Hi, Kernel version: 2.4.20 Usagi patch used: ftp://ftp.linux-ipv6.org/pub/usagi/snap/split/usagi-linux24-s20030106-2.4.20.diff.bz2 Usagi version: Snapshot 6 Jan 2003 GNU libc: 2.3.1-9 (Debian GNU/Linux) Symptoms: The machine is running BIND9, for a (small) network of clients. Only the first client to do an IPv4 request gets future IPv4 requests served. Others receive an ICMP type 3 code 3 (port unreachable) message, but named is still listening, as shown by a "netstat" and the fact that the first client still gets served! Symptom does NOT appear with Linux 2.4.20 without USAGI patch. Server has IP 10.0.0.2, clients 10.0.0.1 and 10.0.0.3. Here is network traffic as seen by client (netfilter log). In this example, 10.0.0.1 did a DNS request first, here is what 10.0.0.3 sees: Jan 13 15:17:51 hostname kernel: IN= OUT=eth0 SRC=10.0.0.3 DST=10.0.0.2 LEN=59 TOS=0x00 PREC=0x00 TTL=64 ID=24386 DF PROTO=UDP SPT=33006 DPT=53 LEN=39 Jan 13 15:17:51 hostname kernel: IN=eth0 OUT= MAC=00:10:a4:94:ca:a7:00:01:02:f1:21:b2:08:00 SRC=10.0.0.2 DST=10.0.0.3 LEN=87 TOS=0x00 PREC=0xC0 TTL=64 ID=704 PROTO=ICMP TYPE=3 CODE=3 [SRC=10.0.0.3 DST=10.0.0.2 LEN=59 TOS=0x00 PREC=0x00 TTL=64 ID=24386 DF PROTO=UDP SPT=33006 DPT=53 LEN=39 ] Restarting (stop && start) bind9 resets behaviour: If now 10.0.0.3 makes a request first, he'll be the only one served in future, 10.0.0.1 won't get served any more. Clients are running Linux 2.4.20 + same usagi patch. Now, here comes the funny bit: With vanilla Linux: user@server:~$ netstat -uanp|grep 53 udp 0 0 10.0.0.2:53 0.0.0.0:* 862/named udp 0 0 127.0.0.1:53 0.0.0.0:* 862/named With USAGI patch: user@server:~$ netstat -uanp|grep 53 udp 0 0 0.0.0.0:1025 0.0.0.0:53 861/named udp 0 0 10.0.0.2:53 0.0.0.0:32967 861/named udp 0 0 127.0.0.1:53 0.0.0.0:1027 861/named master@home:~$ sudo /etc/init.d/bind9 restart Stopping domain name service: named. Starting domain name service: named. master@home:~$ sudo netstat -uapn|grep 53 udp 0 0 10.0.0.2:53 0.0.0.0:* 1343/named udp 0 0 127.0.0.1:53 0.0.0.0:* 1343/named ### Now, client makes request master@home:~$ sudo netstat -uapn|grep 53 udp 0 0 0.0.0.0:1029 0.0.0.0:53 1343/named udp 0 0 10.0.0.2:53 0.0.0.0:33024 1343/named udp 0 0 127.0.0.1:53 0.0.0.0:* 1343/named Looks like the listening socket gets bound to one specific client port (presumably the one the request came from)? Weird? user@server:~$ /sbin/lsmod Module Size Used by Not tainted nfsd 66368 0 (autoclean) lockd 47200 0 (autoclean) [nfsd] sunrpc 59444 0 (autoclean) [nfsd lockd] lp 6496 0 (autoclean) apm 9216 1 (autoclean) ipt_MASQUERADE 1344 2 (autoclean) ppp_deflate 2944 0 (autoclean) zlib_inflate 18336 0 (autoclean) [ppp_deflate] zlib_deflate 17472 0 (autoclean) [ppp_deflate] bsd_comp 4000 0 (autoclean) ppp_async 6336 1 (autoclean) ppp_generic 19340 3 (autoclean) [ppp_deflate bsd_comp ppp_async] slhc 4592 0 (autoclean) [ppp_generic] microcode 3292 0 (autoclean) ipt_LOG 3264 12 (autoclean) iptable_mangle 2304 0 (autoclean) (unused) iptable_filter 1728 1 (autoclean) iptable_nat 14292 1 [ipt_MASQUERADE] ip_conntrack 16908 1 [ipt_MASQUERADE iptable_nat] ip_tables 10464 7 [ipt_MASQUERADE ipt_LOG iptable_mangle iptable_filter iptable_nat] ipv6 187456 -1 parport_pc 20968 1 parport 22944 1 [lp parport_pc] nls_iso8859-1 2880 0 (unused) nls_cp850 3616 0 (unused) Excerpt of Linux config file: # # Networking options # CONFIG_PACKET=y # CONFIG_PACKET_MMAP is not set CONFIG_NETLINK_DEV=m CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_FILTER=y # CONFIG_NET_NEIGH_DEBUG is not set CONFIG_NET_RESTRICTED_REUSE=y CONFIG_UNIX=y CONFIG_INET=y CONFIG_IPSEC=y CONFIG_IPSEC_DEBUG=y CONFIG_IPSEC_DEBUG_DISABLE_DEFAULT=y # CONFIG_IPCOMP is not set CONFIG_IPSEC_TUNNEL=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_ROUTE_NAT=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_TOS=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_ROUTE_LARGE_TABLES is not set # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=m CONFIG_NET_IPGRE=m CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y CONFIG_IP_PIMSM_V1=y CONFIG_IP_PIMSM_V2=y CONFIG_ARPD=y CONFIG_INET_ECN=y CONFIG_SYN_COOKIES=y CONFIG_IP_IPSEC=y CONFIG_IPV4_IPSEC_TUNNEL=y # # IP: Netfilter Configuration # CONFIG_IP_NF_CONNTRACK=m CONFIG_IP_NF_FTP=m CONFIG_IP_NF_IRC=m CONFIG_IP_NF_QUEUE=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_LIMIT=m CONFIG_IP_NF_MATCH_MAC=m CONFIG_IP_NF_MATCH_PKTTYPE=m CONFIG_IP_NF_MATCH_MARK=m CONFIG_IP_NF_MATCH_MULTIPORT=m CONFIG_IP_NF_MATCH_TOS=m CONFIG_IP_NF_MATCH_ECN=m CONFIG_IP_NF_MATCH_DSCP=m CONFIG_IP_NF_MATCH_AH_ESP=m CONFIG_IP_NF_MATCH_LENGTH=m CONFIG_IP_NF_MATCH_TTL=m CONFIG_IP_NF_MATCH_TCPMSS=m CONFIG_IP_NF_MATCH_HELPER=m CONFIG_IP_NF_MATCH_STATE=m CONFIG_IP_NF_MATCH_CONNTRACK=m CONFIG_IP_NF_MATCH_UNCLEAN=m CONFIG_IP_NF_MATCH_OWNER=m CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m CONFIG_IP_NF_TARGET_MIRROR=m CONFIG_IP_NF_NAT=m CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=m CONFIG_IP_NF_TARGET_REDIRECT=m # CONFIG_IP_NF_NAT_LOCAL is not set CONFIG_IP_NF_NAT_SNMP_BASIC=m CONFIG_IP_NF_NAT_IRC=m CONFIG_IP_NF_NAT_FTP=m CONFIG_IP_NF_MANGLE=m CONFIG_IP_NF_TARGET_TOS=m CONFIG_IP_NF_TARGET_ECN=m CONFIG_IP_NF_TARGET_DSCP=m CONFIG_IP_NF_TARGET_MARK=m CONFIG_IP_NF_TARGET_LOG=m CONFIG_IP_NF_TARGET_ULOG=m CONFIG_IP_NF_TARGET_TCPMSS=m CONFIG_IP_NF_ARPTABLES=m CONFIG_IP_NF_ARPFILTER=m CONFIG_IP_NF_COMPAT_IPCHAINS=m CONFIG_IP_NF_NAT_NEEDED=y # CONFIG_IP_NF_COMPAT_IPFWADM is not set CONFIG_IPV6=m # CONFIG_IPV6_DEBUG is not set CONFIG_IPV6_IM=y CONFIG_IPV6_MODULE_IP_GRE=y CONFIG_IPV6_ZONE=y CONFIG_IPV6_ZONE_SITELOCAL=y CONFIG_IPV6_DROP_FAKE_V4MAPPED=y CONFIG_IPV6_RESTRICTED_DOUBLE_BIND=y CONFIG_IPV6_6TO4_NEXTHOP=y CONFIG_IPV6_PRIVACY=y # CONFIG_IPV6_ANYCAST is not set # CONFIG_IPV6_ISATAP is not set # CONFIG_IPV6_PREFIXLIST is not set # CONFIG_IPV6_SUBTREES is not set # CONFIG_IPV6_MLD6_ALL_DONE is not set CONFIG_IPV6_NODEINFO=y # CONFIG_IPV6_NODEINFO_USE_UTS_DOMAIN is not set # # IPv6: Netfilter Configuration # CONFIG_IP6_NF_QUEUE=m CONFIG_IP6_NF_IPTABLES=m CONFIG_IP6_NF_MATCH_LIMIT=m CONFIG_IP6_NF_MATCH_MAC=m CONFIG_IP6_NF_MATCH_RT=m CONFIG_IP6_NF_MATCH_OPTS=m CONFIG_IP6_NF_MATCH_FRAG=m CONFIG_IP6_NF_MATCH_MULTIPORT=m CONFIG_IP6_NF_MATCH_OWNER=m CONFIG_IP6_NF_MATCH_MARK=m CONFIG_IP6_NF_MATCH_AHESP=m CONFIG_IP6_NF_MATCH_EUI64=m CONFIG_IP6_NF_MATCH_LENGTH=m CONFIG_IP6_NF_MATCH_EUI64=m CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_LOG=m CONFIG_IP6_NF_TARGET_REJECT=m CONFIG_IP6_NF_MANGLE=m CONFIG_IP6_NF_TARGET_MARK=m CONFIG_IPV6_IPSEC=y CONFIG_IPV6_IPSEC_TUNNEL=y CONFIG_IPV6_IPV6_TUNNEL=m CONFIG_IPV6_MOBILITY=m CONFIG_IPV6_MOBILITY_DEBUG=y # CONFIG_KHTTPD is not set # CONFIG_ATM is not set # CONFIG_VLAN_8021Q is not set # # # # CONFIG_IPX is not set # CONFIG_ATALK is not set # # Appletalk devices # # CONFIG_DEV_APPLETALK is not set # CONFIG_DECNET is not set CONFIG_BRIDGE=m CONFIG_X25=m CONFIG_LAPB=m CONFIG_LLC=y # CONFIG_NET_DIVERT is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set # CONFIG_NET_FASTROUTE is not set # CONFIG_NET_HW_FLOWCONTROL is not set # # QoS and/or fair queueing # CONFIG_NET_SCHED=y CONFIG_NET_SCH_CBQ=m CONFIG_NET_SCH_HTB=m CONFIG_NET_SCH_CSZ=m CONFIG_NET_SCH_PRIO=m CONFIG_NET_SCH_RED=m CONFIG_NET_SCH_SFQ=m CONFIG_NET_SCH_TEQL=m CONFIG_NET_SCH_TBF=m CONFIG_NET_SCH_GRED=m CONFIG_NET_SCH_DSMARK=m CONFIG_NET_SCH_INGRESS=m CONFIG_NET_QOS=y CONFIG_NET_ESTIMATOR=y CONFIG_NET_CLS=y CONFIG_NET_CLS_TCINDEX=m CONFIG_NET_CLS_ROUTE4=m CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=m CONFIG_NET_CLS_U32=m CONFIG_NET_CLS_RSVP=m CONFIG_NET_CLS_RSVP6=m CONFIG_NET_CLS_POLICE=y # # Network testing # CONFIG_NET_PKTGEN=m -- Lionel
Attachment:
pgph3zZIzDQXV.pgp
Description: PGP signature