2010-06-02 09:29:04 netfilter & nat

Mike Sinkovsky (RUSSIAN FEDERATION)

Message: 90074

Migrating to latest kernel, I noticed that when enabled netfilter and nat options -

[ Networking support ---> Networking options ---> [*] Network packet filtering framework (Netfilter) ]

- kernel hangs. If this options disabled - no problem, all works perfectly.

Previous release (2009R1) - with this option enabled works fine.

But we need this functionality on this board, so can't upgrade kernel..

Here is log:

=== cut ===

U-Boot 2009.03-dirty (ADI-2009R2-pre) (Фев 05 2010 - 18:32:20)

CPU: ADSP bf531-0.3 (Detected Rev: 0.4) (spi flash boot)

Board: TRIKOM GIP

Clock: VCO: 399.360 MHz, Core: 399.360 MHz, System: 133.120 MHz

RAM: 64 MB

NAND: 128 MiB

MAC: 02:3c:e1:12:34:56

Hit any key to stop autoboot: 1

Creating 1 MTD partitions on "nand0":

0x00000000-0x08000000 : "mtd=0"

UBI: attaching mtd1 to ubi0

UBI: physical eraseblock size: 131072 bytes (128 KiB)

UBI: logical eraseblock size: 129024 bytes

UBI: smallest flash I/O unit: 2048

UBI: sub-page size: 512

UBI: VID header offset: 512 (aligned 512)

UBI: data offset: 2048

UBI: attached mtd1 to ubi0

UBI: MTD device name: "mtd=0"

UBI: MTD device size: 128 MiB

UBI: number of good PEBs: 1024

UBI: number of bad PEBs: 0

UBI: max. allowed volumes: 128

UBI: wear-leveling threshold: 4096

UBI: number of internal volumes: 1

UBI: number of user volumes: 5

UBI: available PEBs: 0

UBI: total number of reserved PEBs: 1024

UBI: number of PEBs reserved for bad PEB handling: 10

UBI: max/mean erase counter: 53/1

Volume kernel found at volume id 0

read 0 bytes from volume 0 to 1000000(buf address)

Read [2193408] bytes

## Executing script at 01000000

## Copying part 1 from legacy image at 01000000 ...

Verifying Checksum ... OK

## Booting kernel from Legacy Image at 01000160 ...

Image Name: bf533-2.6.34-ADI-2010R1-pre

Created: 2010-06-02 12:59:34 UTC

Image Type: Blackfin Linux Kernel Image (gzip compressed)

Data Size: 1138013 Bytes = 1.1 MB

Load Address: 00001000

Entry Point: 001fe188

Verifying Checksum ... OK

Uncompressing Kernel Image ... OK

Starting Kernel at = 001fe188

Linux version 2.6.34-ADI-2010R1-pre (msink@msink-debian) (gcc version 4.1.2 (ADI svn)) #8 Wed Jun 2 18:59:30 YEKST 2010

Limiting kernel memory to 56MB due to anomaly 05000263

Board Memory: 64MB

Kernel Managed Memory: 64MB

Memory map:

fixedcode = 0x00000400-0x00000490

text = 0x00001000-0x0015b1a0

rodata = 0x0015b1a0-0x001c6e78

bss = 0x001c7000-0x001e5f30

data = 0x001e5f40-0x001f8000

stack = 0x001f6000-0x001f8000

init = 0x001f8000-0x00211000

available = 0x00211000-0x03800000

DMA Zone = 0x03f00000-0x04000000

Hardware Trace Active and Enabled

Boot Mode: 6

Compiled for ADSP-BF531 Rev 0.4

Blackfin Linux support by blackfin.uclinux.org/

Processor Speed: 399 MHz core clock and 133 MHz System Clock

NOMPU: setting up cplb tables

Instruction Cache Enabled for CPU0

External memory: cacheable in instruction cache

Data Cache Enabled for CPU0

External memory: cacheable (write-back) in data cache

Built 1 zonelists in Zone order, mobility grouping off. Total pages: 14224

Kernel command line: root=ubi:rootfs rootfstype=ubifs ubi.mtd=ubi(nand) console=ttyBF0,57600 panic=3

PID hash table entries: 256 (order: -2, 1024 bytes)

Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)

Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)

Memory available: 54660k/65536k RAM, (100k init code, 1384k kernel code, 628k data, 1024k dma, 7740k reserved)

Hierarchical RCU implementation.

NR_IRQS:81

Configuring Blackfin Priority Driven Interrupts

Calibrating delay loop... 796.26 BogoMIPS (lpj=3981312)

Mount-cache hash table entries: 512

Blackfin Scratchpad data SRAM: 4 KB

Blackfin L1 Instruction SRAM: 16 KB (5 KB free)

NET: Registered protocol family 16

Blackfin DMA Controller

board_init: registering device resources

bio: create slab <bio-0> at 0

NET: Registered protocol family 2

IP route cache hash table entries: 1024 (order: 0, 4096 bytes)

TCP established hash table entries: 2048 (order: 2, 16384 bytes)

TCP bind hash table entries: 2048 (order: 1, 8192 bytes)

TCP: Hash tables configured (established 2048 bind 2048)

TCP reno registered

UDP hash table entries: 256 (order: 0, 4096 bytes)

UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)

NET: Registered protocol family 1

msgmni has been set to 106

io scheduler noop registered

io scheduler cfq registered (default)

bfin-uart: Blackfin serial driver

bfin-uart.0: ttyBF0 at MMIO 0xffc00400 (irq = 21) is a BFIN-UART

console [ttyBF0] enabled

NAND device: Manufacturer ID: 0xec, Chip ID: 0xf1 (Samsung NAND 128MiB 3,3V 8-bit)

Scanning device for bad blocks

cmdlinepart partition parsing not available

RedBoot partition parsing not available

Creating 1 MTD partitions on "gen_nand":

0x000000000000-0x000008000000 : "ubi(nand)"

UBI: attaching mtd0 to ubi0

UBI: physical eraseblock size: 131072 bytes (128 KiB)

UBI: logical eraseblock size: 129024 bytes

UBI: smallest flash I/O unit: 2048

UBI: sub-page size: 512

UBI: VID header offset: 512 (aligned 512)

UBI: data offset: 2048

UBI: attached mtd0 to ubi0

UBI: MTD device name: "ubi(nand)"

UBI: MTD device size: 128 MiB

UBI: number of good PEBs: 1024

UBI: number of bad PEBs: 0

UBI: max. allowed volumes: 128

UBI: wear-leveling threshold: 4096

UBI: number of internal volumes: 1

UBI: number of user volumes: 5

UBI: available PEBs: 0

UBI: total number of reserved PEBs: 1024

UBI: number of PEBs reserved for bad PEB handling: 10

UBI: max/mean erase counter: 53/1

UBI: image sequence number: 0

UBI: background thread "ubi_bgt0d" started, PID 108

HDLC support module revision 1.22

rtc-bfin rtc-bfin: rtc core: registered rtc-bfin as rtc0

bfin-wdt: initialized: timeout=20 sec (nowayout=0)

net eth0: wiznet5300 at 0x20100040 irq=41

net eth1: wiznet5300 at 0x20100080 irq=42

oprofile: using timer interrupt.

Netfilter messages via NETLINK v0.30.

nf_conntrack version 0.5.0 (854 buckets, 3416 max)

nf_nat_init: can't setup rules.

TCP cubic registered

NET: Registered protocol family 17

NULL pointer access

Kernel OOPS in progress

Deferred Exception context

CURRENT PROCESS:

COMM=swapper PID=1 CPU=0

invalid mm

return address: [0x00015864]; contents of:

0x00015840: e101 7b38 b299 e141 001e e101 7c30 0c44

0x00015850: b218 b2d9 1817 0000 0000 0000 9165 6fe5

0x00015860: 200a 0000 [a168] 0c00 181d 0000 0000 0000

0x00015870: ac6d 6fe5 3255 6c22 0862 17f4 aca4 0c44

ADSP-BF531-0.4 399(MHz CCLK) 133(MHz SCLK) (mpu off)

Linux version 2.6.34-ADI-2010R1-pre (msink@msink-debian) (gcc version 4.1.2 (ADI svn)) #8 Wed Jun 2 18:59:30 YEKST 2010

SEQUENCER STATUS: Not tainted

SEQSTAT: 00000027 IPEND: 8008 IMASK: ffff SYSCFG: 0006

EXCAUSE : 0x27

physical IVG3 asserted : <0xffa086bc> { _trap + 0x0 }

physical IVG15 asserted : <0xffa08d70> { _evt_system_call + 0x0 }

logical irq 6 mapped : <0xffa08340> { _bfin_coretmr_interrupt + 0x0 }

logical irq 14 mapped : <0x000e5158> { _bfin_rtc_interrupt + 0x0 }

RETE: <0x00000000> /* Maybe null pointer? */

RETN: <0x0201bf28> /* kernel dynamic memory (maybe user-space) */

RETX: <0x00000480> /* Maybe fixed code section */

RETS: <0x000158aa> { ___register_sysctl_paths + 0x106 }

PC : <0x00015864> { ___register_sysctl_paths + 0xc0 }

DCPLB_FAULT_ADDR: <0x00000010> /* Maybe null pointer? */

ICPLB_FAULT_ADDR: <0x00015864> { ___register_sysctl_paths + 0xc0 }

PROCESSOR STATE:

R0 : fffffffe R1 : 00000062 R2 : 00000000 R3 : 020dfb60

R4 : 001e8d74 R5 : 001e7c10 R6 : 020dfaa0 R7 : 00000002

P0 : 001ac2c1 P1 : 00000000 P2 : 00000000 P3 : 020dfaa0

P4 : 001e7c18 P5 : fffffffc FP : 020dfaa4 SP : 0201be4c

LB0: ffa092fc LT0: ffa092fc LC0: 00000000

LB1: 0001580a LT1: 000157fe LC1: 00000000

B0 : 0201beec L0 : 00000000 M0 : 00000010 I0 : 0201bd64

B1 : 0000ffff L1 : 00000000 M1 : 00000000 I1 : 1c1bcc91

B2 : 0201bea4 L2 : 00000000 M2 : 00000000 I2 : 0201bef4

B3 : 00000000 L3 : 00000000 M3 : 00000000 I3 : 0201bef0

A0.w: 00a69feb A0.x: 00000000 A1.w: 00003a93 A1.x: 00000000

USP : 00000000 ASTAT: 02003006

Hardware Trace:

0 Target : <0x00003d64> { _trap_c + 0x0 }

Source : <0xffa0864e> { _exception_to_level5 + 0x96 } CALL pcrel

1 Target : <0xffa085b8> { _exception_to_level5 + 0x0 }

Source : <0xffa08482> { _bfin_return_from_exception + 0xe } RTX

2 Target : <0xffa08474> { _bfin_return_from_exception + 0x0 }

Source : <0xffa08518> { _ex_trap_c + 0x74 } JUMP.S

3 Target : <0xffa084a4> { _ex_trap_c + 0x0 }

Source : <0xffa083d8> { _ex_workaround_261 + 0x1c } JUMP.S

4 Target : <0xffa083bc> { _ex_workaround_261 + 0x0 }

Source : <0xffa086f4> { _trap + 0x38 } JUMP (P4)

5 Target : <0xffa086da> { _trap + 0x1e }

Source : <0xffa086d6> { _trap + 0x1a } IF CC JUMP pcrel

6 Target : <0xffa086bc> { _trap + 0x0 }

FAULT : <0x00015864> { ___register_sysctl_paths + 0xc0 } P0 = W[P5 + 5]

Source : <0xffa08482> { _bfin_return_from_exception + 0xe } RTX

7 Target : <0xffa08474> { _bfin_return_from_exception + 0x0 }

Source : <0xffa083ce> { _ex_workaround_261 + 0x12 } IF !CC JUMP pcrel

8 Target : <0xffa083bc> { _ex_workaround_261 + 0x0 }

Source : <0xffa086f4> { _trap + 0x38 } JUMP (P4)

9 Target : <0xffa086da> { _trap + 0x1e }

Source : <0xffa086d6> { _trap + 0x1a } IF CC JUMP pcrel

10 Target : <0xffa086bc> { _trap + 0x0 }

Source : <0x00015862> { ___register_sysctl_paths + 0xbe } NOP

11 Target : <0x00015862> { ___register_sysctl_paths + 0xbe }

Source : <0x0001587a> { ___register_sysctl_paths + 0xd6 } IF !CC JUMP pcrel (BP)

