Bug #338

connmark and ipv6 iptables are a bad combination

Added by Dave Täht on Feb 11, 2012. Updated on Apr 21, 2012.
New Urgent Dave Täht

Description

I have been battling various ipv6 related bugs for a while. For example, I tried
to make openwrt’s shaper do ipv6 and stuff like this will hang the interface
on x86 AND cerowrt.

  1. This is my bad boy
    ip6tables -t mangle -A qos_Default -p tcp -m length –length :128 -m mark ! –mark 4/0xff -m tcp –tcp-flags ALL SYN -j MARK –set-mark 1/0xff
    ip6tables -t mangle -A qos_Default -p tcp -m length –length :128 -m mark ! –mark 4/0xff -m tcp –tcp-flags ALL ACK -j MARK –set-mark 1/0xff

Attachments

  • simple_bug (application/octet-stream; 3.0 kiB) Dave Täht Feb 11, 2012

History

Updated by Dave Täht on Feb 11, 2012.
It may not be limited to the negate mark option, either.

I suspect there are more ipv6 related bugs than this lurking in ip6tables

Updated by Dave Täht on Feb 12, 2012.
and, after duplicating this on 3 machines, rebooted them all…

and with the simplified script, they no longer go boom. Have to recreate the complex scenario now.

Updated by Dave Täht on Feb 15, 2012.
and then, I managed to get it to happen again. But it’s subtle.

I don’t know what to point at anymore. ifb? ip6tables? conntrack?

Updated by Dave Täht on Apr 21, 2012.

This is a static export of the original bufferbloat.net issue database. As such, no further commenting is possible; the information is solely here for archival purposes.

Cerowrt Project

News items
List of Wiki pages
List of bugs
RSS feed

Recent Updates

Oct 20, 2023 Wiki page
What Can I Do About Bufferbloat?
Dec 3, 2022 Wiki page
Codel Wiki
Jun 11, 2022 Wiki page
More about Bufferbloat
Jun 11, 2022 Wiki page
Tests for Bufferbloat
Dec 7, 2021 Wiki page
Getting SQM Running Right

Find us elsewhere

Bufferbloat Mailing Lists
#bufferbloat on Twitter
Google+ group
Archived Bufferbloat pages from the Wayback Machine

Sponsors

Comcast Research Innovation Fund
Nlnet Foundation
Shuttleworth Foundation
GoFundMe

Bufferbloat Related Projects

OpenWrt Project
Congestion Control Blog
Flent Network Test Suite
Sqm-Scripts
The Cake shaper
AQMs in BSD
IETF AQM WG
CeroWrt (where it all started)

Network Performance Related Resources


Jim Gettys' Blog - The chairman of the Fjord
Toke's Blog - Karlstad University's work on bloat
Voip Users Conference - Weekly Videoconference mostly about voip
Candelatech - A wifi testing company that "gets it".