Ubuntu

SMTP and posting to a web-form time out (probably due to netfilter changes)

Reported by Mirco Müller on 2011-06-07
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Natty
Undecided
Herton R. Krzesinski

Bug Description

Binary package hint: linux-image-2.6.38-10-generic

When booting into kernel 2.6.38-10-generic under Natty, trying to send email via SMTP times out. Also posting to a web-form times out. After some brief investigation on IRC with Andrew "agy" Glen-Young Tim "rtg" Gardner it appears to be related to some changes to netfilter. If I boot into 2.6.38-8-generic everything works just fine.

Here is also some dmesg-output (when booted into 2.6.38-10-generic):

[ 172.602447] Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:ab:7d:0b:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=64824 PROTO=UDP SPT=68 DPT=67 LEN=308
[ 177.211509] Inbound IN=eth0 OUT= MAC=00:1c:c0:35:4b:a2:00:1b:63:ab:7d:0b:08:00 SRC=208.68.163.220 DST=192.168.2.21 LEN=162 TOS=0x00 PREC=0x00 TTL=53 ID=28336 DF PROTO=TCP SPT=5222 DPT=33110 WINDOW=2784 RES=0x00 ACK PSH URGP=0
[ 177.574363] Inbound IN=eth0 OUT= MAC=00:1c:c0:35:4b:a2:00:1b:63:ab:7d:0b:08:00 SRC=208.68.163.220 DST=192.168.2.21 LEN=162 TOS=0x00 PREC=0x00 TTL=53 ID=28338 DF PROTO=TCP SPT=5222 DPT=33110 WINDOW=2784 RES=0x00 ACK PSH URGP=0
[ 178.301801] Inbound IN=eth0 OUT= MAC=00:1c:c0:35:4b:a2:00:1b:63:ab:7d:0b:08:00 SRC=208.68.163.220 DST=192.168.2.21 LEN=162 TOS=0x00 PREC=0x00 TTL=53 ID=28339 DF PROTO=TCP SPT=5222 DPT=33110 WINDOW=2784 RES=0x00 ACK PSH URGP=0
[ 179.757158] Inbound IN=eth0 OUT= MAC=00:1c:c0:35:4b:a2:00:1b:63:ab:7d:0b:08:00 SRC=208.68.163.220 DST=192.168.2.21 LEN=162 TOS=0x00 PREC=0x00 TTL=53 ID=28340 DF PROTO=TCP SPT=5222 DPT=33110 WINDOW=2784 RES=0x00 ACK PSH URGP=0
[ 181.285600] Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:ab:7d:0b:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=64825 PROTO=UDP SPT=68 DPT=67 LEN=308
[ 182.667442] Inbound IN=eth0 OUT= MAC=00:1c:c0:35:4b:a2:00:1b:63:ab:7d:0b:08:00 SRC=208.68.163.220 DST=192.168.2.21 LEN=162 TOS=0x00 PREC=0x00 TTL=53 ID=28341 DF PROTO=TCP SPT=5222 DPT=33110 WINDOW=2784 RES=0x00 ACK PSH URGP=0
[ 188.488614] Inbound IN=eth0 OUT= MAC=00:1c:c0:35:4b:a2:00:1b:63:ab:7d:0b:08:00 SRC=208.68.163.220 DST=192.168.2.21 LEN=162 TOS=0x00 PREC=0x00 TTL=53 ID=28342 DF PROTO=TCP SPT=5222 DPT=33110 WINDOW=2784 RES=0x00 ACK PSH URGP=0
[ 190.033098] Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:ab:7d:0b:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=64826 PROTO=UDP SPT=68 DPT=67 LEN=308
[ 198.357539] Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:ab:7d:0b:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=64827 PROTO=UDP SPT=68 DPT=67 LEN=308
[ 200.130528] Inbound IN=eth0 OUT= MAC=00:1c:c0:35:4b:a2:00:1b:63:ab:7d:0b:08:00 SRC=208.68.163.220 DST=192.168.2.21 LEN=162 TOS=0x00 PREC=0x00 TTL=53 ID=28343 DF PROTO=TCP SPT=5222 DPT=33110 WINDOW=2784 RES=0x00 ACK PSH URGP=0
[ 206.989026] Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:ab:7d:0b:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=64828 PROTO=UDP SPT=68 DPT=67 LEN=308
[ 215.649736] Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:ab:7d:0b:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=64829 PROTO=UDP SPT=68 DPT=67 LEN=308
[ 223.416279] Inbound IN=eth0 OUT= MAC=00:1c:c0:35:4b:a2:00:1b:63:ab:7d:0b:08:00 SRC=208.68.163.220 DST=192.168.2.21 LEN=162 TOS=0x00 PREC=0x00 TTL=53 ID=28344 DF PROTO=TCP SPT=5222 DPT=33110 WINDOW=2784 RES=0x00 ACK PSH URGP=0
[ 224.120960] Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:ab:7d:0b:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=64830 PROTO=UDP SPT=68 DPT=67 LEN=308
[ 269.982246] Inbound IN=eth0 OUT= MAC=00:1c:c0:35:4b:a2:00:1b:63:ab:7d:0b:08:00 SRC=208.68.163.220 DST=192.168.2.21 LEN=162 TOS=0x00 PREC=0x00 TTL=53 ID=28345 DF PROTO=TCP SPT=5222 DPT=33110 WINDOW=2784 RES=0x00 ACK PSH URGP=0
[ 292.367541] Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:ab:7d:0b:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=64831 PROTO=UDP SPT=68 DPT=67 LEN=308
[ 293.601912] Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:ab:7d:0b:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=64832 PROTO=UDP SPT=68 DPT=67 LEN=308
[ 296.232433] Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:ab:7d:0b:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=64833 PROTO=UDP SPT=68 DPT=67 LEN=308
[ 300.687149] Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:ab:7d:0b:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=64834 PROTO=UDP SPT=68 DPT=67 LEN=308
[ 308.973577] Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:ab:7d:0b:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=64835 PROTO=UDP SPT=68 DPT=67 LEN=308
[ 317.397514] Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:ab:7d:0b:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=64836 PROTO=UDP SPT=68 DPT=67 LEN=308
[ 326.342445] Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:ab:7d:0b:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=64837 PROTO=UDP SPT=68 DPT=67 LEN=308
[ 334.825334] Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:ab:7d:0b:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=64838 PROTO=UDP SPT=68 DPT=67 LEN=308
[ 343.403984] Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:ab:7d:0b:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=64839 PROTO=UDP SPT=68 DPT=67 LEN=308
[ 351.887403] Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:63:ab:7d:0b:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=64840 PROTO=UDP SPT=68 DPT=67 LEN=308

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: linux-image-2.6.38-8-generic 2.6.38-8.42
ProcVersionSignature: Ubuntu 2.6.38-8.42-generic 2.6.38.2
Uname: Linux 2.6.38-8-generic x86_64
NonfreeKernelModules: nvidia
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.23.
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: mirco 2217 F.... pulseaudio
 /dev/snd/controlC1: mirco 2217 F.... pulseaudio
 /dev/snd/pcmC1D0p: mirco 2217 F...m pulseaudio
Card0.Amixer.info:
 Card hw:0 'Intel'/'HDA Intel at 0x93220000 irq 48'
   Mixer name : 'SigmaTel STAC9271D'
   Components : 'HDA:83847627,80863001,00100201'
   Controls : 36
   Simple ctrls : 24
Card1.Amixer.info:
 Card hw:1 'Live'/'SB Live! 5.1 (rev.7, serial:0x80641102) at 0x1000, irq 22'
   Mixer name : 'SigmaTel STAC9708,11'
   Components : 'AC97a:83847608'
   Controls : 223
   Simple ctrls : 44
Date: Tue Jun 7 17:12:03 2011
HibernationDevice: RESUME=UUID=393b68ad-1ecd-45d9-880d-e0c51fd3db4f
ProcEnviron:
 LANGUAGE=de_DE:de:en_GB:en
 PATH=(custom, user)
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
ProcKernelCmdLine: root=UUID=92572303-6c10-436b-a292-540b4a5e7056 ro quiet splash
RelatedPackageVersions:
 linux-restricted-modules-2.6.38-8-generic N/A
 linux-backports-modules-2.6.38-8-generic N/A
 linux-firmware 1.52
RfKill:
 0: phy0: Wireless LAN
  Soft blocked: no
  Hard blocked: no
SourcePackage: linux
UpgradeStatus: Upgraded to natty on 2011-04-20 (48 days ago)
WpaSupplicantLog:

