search

renjingyan / opendpi

Automatically exported from code.google.com/p/opendpi
GNU Lesser General Public License v3.0
0 stars 0 forks source link

xt_opendpi: ignoring untracked sk_buff #9

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
iptables -F -t mangle
iptables -t mangle -A PREROUTING -p udp -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark

iptables -t mangle -A PREROUTING -p udp -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT

iptables -t mangle -A PREROUTING -p udp -m opendpi --sip -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp -m opendpi --iax -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp -m opendpi --mgcp -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp -m opendpi --truphone -j MARK 
--set-mark 1
iptables -t mangle -A PREROUTING -p udp -m opendpi --rtp -j MARK --set-mark 1

iptables -t mangle -A PREROUTING -p tcp -m opendpi --sip -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp -m opendpi --iax -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp -m opendpi --mgcp -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp -m opendpi --truphone -j MARK 
--set-mark 1
iptables -t mangle -A PREROUTING -p tcp -m opendpi --rtp -j MARK --set-mark 1

iptables -t mangle -A PREROUTING -p udp -m mark --mark 1 -j CONNMARK --save-mark
iptables -t mangle -A PREROUTING -p tcp -m mark --mark 1 -j CONNMARK --save-mark

iptables -t mangle -A POSTROUTING -o ppp+ -m mark --mark 1 -j CLASSIFY 
--set-class 1:10

There is huge amount of kernel warrning "xt_opendpi: ignoring untracked sk_buff"

What version of the product are you using? On what operating system?
opendpi-1.2.0
opendpi-netfilter-wrapper-1.1 with opendpi-netfilter-wrapper-1.1_2.6.35_v2.patch
Linux 2.6.37 SMP i686 Intel(R) Xeon(TM) CPU 3.06GHz GenuineIntel
iptables v1.4.2

Original issue reported on code.google.com by alex2g...@gmail.com on 27 Jan 2011 at 10:29

GoogleCodeExporter commented 9 years ago 
While compiling opendpi-netfilter-wrapper there are 2 warnings.
One of them about using nf_ct_is_untracked

/usr/src/pkg/opendpi/opendpi-netfilter-wrapper-1.1/wrapper/src/main.c: In 
function 'opendpi_mt':
/usr/src/pkg/opendpi/opendpi-netfilter-wrapper-1.1/wrapper/src/main.c:478: 
warning: passing argument 1 of 'nf_ct_is_untracked' from incompatible pointer 
type
/usr/src/pkg/opendpi/opendpi-netfilter-wrapper-1.1/wrapper/src/main.c: At top 
level:
/usr/src/pkg/opendpi/opendpi-netfilter-wrapper-1.1/wrapper/src/main.c:642: 
warning: initialization from incompatible pointer type

Original comment by alex2g...@gmail.com on 28 Jan 2011 at 7:31

GoogleCodeExporter commented 9 years ago 
The argument's type of function argument has to be const struct nf_conn *,
but const struct sk_buff * is used

linux-2.6.37/include/net/netfilter/nf_conntrack.h:static inline int 
nf_ct_is_untracked(const struct nf_conn *ct)

Original comment by alex2g...@gmail.com on 28 Jan 2011 at 7:34

GoogleCodeExporter commented 9 years ago 
The function nf_ct_is_untracked was changed since 2.6.36
I've made patch to compile for kernel 2.6.36 and later.
Patch is attached.

Original comment by alex2g...@gmail.com on 28 Jan 2011 at 8:43

Attachments: