Hi!
I'm observing a quite strange phenomenon on one of the larger linux
firewall deployments (Xeon 3.06GHz, ServerWorks Chipset, 16 Intel E100
chips (82559ER)):
The corruption of the data payload of ICMP packets being forwarded!
This corruption happens to about 1% of all traffic, and only happens
when there's some PF_PACKET socket open (like tcpdump, nacctd, ...).
If you run tcpdump on the outbound interface of the firewall, the packet
payload is still intact.
This (production) system is running a custom 2.4.21 based kernel with
lots of current netfilter patch-o-matic patches. However, the observed
corruption is present in all packets, even those who are not NAT'ed,
mangled or altered in any way.
However, the reproducible connection to PF_PACKET sockets leads my focus
a bit away from netfilter towards the core network stack.
Attached is a lsmod and lspci of that machine, as well as packet
captures taken via mirror port on the cisco switches on the inbound and
outbound interface for that packet.
Any clues, hints, ideas? Has anyone ever observed something similar?
--
- Harald Welte <laforge@xxxxxxxxxxxx> http://www.gnumonks.org/
============================================================================
Programming is like sex: One mistake and you have to support it your lifetime
lspci
Description: Text document
lsmod
Description: Text document
Output_01_fw_in.txt
Description: Text document
Output_01_fw_out.txt
Description: Text document
signature.asc
Description: Digital signature
|