This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] Re: Panic in ipt_do_table with

To: Patrick McHardy <kaber@xxxxxxxxx>
Subject: [Xen-devel] Re: Panic in ipt_do_table with
From: Matt Ayres <matta@xxxxxxxxxxxx>
Date: Mon, 15 May 2006 20:01:45 -0400
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Netfilter Development Mailinglist <netfilter-devel@xxxxxxxxxxxxxxxxxxx>, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>
Delivery-date: Mon, 15 May 2006 17:02:18 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <4468D613.20309@xxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: TekTonic
References: <4468BE70.7030802@xxxxxxxxxxxx> <4468D613.20309@xxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird (Windows/20060308)
Patrick McHardy wrote:
Matt Ayres wrote:
I have been noticing this same problem dozens of times and have finally
caught a full trace.  I have run it through ksymoops, but there is no
/proc/ksyms.  Is there a better method for getting information out of
the Code line than using ksymoops in 2.6 kernels?

CONFIG_KALLSYMS will make the kernel decode the oops itself.

That's odd, I had thought that too. This is what "zcat /proc/config.gz | grep KALL" shows:


I take it my run through ksymoops was of no help in diagnosing the problem? The panic is _always_ in ipt_do_table.

The kernel is for Xen, but it does not appear to be related to Xen.

We haven't had problems in that code for ages, so my initial feeling
is that it probably is related to Xen. Do you have any other patches
applied besides Xen? Please also post the full ruleset you're using
and anything else that might appear special about your setup.

I had initially sent my traces to the Xen guys. They have not stated it is NOT specific to Xen, just that's it's unlikely. I did not experience the problem with kernel 2.6.12, just with 2.6.16 (up to .13 bugfix release). I have completely disabled all support for SCTP (protocol/netfilter/conntrack) as I know it is still quite buggy. I know Xen touches the network code a lot, but nothing specific to iptables. I had contacted them twice before LKML as I didn't want to post patch specific problems here. I have no other patches applied besides the Xen patch.

My ruleset is pretty bland. 2 rules in the raw table to tell the system to only track my forwarded ports, 2 rules in the nat table for forwarding (intercepting) 2 ports, and then in the FORWARD tables 2 rules per VM to just account traffic.

I've CC'ed xen-devel on this in case they can provide some insight. I am not subscribed to LKML so please make sure to reply to me also in responses.

Thank you,
Matt Ayres

Xen-devel mailing list