Dropped packets with bridge + ip_conntrack module

	
Hello,

I'm using netfilter with the l7-filter patch, and a 2.6.13 kernel.

I had to create a bridge interface in order to enable the listening
interface in promiscous mode and to classify the traffic mirrored to
that (I touch eth1 to br1 interface).

So, the problem is that I'm seeing many dropped packets on the bridge,
and I cannot understand why.

If I don't add the ip_conntrack module, the whole traffic going through
the ethernet interface eth1 is passed to the bridge; but, if I add
ip_conntrack some packets don't cross the bridge interface.

Following, I show you the output of "netstat -i":
  without module ip_conntrack (before sending packets)
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR
Flg
br1 1500 0 6576580 0 0 0 5 0 0 0
BMRU
eth1 1500 0 16105342 25606 0 25606 13 0 0 0

  after sending packets
olmo:/home/maurizio# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR
Flg
br1 1500 0 8220973 0 0 0 5 0 0 0
BMPRU
eth1 1500 0 17749735 25606 0 25606 13 0 0 0
BMPRU


difference eth1 1644393
difference br1 1644393
than NO DROPPED PACKETS

with ip_conntrack (before sending packets)

Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR
Flg
br1 1500 0 4932660 0 0 0 5 0 0 0
BMPRU
eth1 1500 0 14460948 25606 0 25606 13 0 0 0
BMPRU


  with ip_conntrack (after sending packets)
olmo:/home/maurizio# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR
Flg
br1 1500 0 6576579 0 0 0 5 0 0 0
BMPRU

eth1 1500 0 16105341 25606 0 25606 13 0 0 0
BMPRU


difference eth1 1644393
difference br1 1643919
than there are 474 DROPPED PACKETS

May be someone can help me?
I have read about some similar problems with Kernel 2.6.16 and
fragmented IP packets.

Thank you very much, regards,
	


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Prev by Date: Re: Wiretapping Linux?
• Next by Date: Heads-up for anyone using certain thunderbird message filter features
• Previous by thread: events/0 eats 100% cpu on core duo laptop
• Next by thread: Heads-up for anyone using certain thunderbird message filter features
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]