dmi.bios.date: 10/02/2007
dmi.bios.vendor: Intel Corp.
dmi.bios.version: DPP3510J.86A.0293.2007.1002.1519
dmi.board.asset.tag: Base Board Asset Tag
dmi.board.name: DP35DP
dmi.board.vendor: Intel Corporation
dmi.board.version: AAD81073-207
dmi.chassis.type: 2
dmi.modalias: dmi:bvnIntelCorp.:bvrDPP3510J.86A.0293.2007.1002.1519:bd10/02/2007:svn:pn:pvr:rvnIntelCorporation:rnDP35DP:rvrAAD81073-207:cvn:ct2:cvr:

Mirco Müller (macslow) wrote :
description: updated
Tim Gardner (timg-tpi) on 2011-06-07
Changed in linux (Ubuntu Natty):
assignee: nobody → Herton R. Krzesinski (herton)
status: New → In Progress
Brad Figg (brad-figg) on 2011-06-07
Changed in linux (Ubuntu):
status: New → Confirmed
Herton R. Krzesinski (herton) wrote :

The dmesg output in the bug description comes from log setup from firestarter (/etc/firestarter/firewall), I suspect that some of the rules are triggering the bug (as you also noted on irc discussion). But I tried to install firestarter and was unable to reproduce the issue, so can be something specific or configuration I don't have.

Even if you don't run firestart, just keeping it installed will make it start and add some rules, it could also conflict with other services (happened here, it removed/changed nat rules that were previously setup by libvirt for my vms)

Between the reported working (2.6.38-8.42) and non-working (2.6.38-10-generic) kernel, we have the following netfilter changes:
44ff155 netfilter: ipt_CLUSTERIP: fix buffer overflow
2444a5d netfilter: arp_tables: fix infoleak to userspace
ec6128c netfilter: xtables: fix reentrancy
43bfce2 netfilter: ip_tables: fix infoleak to userspace

Probably the ip_tables one can be causing issues here, I'll build test kernels with each one reverted and ask for testing soon.

Mirco Müller (macslow) wrote :

Ok, Herton. I'll watch this space for your updates. Thanks sofar!

Herton R. Krzesinski (herton) wrote :

@Mirco, I uploaded testing packages to http://people.canonical.com/~herton/lp794096/

Each one reverts one of the netfilter patches, please install first kernel and boot into it, test if everything is ok. Then install second, boot/test, and so on. Then, report here the results, lets see if really one of the netfilter changes brought the regression. I looked at the netfilter changes and they seem ok, but first lets rule out if really they don't brought any problems.

Mirco Müller (macslow) wrote :

Herton, I tried all four different kernels form that directory, http://people.canonical.com/~herton/lp794096. None of them fixed the issue. The regression has to be something else.

Mirco Müller (macslow) wrote :

Just for the record stock 2.6.38-9-generic works too here.

Herton R. Krzesinski (herton) wrote :

I'm currently working with Mirco to bisect this issue, as the netfilter patches doesn't seem to be at fault here.

Tim Gardner (timg-tpi) wrote :

Herton - Have any of your kernels reverted this commit ? 'net: ip_expire() must revalidate route' is the only commit that deals with fragmentation, which is possibly why this regression is not more widespread.

Herton R. Krzesinski (herton) wrote :

Didn't try reverting this commit. As we discussed, I built now a new kernel with the following 3 commits reverted:
net: ip_expire() must revalidate route
dccp: handle invalid feature options length
af_unix: Only allow recv on connected seqpacket sockets.

@Mirco: can you download and test the kernel with these reverted from http://people.canonical.com/~herton/lp794096/reverts/ ?

Mirco Müller (macslow) wrote :

Those from http://people.canonical.com/~herton/lp794096/reverts work fine for me now... and I've my driver-support for my p54 back. That was the last thing I tested on Natty. By now I've also updated my desktop-machine to Oneiric and am happy there too... please don't change anything ever again ;)

Herton R. Krzesinski (herton) wrote :

Natty is EOL, and the revert/problem was handled.

Changed in linux (Ubuntu Natty):
status: In Progress → Fix Released
Changed in linux (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.