.
From: Brandon Cazander
Sent: Monday, August 15, 2016 9:28 AM
To: Florian Westphal
Cc: netdev@vger.kernel.org; Eric Dumazet
Subject: Re: PROBLEM: TPROXY and DNAT broken (bisected to 079096f103fa)
I can recreate the issue with these rules:
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0
I can recreate the issue with these rules:
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 8080 -j TPROXY --on-port
9876 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
iptables -t nat -A PREROUTING -d 192.168.7.20/32 -i e
Is there anything I can provide or do to help get this issue fixed? Even with
the patch provided, our application is still broken.
-Brandon
From: Brandon Cazander
Sent: Wednesday, August 3, 2016 8:47 AM
To: Florian Westphal
Cc: netdev@vger.kernel.org
Subject: Re: PROBLEM: TPROXY and DNAT broken
etup
so I need to look into that. But it definitely worked before the changes to the
kernel.
From: Florian Westphal
Sent: Tuesday, August 2, 2016 3:11 PM
To: Brandon Cazander
Cc: Florian Westphal
Subject: Re: PROBLEM: TPROXY and DNAT broken (bisected to 079096f103fa)
Brandon Cazan
ian Westphal
Sent: Friday, July 29, 2016 6:21 AM
To: Brandon Cazander
Cc: netdev@vger.kernel.org; eduma...@google.com
Subject: Re: PROBLEM: TPROXY and DNAT broken (bisected to 079096f103fa)
Brandon Cazander wrote:
> * When it fails, no traffic hits the WEBSERVER. A tcpdump on the bad kernel
6:44:18.366103 IP 10.100.0.206.35996 > 42.0.1.1.8080: Flags [.], ack 368,
win 237, options [nop,nop,TS val 632175968 ecr 4294903655], length 0
Hopefully that's enough detail to replicate this issue. I have the full
environment set up for both working and non-working kernel versions, so please
let me know if there's anything else I can provide.
Regards,
Brandon Cazander
