 10.232.1.$i 7 <test.input & done When you run “sh doit”, all of the telnet requests to 10.232.1.x should be redirected, but the tcpdump running on "firewall" will only show some of them. |