Re: NAT and MTU issues

Martin Josefsson <gandalf@xxxxxxxxxxxxxx> · Mon, 22 Sep 2003 17:03:36 +0200 (CEST)

On Mon, 22 Sep 2003, Nigel Metheringham wrote:

> On Mon, 2003-09-22 at 13:00, Martin Josefsson wrote:
> > Could you please apply the attached patch and reproduce it again?
> > It's just a small patch that enables a little debugging for this.
>
> Very odd - I am seeing ICMPs generated:-
> # /usr/sbin/tcpdump -n -i eth0 icmp
> tcpdump: listening on eth0
> 15:26:12.146557 192.168.50.119 > 172.16.28.33: icmp: 10.0.2.2
> unreachable - need to frag (mtu 1450) [tos 0xc0]
>
> but no extra chatter in dmesg despite ensuring dmesg -n is turned up.
> Checking the module object file shows the extra log messages in there,
> so its not me doing something completely silly.

Ok, no wonder that the ipaddress isn't rewritten to the correct one, the
rewriting is never called. Now lets find out if the loop is run at all.
I forgot to enable that debug-statement in the previous patch, sorry.
A new patch is applied, reverse the old one and apply this and retest.

> Putting a
>   iptables -t mangle -A FORWARD -p tcp --syn -j TCPMSS \
> 	--clamp-mss-to-pmtu
>
> in appears to fix things for me.

For tcp... it avoids the problem, but we still need to fix this :)

/Martin

--- linux-2.4.21/net/ipv4/netfilter/ip_nat_core.c	2003-06-14 16:46:09.000000000 +0200
+++ linux-2.4.21.test/net/ipv4/netfilter/ip_nat_core.c	2003-09-22 16:59:01.000000000 +0200
@@ -901,7 +901,7 @@
 
 	READ_LOCK(&ip_nat_lock);
 	for (i = 0; i < info->num_manips; i++) {
-		DEBUGP("icmp_reply: manip %u dir %s hook %u\n",
+		printk("icmp_reply: manip %u dir %s hook %u\n",
 		       i, info->manips[i].direction == IP_CT_DIR_ORIGINAL ?
 		       "ORIG" : "REPLY", info->manips[i].hooknum);
 
@@ -913,7 +913,7 @@
 		   where we would normally apply a dst manip, we apply
 		   a src, and vice versa. */
 		if (info->manips[i].hooknum == hooknum) {
-			DEBUGP("icmp_reply: inner %s -> %u.%u.%u.%u %u\n",
+			printk("icmp_reply: inner %s -> %u.%u.%u.%u %u\n",
 			       info->manips[i].maniptype == IP_NAT_MANIP_SRC
 			       ? "DST" : "SRC",
 			       NIPQUAD(info->manips[i].manip.ip),
@@ -928,7 +928,7 @@
 
 			/* Use mapping to map outer packet: 0 give no
                            per-proto mapping */
-			DEBUGP("icmp_reply: outer %s -> %u.%u.%u.%u\n",
+			printk("icmp_reply: outer %s -> %u.%u.%u.%u\n",
 			       info->manips[i].maniptype == IP_NAT_MANIP_SRC
 			       ? "SRC" : "DST",
 			       NIPQUAD(info->manips[i].manip.ip));