12 Target : <0x00015862> { ___register_sysctl_paths + 0xbe }

Source : <0x0001587a> { ___register_sysctl_paths + 0xd6 } IF !CC JUMP pcrel (BP)

13 Target : <0x00015870> { ___register_sysctl_paths + 0xcc }

Source : <0x000158aa> { ___register_sysctl_paths + 0x106 } JUMP.S

14 Target : <0x000158aa> { ___register_sysctl_paths + 0x106 }

Source : <0x000157a0> { _try_attach + 0x4c } RTS

15 Target : <0x0001579a> { _try_attach + 0x46 }

Source : <0x0001578e> { _try_attach + 0x3a } IF CC JUMP pcrel

Kernel Stack

Stack info:

SP: [0x0201be34] <0x0201be34> /* kernel dynamic memory (maybe user-space) */

FP: (0x0201bf80)

Memory from 0x0201be30 to 0201c000

0201be30: 00008008 [00000027] 001e7c10 001e8d74 00000000 00000000 00000000 00000480

0201be50: 00008008 00000027 00000000 0201bf28 00000480 00015864 000158aa fffffffe

0201be70: 02003006 0001580a ffa092fc 000157fe ffa092fc 00000000 00000000 00003a93

0201be90: 00000000 00a69feb 00000000 00000000 0201bea4 0000ffff 0201beec 00000000

0201beb0: 00000000 00000000 00000000 00000000 00000000 00000000 00000010 0201bef0

0201bed0: 0201bef4 1c1bcc91 0201bd64 00000000 020dfaa4 fffffffc 001e7c18 020dfaa0

0201bef0: 00000000 00000000 001ac2c1 00000002 020dfaa0 001e7c10 001e8d74 020dfb60

0201bf10: 00000000 00000062 fffffffe fffffffe 001ac2c1 00000006 001f39c8 00107080

0201bf30: 001f3f74 00000000 000158e4 0020e108 001c7148 001c700c 00000000 00000000

0201bf50: 00000000 00000000 0020e108 00000000 00000000 001f3fa8 0020877e 00000000

0201bf70: 00208640 00000000 0020864a 001f3798 (00000000)<0000102e><0000102e> 00000000

0201bf90:<0015c604> 00000030 00003834 00000000 001e0000 00000000 001f81fa 0020e108

0201bfb0: 0020e13c 00000000 00000000 00000000 00000000 00000000 002085fc 00000000

0201bfd0: 00001448 001f84f2 00000000 00000000 00000000 00000000 00000000 <0000144e>

0201bff0: 00000000 00000000 ffffffff 00000006

Return addresses in stack:

frame 1 : <0x0000102e> { _do_one_initcall + 0x2e }

address : <0x0000102e> { _do_one_initcall + 0x2e }

address : <0x0015c604> /* kernel dynamic memory (maybe user-space) */

address : <0x0000144e> { _kernel_thread_helper + 0x6 }

Modules linked in:

Kernel panic - not syncing: Kernel exception

Hardware Trace:

Stack info:

SP: [0x0201bd6c] <0x0201bd6c> /* kernel dynamic memory (maybe user-space) */

FP: (0x0201bf80)

Memory from 0x0201bd60 to 0201c000

0201bd60: 00000027 0201bd6c 020dfaa0 [0019473c] 0000f518 0201be4c 0019473c 001cc36e

0201bd80: 001cc36e 001cc36e 0201bda0 0201bda0 00004158 0201be4c 001941bc 00000000

0201bda0: 0000001f ffffffff 00000000 00000000 0003000b 00000000 00000000 00000000

0201bdc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

0201bde0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

0201be00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

0201be20: 00000000 00000000 ffa08652 001c9000 00008008 00000027 001e7c10 001e8d74

0201be40: 00000000 00000000 00000000 00000480 00008008 00000027 00000000 0201bf28

0201be60: 00000480 00015864 000158aa fffffffe 02003006 0001580a ffa092fc 000157fe

0201be80: ffa092fc 00000000 00000000 00003a93 00000000 00a69feb 00000000 00000000

0201bea0: 0201bea4 0000ffff 0201beec 00000000 00000000 00000000 00000000 00000000

0201bec0: 00000000 00000000 00000010 0201bef0 0201bef4 1c1bcc91 0201bd64 00000000

0201bee0: 020dfaa4 fffffffc 001e7c18 020dfaa0 00000000 00000000 001ac2c1 00000002

0201bf00: 020dfaa0 001e7c10 001e8d74 020dfb60 00000000 00000062 fffffffe fffffffe

0201bf20: 001ac2c1 00000006 001f39c8 00107080 001f3f74 00000000 000158e4 0020e108

0201bf40: 001c7148 001c700c 00000000 00000000 00000000 00000000 0020e108 00000000

0201bf60: 00000000 001f3fa8 0020877e 00000000 00208640 00000000 0020864a 001f3798

0201bf80:(00000000)<0000102e><0000102e> 00000000 <0015c604> 00000030 00003834 00000000

0201bfa0: 001e0000 00000000 001f81fa 0020e108 0020e13c 00000000 00000000 00000000

0201bfc0: 00000000 00000000 002085fc 00000000 00001448 001f84f2 00000000 00000000

0201bfe0: 00000000 00000000 00000000 <0000144e> 00000000 00000000 ffffffff 00000006

Return addresses in stack:

frame 1 : <0x0000102e> { _do_one_initcall + 0x2e }

address : <0x0000102e> { _do_one_initcall + 0x2e }

address : <0x0015c604> /* kernel dynamic memory (maybe user-space) */

address : <0x0000144e> { _kernel_thread_helper + 0x6 }

Rebooting in 3 seconds..

QuoteReplyEditDelete

2010-06-03 04:52:45 Re: netfilter & nat

Sonic Zhang (CHINA)

Message: 90101

I can't replicate you crash on kernel SVN rev 8738.

Which SVN rev do you use?

QuoteReplyEditDelete

2010-06-03 05:24:47 Re: netfilter & nat

Mike Sinkovsky (RUSSIAN FEDERATION)

Message: 90104

I use git, cloned 2010-06-01, latest commit is 1eebd912

Did you truing to on board with BF531 chip? Maybe it is related - it have only 16K L1 SRAM.

But I tried disabling L1 optimisations - did not help..

What more I can do?

QuoteReplyEditDelete

2010-06-03 05:36:30 Re: netfilter & nat

Sonic Zhang (CHINA)

Message: 90105

I have no bf531. I tested it on bf537-ezkit.

QuoteReplyEditDelete

2010-06-03 11:24:12 Re: netfilter & nat

Mike Sinkovsky (RUSSIAN FEDERATION)

Message: 90108

Hmm, and there are no bf531 based boards in official testing scripts... Then if I undestand correctly, functionality on extremal case -- smallest L1 memory size -- is not checked by blackfin core team?

BTW I tried compiler from latest source trunk and from 2009R1 - no differences, same error.

QuoteReplyEditDelete

2010-06-03 13:13:55 Re: netfilter & nat

Mike Frysinger (UNITED STATES)

Message: 90113

the L1 sizes should be irrelevant. it is also trivial to take a BF537 config, disable all L1 usage in the config, and boot it.

QuoteReplyEditDelete

2010-06-04 05:45:37 Re: netfilter & nat

Mike Sinkovsky (RUSSIAN FEDERATION)

Message: 90126

OK, I took config from BF537, slightly adapted for my hardware (BF531-0.4 chip using NAND&UBIFS as root), then enabled netfilter and nat:

== cut ==

CONFIG_NETFILTER=y

# CONFIG_NETFILTER_DEBUG is not set

CONFIG_NETFILTER_ADVANCED=y

# Core Netfilter Configuration

CONFIG_NETFILTER_NETLINK=y

CONFIG_NETFILTER_NETLINK_QUEUE=y

CONFIG_NETFILTER_NETLINK_LOG=y

CONFIG_NF_CONNTRACK=y

# CONFIG_NF_CT_ACCT is not set

# CONFIG_NF_CONNTRACK_MARK is not set

# CONFIG_NF_CONNTRACK_EVENTS is not set

# CONFIG_NF_CT_PROTO_DCCP is not set

# CONFIG_NF_CT_PROTO_SCTP is not set

# CONFIG_NF_CT_PROTO_UDPLITE is not set

# CONFIG_NF_CONNTRACK_AMANDA is not set

# CONFIG_NF_CONNTRACK_FTP is not set

CONFIG_NF_CONNTRACK_H323=y

# CONFIG_NF_CONNTRACK_IRC is not set

# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set

# CONFIG_NF_CONNTRACK_PPTP is not set

# CONFIG_NF_CONNTRACK_SANE is not set

CONFIG_NF_CONNTRACK_SIP=y

# CONFIG_NF_CONNTRACK_TFTP is not set

# CONFIG_NF_CT_NETLINK is not set

CONFIG_NETFILTER_XTABLES=y

# CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set

# CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set

CONFIG_NETFILTER_XT_TARGET_MARK=y

# CONFIG_NETFILTER_XT_TARGET_NFLOG is not set

# CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set

# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set

# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set

# CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set

# CONFIG_NETFILTER_XT_MATCH_COMMENT is not set

# CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set

# CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set

# CONFIG_NETFILTER_XT_MATCH_CONNMARK is not set

# CONFIG_NETFILTER_XT_MATCH_CONNTRACK is not set

# CONFIG_NETFILTER_XT_MATCH_DCCP is not set

# CONFIG_NETFILTER_XT_MATCH_DSCP is not set

# CONFIG_NETFILTER_XT_MATCH_ESP is not set

# CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set

# CONFIG_NETFILTER_XT_MATCH_HELPER is not set

# CONFIG_NETFILTER_XT_MATCH_HL is not set

# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set

# CONFIG_NETFILTER_XT_MATCH_LENGTH is not set

# CONFIG_NETFILTER_XT_MATCH_LIMIT is not set

# CONFIG_NETFILTER_XT_MATCH_MAC is not set

CONFIG_NETFILTER_XT_MATCH_MARK=y

# CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set

# CONFIG_NETFILTER_XT_MATCH_OWNER is not set

# CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set

# CONFIG_NETFILTER_XT_MATCH_QUOTA is not set

# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set

# CONFIG_NETFILTER_XT_MATCH_REALM is not set

# CONFIG_NETFILTER_XT_MATCH_RECENT is not set

# CONFIG_NETFILTER_XT_MATCH_SCTP is not set

# CONFIG_NETFILTER_XT_MATCH_STATE is not set

# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set

# CONFIG_NETFILTER_XT_MATCH_STRING is not set

# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set

# CONFIG_NETFILTER_XT_MATCH_TIME is not set

# CONFIG_NETFILTER_XT_MATCH_U32 is not set

# CONFIG_NETFILTER_XT_MATCH_OSF is not set

# CONFIG_IP_VS is not set

# IP: Netfilter Configuration

CONFIG_NF_DEFRAG_IPV4=y

CONFIG_NF_CONNTRACK_IPV4=y

CONFIG_NF_CONNTRACK_PROC_COMPAT=y

# CONFIG_IP_NF_QUEUE is not set

CONFIG_IP_NF_IPTABLES=y

CONFIG_IP_NF_MATCH_ADDRTYPE=y

# CONFIG_IP_NF_MATCH_AH is not set

# CONFIG_IP_NF_MATCH_ECN is not set

# CONFIG_IP_NF_MATCH_TTL is not set

CONFIG_IP_NF_FILTER=y

# CONFIG_IP_NF_TARGET_REJECT is not set

CONFIG_IP_NF_TARGET_LOG=y

# CONFIG_IP_NF_TARGET_ULOG is not set

CONFIG_NF_NAT=y

CONFIG_NF_NAT_NEEDED=y

CONFIG_IP_NF_TARGET_MASQUERADE=y

CONFIG_IP_NF_TARGET_NETMAP=y

CONFIG_IP_NF_TARGET_REDIRECT=y

# CONFIG_NF_NAT_SNMP_BASIC is not set

# CONFIG_NF_NAT_FTP is not set

# CONFIG_NF_NAT_IRC is not set

# CONFIG_NF_NAT_TFTP is not set

# CONFIG_NF_NAT_AMANDA is not set

# CONFIG_NF_NAT_PPTP is not set

CONFIG_NF_NAT_H323=y

CONFIG_NF_NAT_SIP=y

== cut ==

-- and got similar error.

Then. I traced to file "net/ipv4/netfilter/ip_tables.c" line #764:

if (e->next_offset

< sizeof(struct ipt_entry) + sizeof(struct ipt_entry_target)) {

duprintf("checking: element %p size %u\n",

e, e->next_offset);

return -EINVAL;

}

-- prints "checking: element 021341bc size 0", and returns -EINVAL

But tracing netfilter code is too complicated for me...

Maybe it is global problem in new 2.6.34 kernel ???

QuoteReplyEditDelete

2010-06-04 05:51:37 Re: netfilter & nat

Sonic Zhang (CHINA)

Message: 90127

What EMAC driver do you use on your board?

Do you have a bf533-stamp or bf537-ezkit board to replicate?

QuoteReplyEditDelete

2010-06-04 06:02:01 Re: netfilter & nat

Mike Sinkovsky (RUSSIAN FEDERATION)

Message: 90128

> What EMAC driver do you use on your board?

It is our custom driver for wiznet5300 chip. But I don't think that it is relevant - if I delete it from config - error still occurs.

> Do you have a bf533-stamp or bf537-ezkit board to replicate?

No.

QuoteReplyEditDelete

2010-06-04 15:19:44 Re: netfilter & nat

Mike Frysinger (UNITED STATES)

Message: 90139

disable CONFIG_NF_CONNTRACK_PROC_COMPAT

QuoteReplyEditDelete

2010-06-07 01:59:31 Re: netfilter & nat

Mike Sinkovsky (RUSSIAN FEDERATION)

Message: 90161

> disable CONFIG_NF_CONNTRACK_PROC_COMPAT

With this option disabled kernel did not hand at boot time, but nat still do'nt work.

Firstly, in boot log there are trange message about nat:

== cut ==

Netfilter messages via NETLINK v0.30.

nf_conntrack version 0.5.0 (854 buckets, 3416 max)

nf_nat_init: can't setup rules.

TCP cubic registered

NET: Registered protocol family 17

Bridge firewalling registered

802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>

All bugs added by David S. Miller <davem@redhat.com>

== cut ==

And, if I try to configure, it not work:

root:~> iptables -t nat -A PREROUTING -i eth0

modprobe: module ip_tables not found in modules.dep

iptables v1.4.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)

Perhaps iptables or your kernel needs to be upgraded.

root:~>

Anyway, is it blackfin specific bug, or in vanilla kernel too?

Maybe we just wait till it will be fixed in upstream by netfilter core team?

QuoteReplyEditDelete

2010-06-07 04:37:42 Re: netfilter & nat

Mike Frysinger (UNITED STATES)

Message: 90171

i doubt any of this is Blackfin-specific. more likely it is an issue on no-mmu platforms.

QuoteReplyEditDelete

2010-06-07 08:20:07 Re: netfilter & nat

Mike Frysinger (UNITED STATES)

Message: 90173

i lied, it was a bug in Blackfin-specific code (the hweight() func). update to the latest svn and it should work fine.

QuoteReplyEditDelete

2010-06-08 09:10:02 Re: netfilter & nat

Mike Sinkovsky (RUSSIAN FEDERATION)

Message: 90193

Thank you, for now seems that it works.

Need more testing, and porting some of our custom drivers.

QuoteReplyEditDelete

2010-06-14 11:41:55 Re: netfilter & nat

Mike Sinkovsky (RUSSIAN FEDERATION)

Message: 90314

I almost finished migrating to new version, but have a question, maybe dumb, but somewhat related to this thread, and I can’t solve it myself.

In short – I want iptables package compiled in FDPIC-ELF format, but as a single executable file, not separated to core + many plugins in /lib/xtables/ directory.

This is mainly because there is a variant of board with very limited storage space, and single file is much less in size than multifile config – 200KB versus 600+KB.

In previous releases, including 2009R1 it was easy – I just commented out some lines in Makefile and got what I want. But now Makefile is entirely different, and I don’t understand how to do it.

Any suggestions? In ideal, there would be a option in menuconfig, but maybe any dirty hack too

QuoteReplyEditDelete

2010-06-14 14:24:31 Re: netfilter & nat

Mike Frysinger (UNITED STATES)

Message: 90315

use the same --disable-shared configure option that the uclinux code uses. or simply delete the objects you dont care about from your romfs/ tree.

QuoteReplyEditDelete

2010-06-15 03:55:00 Re: netfilter & nat

Mike Sinkovsky (RUSSIAN FEDERATION)

Message: 90324

Yes, I did that hack, and it works. It frees for me 400KB of storage:

== cut ==