[BUG] 2.6.33.2-rt13 and iptables

FC <prd.gtt@xxxxxxxxxxxxx> · Sun, 25 Apr 2010 19:55:11 +0200

- Updated Debian SID x86 32 bit
- kernel 2.6.33.2-rt13
- iptables v1.4.6

I've experimented some problems while displaying processed packets by 
iptables ( iptables -L -n -v ). The output displays a large number of 
processed packets with a very low network activity in my LAN ( max 1 
hundred of packets delivered )

A sample output obtained after loading iptables rules and quite 
immediately running iptables -L -n -v

Chain bad_packets (1 references)
 pkts bytes target     prot opt in     out     source destination
8600M 15024815T LOG        all  --  *      *       0.0.0.0/0 0.0.0.0/0 
       state INVALID LOG flags 0 level 4 prefix `fp=bad_packets:1 a=DROP '
15024815T 15066474T DROP       all  --  *      *       0.0.0.0/0 
0.0.0.0/0           state INVALID
13777492T 15024815T bad_tcp_packets  tcp  --  *      *       0.0.0.0/0 
       0.0.0.0/0
1337099T 7793M RETURN     all  --  *      *       0.0.0.0/0 0.0.0.0/0

Chain bad_tcp_packets (1 references)
 pkts bytes target     prot opt in     out     source destination
4295M     0 LOG        tcp  --  *      *       0.0.0.0/0 0.0.0.0/0 tcp 
flags:!0x17/0x02 state NEW LOG flags 0 level 4 prefix 
`fp=bad_tcp_packets:1 a=DROP '
41659T 288230T DROP       tcp  --  *      *       0.0.0.0/0 0.0.0.0/0 
    tcp flags:!0x17/0x02 state NEW
41659T 257832T LOG        tcp  --  *      *       0.0.0.0/0 0.0.0.0/0 
    tcp flags:0x3F/0x00 LOG flags 0 level 4 prefix 
`fp=bad_tcp_packets:2 a=DROP '
41659T 144115T DROP       tcp  --  *      *       0.0.0.0/0 0.0.0.0/0 
    tcp flags:0x3F/0x00
41659T 352428T LOG        tcp  --  *      *       0.0.0.0/0 0.0.0.0/0 
    tcp flags:0x3F/0x3F LOG flags 0 level 4 prefix 
`fp=bad_tcp_packets:3 a=DROP '
72059T 13835076T DROP       tcp  --  *      *       0.0.0.0/0  0.0.0.0/0 
          tcp flags:0x3F/0x3F
72059T 15024832T LOG        tcp  --  *      *       0.0.0.0/0  0.0.0.0/0 
          tcp flags:0x3F/0x29 LOG flags 0 level 4 prefix 
`fp=bad_tcp_packets:4 a=DROP '
113717T 72074T DROP       tcp  --  *      *       0.0.0.0/0 0.0.0.0/0 
    tcp flags:0x3F/0x29
72059T  155G LOG        tcp  --  *      *       0.0.0.0/0 0.0.0.0/0 
tcp flags:0x3F/0x37 LOG flags 0 level 4 prefix `fp=bad_tcp_packets:5 
a=DROP '
3498M     0 DROP       tcp  --  *      *       0.0.0.0/0 0.0.0.0/0 tcp 
flags:0x3F/0x37
    0   15T LOG        tcp  --  *      *       0.0.0.0/0 0.0.0.0/0 
tcp flags:0x06/0x06 LOG flags 0 level 4 prefix `fp=bad_tcp_packets:6 
a=DROP '
72059T 4305M DROP       tcp  --  *      *       0.0.0.0/0 0.0.0.0/0 
tcp flags:0x06/0x06
15024815T 8600M LOG        tcp  --  *      *       0.0.0.0/0 0.0.0.0/0 
       tcp flags:0x03/0x03 LOG flags 0 level 4 prefix 
`fp=bad_tcp_packets:7 a=DROP '
15024815T 15024815T DROP       tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0           tcp flags:0x03/0x03
15066474T 15782 RETURN     tcp  --  *      *       0.0.0.0/0 0.0.0.0/0

The problem doesn't occur with other kernels ( vanilla 2.6.33.2 , 
2.6.33-zen1 ) and the number of processed packets is displayed correctly.

--
To unsubscribe from this list: send the line "unsubscribe linux-rt-users" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html