Hi everybody, [Sorry for the slightly off-topic post, as this is no openwrt core problem. However, openwrt uses the same patch, so it should be relevant to those using IMQ.]
We have been using IMQ with great success on our Gibraltar firewall distribution for some time now. It has allowed us to implement some customer scenarios that were not possible with other options. At the moment, we are switching from kernel 2.4.34/36 to 2.6.28 and face some serious issues with the IMQ patch. While it seemed to work with 2.6.26, on 2.6.28 it produces a hard kernel lockup (with no message being printed to either syslog or the serial console, the box just stops responding). This lockup can be reproduced by simply - loading imq - ip link set imq0 up - iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 0 and letting a packet arrive at eth0. Either only setting imq0 up without "jumping" to the device or only jumping to imq0 with iptables but leaving the device state down will let the box run. Doing both immediately hard-locks the kernel. As there is no official 2.6.28 IMQ patch at this time, I have used those from the OpenWRT repository at https://dev.openwrt.org/browser/trunk/target/linux/generic-2.6/patches-2.6.28, specifically r14949 from 2009-03-31 and taking both 150-netfilter_imq.patch and 151-netfilter_imq_2.6.28.patch. These patches seem to be the same as those that can be found at http://www.borlan.pl/patch/?C=M;O=D and both files are required to make it compile with stock 2.6.28. Our kernel is a vanilla 2.6.28.9 with only few patches (PaX, layer7 netfilter module, squashfs-lzma, and minor patches for aufs are currently the only ones besides those mentioned IMQ patches). The resulting imq module is: [~]# modinfo imq filename: /lib/modules/2.6.28.9/kernel/drivers/net/imq.ko alias: rtnl-link-imq license: GPL description: Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information. author: http://www.linuximq.net depends: vermagic: 2.6.28.9 SMP preempt mod_unload 586 parm: numdevs:number of IMQ devices (how many imq* devices will be created) (int) and the full kernel config is attached to this mail (compressed). IMQ options are: CONFIG_IP_NF_TARGET_IMQ=m CONFIG_IP6_NF_TARGET_IMQ=m CONFIG_IMQ=m # CONFIG_IMQ_BEHAVIOR_AA is not set CONFIG_IMQ_BEHAVIOR_AB=y # CONFIG_IMQ_BEHAVIOR_BA is not set # CONFIG_IMQ_BEHAVIOR_BB is not set CONFIG_IMQ_NUM_DEVS=16 and numdevs=4 is set when loading the module. As I don't even get a hint of kernel oops, I don't really know where to start looking. Are the OpenWRT IMQ 2.6.28 patches known to work on x86-32? Is anybody working on forward-porting the official 2.6.26 IMQ patches to 2.6.28? Can I easily enable debug output to see where the hard lockup occurs and thus help in tracking down the problem? IFB is no option for us until it can work with netfilter marks, and 2.6.26 lacks some IPv6 netfilter options. I would thus like to fix this problem and potentially provide working 2.6.28 patches. Any hints on how to go forward would be greatly appreciated. PS: One OpenWRT repository entry/log mentions that IMQ is deprecated and users should switch to IFB. But how can we if IFB doesn't support classifying by netfilter marks, which is the only real option for complex setups? best regards, Rene -- ------------------------------------------------- Gibraltar firewall http://www.gibraltar.at/
config-2.6.28.9.gz
Description: GNU Zip compressed data
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
