This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] Re: Panic in ipt_do_table with

To: Matt Ayres <matta@xxxxxxxxxxxx>
Subject: [Xen-devel] Re: Panic in ipt_do_table with
From: James Morris <jmorris@xxxxxxxxx>
Date: Mon, 15 May 2006 23:31:58 -0400 (EDT)
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Netfilter Development Mailinglist <netfilter-devel@xxxxxxxxxxxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>
Delivery-date: Tue, 16 May 2006 04:38:42 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <44691669.4080903@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4468BE70.7030802@xxxxxxxxxxxx> <4468D613.20309@xxxxxxxxx> <44691669.4080903@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
On Mon, 15 May 2006, Matt Ayres wrote:

> I had initially sent my traces to the Xen guys.  They have not stated it is
> NOT specific to Xen, just that's it's unlikely.  I did not experience the
> problem with kernel 2.6.12, just with 2.6.16 (up to .13 bugfix release).  I
> have completely disabled all support for SCTP (protocol/netfilter/conntrack)
> as I know it is still quite buggy.  I know Xen touches the network code a lot,
> but nothing specific to iptables.  I had contacted them twice before LKML as I
> didn't want to post patch specific problems here.  I have no other patches
> applied besides the Xen patch.
> My ruleset is pretty bland.  2 rules in the raw table to tell the system to
> only track my forwarded ports, 2 rules in the nat table for forwarding
> (intercepting) 2 ports, and then in the FORWARD tables 2 rules per VM to just
> account traffic.

Can you try using a different NIC?

- James
James Morris

Xen-devel mailing list