Kernel Panic when using ebtables redirect in brouter mode
Bug #269358 reported by
laurent
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Linux |
Fix Released
|
Medium
|
|||
linux (Ubuntu) |
Fix Released
|
Medium
|
Seth Forshee |
Bug Description
Binary package hint: ebtables
I'm using Ubuntu 8.04 kernel 2.6.24-19-server or 2.6.24-19-generic (I havn't try another kernels).
I have two network cards in bridge mode (br0)
When i create an ebtables rule like this :
ebtables -t nat -A PREROUNTING --logical-in br0 --ip-dst 10.255.255.0/24 -j redirect
The rule is applied. But when a packet match the rule, i have a beautiful kernel panic.
I'm trying to build a 2.6.24-5 from kernel.org
description: | updated |
Changed in linux: | |
status: | Unknown → Fix Released |
Changed in linux: | |
importance: | Unknown → Medium |
affects: | ebtables (Ubuntu) → linux (Ubuntu) |
To post a comment you must log in.
Same problem here. I have reproduced the bug in 3 different PCs (all running 8.04.1 server, one i686, two AMD64). Here is the summary of one of them:
arch: x86_64
kernel: 2.6.24-19-server
OS: Ubuntu Server 8.04.1 (AMD64)
software RAID1, reiserfs at the root, xfs at an archive partition
after a clean install:
apt-get update
apt-get upgrade
apt-get install acpid smartmontools bridge-utils ebtables screen
/etc/network/ interfaces:
dns-nameserver s 208.67.222.222 208.67.220.220
bridge_ ports eth0 eth1
bridge_ maxwait 0 n-port 80 -j redirect --redirect-target ACCEPT
-----
#
auto lo
iface lo inet loopback
#
auto eth2
iface eth2 inet static
address 192.168.1.200
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
# dns-* options are implemented by the resolvconf package, if installed
dns-search local.lan
#
auto br0
iface br0 inet manual
bridge_stp on
#
-----
reboot
-----
ebtables -t broute -F
ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destinatio
as soon as the traffic starts, the kernel crashes, with or without complementing the ebtables rules with iptables:
iptables -t nat -F 3d8>] :ebtables: ebt_do_ table+0x4e8/ 0x5e0 ffffffff883c33d 8>] [<ffffffff883c3 3d8>] :ebtables: ebt_do_ table+0x4e8/ 0x5e0 687d80 EFLAGS: 00010246 0(0000) GS:ffffffff805c 4000(0000) knlGS:000000000 0000000
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 8888
-----
[ 1752.817491] Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP:
[ 1752.833900] [<ffffffff883c3
[ 1752.860264] PGD 1d1e4067 PUD 1d1e5067 PMD 0
[ 1752.873185] Oops: 0002 [1] SMP
[ 1752.882684] CPU 0
[ 1752.888754] Modules linked in: ebt_redirect ebt_ip video output battery container sbs sbshc dock ac iptable_filter ip_tables x_tables xfs ebtable_broute bridge ebtable_nat ebtable_filter ebtables sbp2 lp loop evdev parport_pc parport psmouse serio_raw pcspkr ipv6 k8temp snd_hda_intel button snd_pcm snd_timer snd_page_alloc snd_hwdep snd soundcore i2c_nforce2 i2c_core reiserfs sg sr_mod cdrom sd_mod ata_generic pata_amd ohci1394 forcedeth sata_nv pata_acpi ieee1394 sundance mii ehci_hcd ohci_hcd libata scsi_mod usbcore raid10 raid456 async_xor async_memcpy async_tx xor raid1 raid0 multipath linear md_mod thermal processor fan fbcon tileblit font bitblit softcursor fuse
[ 1753.069697] Pid: 0, comm: swapper Not tainted 2.6.24-19-server #1
[ 1753.087919] RIP: 0010:[<
[ 1753.115013] RSP: 0018:ffffffff80
[ 1753.130896] RAX: 0000000000000001 RBX: ffffc200003250a0 RCX: 0000000000000000
[ 1753.152233] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff81001d07ae00
[ 1753.173563] RBP: ffffc20000325030 R08: ffffc20000325110 R09: 0000000000000008
[ 1753.194907] R10: 00000000000000b8 R11: ffffffff802204e0 R12: ffffc20000325000
[ 1753.216240] R13: ffff81001e52d000 R14: 0000000000000000 R15: 0000000000000001
[ 1753.237574] FS: 00007f7641f3f70
[ 1753.261769] CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
[ 1753.278966] CR2: 0000000000000000 CR3: 000000001d898000 CR4: 00000000000006e0
[ 1753.300299] DR0: 0000000000000000 DR1: 0000000000000000 DR2...