[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables MARK breaks radvd



Marcus C. Gottwald wrote at 2010-07-02 05:58 -0500:
> green wrote (Wed 2010-Jun-30 11:19:58 -0500):
> > For use with shaping, there is an ip6tables rule like this:
> >  ip6tables -t mangle -A OUTPUT -j MARK --set-mark 0x4/0xf
> ..
> > Unfortunately the above ip6tables rule breaks radvd.  Nothing different happens 
> > except clients do not seem to see the advertisements and so get no ipv6 
> > address.
> 
> Just an idea -- I have at several occasions seen the call to
> sendto() fail if the packet passed to the operating system
> matches a MARKing rule in the "mangle" table (at least for
> IPv4). If radvd does not catch that (and transforms it into a
> log message), it may remain unnoticed. An strace could show
> if this is happening for you.

Okay, I used strace and here are the results.  I don't see any significant 
differences.  I have changed local interface shaping so I don't need to MARK 
packets so this is not a problem for me now.  But if it is a bug a fix would be 
great.  Let me know of anything else to try; I might try with highest radvd 
debug setting sometime.  Thanks.


Okay, here is with the rule active:
# strace radvd -m stderr -d 1
)        = ? ERESTARTNOHAND (To be restarted)
--- SIGALRM (Alarm clock) @ 0 (0) ---
gettimeofday({1278429859, 189635}, NULL) = 0
ioctl(3, SIOCGIFFLAGS, {ifr_name="br0", 
ifr_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST}) = 0
open("/proc/net/igmp6", O_RDONLY)       = 4
fstat64(4, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0xb7f6f000
read(4, "1    lo              ff020000000"..., 1024) = 1024
read(4, "000000000000001ff01116e     1 00"..., 1024) = 1024
read(4, "0000000C 0\n12   vpn0            "..., 1024) = 153
read(4, "", 1024)                       = 0
read(4, "", 1024)                       = 0
close(4)                                = 0
munmap(0xb7f6f000, 4096)                = 0
gettimeofday({1278429859, 193179}, NULL) = 0
open("/proc/sys/net/ipv6/conf/all/forwarding", O_RDONLY) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0xb7f6f000
read(4, "1\n", 1024)                    = 2
close(4)                                = 0
munmap(0xb7f6f000, 4096)                = 0
sendmsg(3, {msg_name(28)={sa_family=AF_INET6, sin6_port=htons(58), 
inet_pton(AF_INET6, "ff02::1", &sin6_addr), sin6_flowinfo=0, 
sin6_scope_id=if_nametoindex("br0")}, 
msg_iov(1)=[{"\206\0\0\0@\0\0<\0\0\0\0\0\0\0\0\3\4@\300\0\1Q\200\0\0008@\0\0\0\0"..., 
56}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_IPV6, cmsg_type=, ...}, 
msg_flags=0}, 0) = 56
gettimeofday({1278429859, 201874}, NULL) = 0
rt_sigprocmask(SIG_BLOCK, [ALRM], [ALRM], 8) = 0
gettimeofday({1278429859, 202283}, NULL) = 0
rt_sigaction(SIGALRM, {0x804bac0, [ALRM], SA_RESTART}, {0x804bac0, [ALRM], 
SA_RESTART}, 8) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={12, 641625}}, NULL) = 0
rt_sigprocmask(SIG_SETMASK, [ALRM], NULL, 8) = 0
gettimeofday({1278429859, 203323}, NULL) = 0
rt_sigaction(SIGALRM, {0x804bac0, [ALRM], SA_RESTART}, {0x804bac0, [ALRM], 
SA_RESTART}, 8) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={12, 640585}}, NULL) = 0
sigreturn()                             = ? (mask now [])
select(4, [3], NULL, NULL, NULL)        = 1 (in [3])
recvmsg(3, {msg_name(28)={sa_family=AF_INET6, sin6_port=htons(0), 
inet_pton(AF_INET6, "fe80::200:24ff:fecc:5cb5", &sin6_addr), sin6_flowinfo=0, 
sin6_scope_id=if_nametoindex("wlan0_0")}, 
msg_iov(1)=[{"\206\0\203?@\0\0<\0\0\0\0\0\0\0\0\3\4@\300\0\1Q\200\0\0008@\0\0\0\0"..., 
1500}], msg_controllen=48, {cmsg_len=32, cmsg_level=SOL_IPV6, cmsg_type=, ...}, 
msg_flags=0}, 0) = 56
select(4, [3], NULL, NULL, NULL


# strace -e trace=network radvd -m stderr -d 1
--- SIGALRM (Alarm clock) @ 0 (0) ---
sendmsg(3, {msg_name(28)={sa_family=AF_INET6, sin6_port=htons(58), inet_pton(AF_INET6, "ff02::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=if_nametoindex("br0")}, msg_iov(1)=[{"\206\0\0\0@\0\0<\0\0\0\0\0\0\0\0\3\4@\300\0\1Q\200\0\0008@\0\0\0\0"..., 56}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_IPV6, cmsg_type=, ...}, msg_flags=0}, 0) = 56
recvmsg(3, {msg_name(28)={sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "fe80::200:24ff:fecc:5cb5", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=if_nametoindex("wlan0_0")}, msg_iov(1)=[{"\206\0\203?@\0\0<\0\0\0\0\0\0\0\0\3\4@\300\0\1Q\200\0\0008@\0\0\0\0"..., 1500}], msg_controllen=48, {cmsg_len=32, cmsg_level=SOL_IPV6, cmsg_type=, ...}, msg_flags=0}, 0) = 56



