[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKfDRXhkOb4eavm3y2ePwi6F6P59f=zEtQDOTjcvK4-s8WDhXQ@mail.gmail.com>
Date: Thu, 3 May 2018 11:06:25 +0200
From: Kristian Evensen <kristian.evensen@...il.com>
To: Florian Westphal <fw@...len.de>
Cc: Netfilter Development Mailing list
<netfilter-devel@...r.kernel.org>,
Network Development <netdev@...r.kernel.org>
Subject: Re: Silently dropped UDP packets on kernel 4.14
Hi Florian,
On Thu, May 3, 2018 at 7:03 AM, Florian Westphal <fw@...len.de> wrote:
> I'm sorry for suggesting that.
>
> It doesn't work, because of NAT.
> NAT rewrites packet content and changes the reply tuple, but the tuples
> determine the hash insertion location.
>
> I don't know how to solve this problem.
No problem. This has anyway served as a good exercise for getting more
familiar with the conntrack/nat code in the kernel. I did some more
tests and I see that on my router (or routers actually), just
replacing the ct solves the issue. While not a perfect solution, the
situation is improved considerably. Do you think a patch where the ct
is replace would be acceptable, or would upstream rather wait for a
"proper" fix to this problem? When replacing the ct, it is at least
possible to work around the problem in userspace, while without
replacing ct we are stuck with the original entry.
BR,
Kristian
Powered by blists - more mailing lists