And here is without the rule active:
# strace radvd -m stderr -d 1
)        = ? ERESTARTNOHAND (To be restarted)
--- SIGALRM (Alarm clock) @ 0 (0) ---
gettimeofday({1278430043, 827415}, NULL) = 0
ioctl(3, SIOCGIFFLAGS, {ifr_name="br0", 
ifr_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST}) = 0
open("/proc/net/igmp6", O_RDONLY)       = 4
fstat64(4, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0xb7f6f000
read(4, "1    lo              ff020000000"..., 1024) = 1024
read(4, "000000000000001ff01116e     1 00"..., 1024) = 1024
read(4, "0000000C 0\n12   vpn0            "..., 1024) = 153
read(4, "", 1024)                       = 0
read(4, "", 1024)                       = 0
close(4)                                = 0
munmap(0xb7f6f000, 4096)                = 0
gettimeofday({1278430043, 830910}, NULL) = 0
open("/proc/sys/net/ipv6/conf/all/forwarding", O_RDONLY) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0xb7f6f000
read(4, "1\n", 1024)                    = 2
close(4)                                = 0
munmap(0xb7f6f000, 4096)                = 0
sendmsg(3, {msg_name(28)={sa_family=AF_INET6, sin6_port=htons(58), 
inet_pton(AF_INET6, "ff02::1", &sin6_addr), sin6_flowinfo=0, 
sin6_scope_id=if_nametoindex("br0")}, 
msg_iov(1)=[{"\206\0\0\0@\0\0<\0\0\0\0\0\0\0\0\3\4@\300\0\1Q\200\0\0008@\0\0\0\0"..., 
56}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_IPV6, cmsg_type=, ...}, 
msg_flags=0}, 0) = 56
gettimeofday({1278430043, 833719}, NULL) = 0
rt_sigprocmask(SIG_BLOCK, [ALRM], [ALRM], 8) = 0
gettimeofday({1278430043, 834106}, NULL) = 0
rt_sigaction(SIGALRM, {0x804bac0, [ALRM], SA_RESTART}, {0x804bac0, [ALRM], 
SA_RESTART}, 8) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={10, 375784}}, NULL) = 0
rt_sigprocmask(SIG_SETMASK, [ALRM], NULL, 8) = 0
gettimeofday({1278430043, 835295}, NULL) = 0
rt_sigaction(SIGALRM, {0x804bac0, [ALRM], SA_RESTART}, {0x804bac0, [ALRM], 
SA_RESTART}, 8) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={10, 374595}}, NULL) = 0
sigreturn()                             = ? (mask now [])
select(4, [3], NULL, NULL, NULL)        = 1 (in [3])
recvmsg(3, {msg_name(28)={sa_family=AF_INET6, sin6_port=htons(0), 
inet_pton(AF_INET6, "fe80::200:24ff:fecc:5cb5", &sin6_addr), sin6_flowinfo=0, 
sin6_scope_id=if_nametoindex("br0")}, 
msg_iov(1)=[{"\206\0\203?@\0\0<\0\0\0\0\0\0\0\0\3\4@\300\0\1Q\200\0\0008@\0\0\0\0"..., 
1500}], msg_controllen=48, {cmsg_len=32, cmsg_level=SOL_IPV6, cmsg_type=, ...}, 
msg_flags=0}, 0) = 56
select(4, [3], NULL, NULL, NULL


# strace -e trace=network radvd -m stderr -d 1
--- SIGALRM (Alarm clock) @ 0 (0) ---
sendmsg(3, {msg_name(28)={sa_family=AF_INET6, sin6_port=htons(58), inet_pton(AF_INET6, "ff02::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=if_nametoindex("br0")}, msg_iov(1)=[{"\206\0\0\0@\0\0<\0\0\0\0\0\0\0\0\3\4@\300\0\1Q\200\0\0008@\0\0\0\0"..., 56}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_IPV6, cmsg_type=, ...}, msg_flags=0}, 0) = 56
recvmsg(3, {msg_name(28)={sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "fe80::200:24ff:fecc:5cb5", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=if_nametoindex("br0")}, msg_iov(1)=[{"\206\0\203?@\0\0<\0\0\0\0\0\0\0\0\3\4@\300\0\1Q\200\0\0008@\0\0\0\0"..., 1500}], msg_controllen=48, {cmsg_len=32, cmsg_level=SOL_IPV6, cmsg_type=, ...}, msg_flags=0}, 0) = 56

Attachment: signature.asc
Description: Digital signature


Reply to: