Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp948231imj; Thu, 7 Feb 2019 14:39:46 -0800 (PST) X-Google-Smtp-Source: AHgI3IYUweYnaWSQbvhLpW3pvf7mMDejLOJ/6HftnJB2gILRtOiHbaHvn4yIjokuhb+ro3kYHdoU X-Received: by 2002:a63:4d22:: with SMTP id a34mr15369565pgb.432.1549579186767; Thu, 07 Feb 2019 14:39:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549579186; cv=none; d=google.com; s=arc-20160816; b=Fai76rPPFrHxNDHIh+EXvyOBKVbRp5ICo4HwwW1Z1tqDK7CAjvvjRZ3ZixeGZxxFRe 6E0Q5s7yai4eBid95YWvl5d4yYbOJTtSCzqOHV5EttTPsRCnDqRAoJULnyZUdeufuzWz qdg/qQ6mWHUXVO79S/Z6aBQPY8COfkZWFtZFfEzlCnVaufsv15oWMCMPPNVGV+Tj31j1 pHSaUheYVU5G9iAEwKhdQJUFhZ3beyL4oID+XK5amwO2BMY7fWxfD5QnuzK5NGRNPaCG Yx+ZuL8r94ODV+x2qgh5PgjF/W3hUQ73EnpUFcjwXvLCU2IfENVMo7G7GWGu/NxTmcUx axXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:mime-version:user-agent:date:message-id:subject:cc :to:from:dkim-signature; bh=kFEpf5w44ybqCRJ0hp7WnrAaT8XA3YBS6zPD+17pLs0=; b=p5aOtNVfMQiMg9Jf+IkQ8DyhW2FUNYVt0k46+0VPeI4dKdTcwZ2IIKdossKOvyRFt9 ek3f9kMbXkw52Zwy4hM9MHOLHZ6v4YEGcxwE8At2JX6itrWkeWtz8ZfAICTJ3G5kc4PO +syVAg3Tn3WkEbYCn5oLwBogDNlagYB/Mcsv9XiXDKjJc5OLFCaFqsL9SsXu1iPpp8Q8 Q/S+FSFdt+1fjkaWMln7YqHcA6eZp1tU/jLGJlpBmaA7OKlPT9zTqjMfW2+A9dROPz9p CTO+mYlsHrJWQx09Ii7eUmgiVsWqIrPa2WJSV5ekys3Ln3j6Hzz5d7H9Kjvj/c1+yobM S8Jg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@eikelenboom.it header.s=20180706 header.b=Rvpcn8sD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=eikelenboom.it Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o9si268947pfe.63.2019.02.07.14.39.29; Thu, 07 Feb 2019 14:39:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@eikelenboom.it header.s=20180706 header.b=Rvpcn8sD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=eikelenboom.it Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726979AbfBGWjY (ORCPT + 99 others); Thu, 7 Feb 2019 17:39:24 -0500 Received: from server.eikelenboom.it ([91.121.65.215]:60950 "EHLO server.eikelenboom.it" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726650AbfBGWjX (ORCPT ); Thu, 7 Feb 2019 17:39:23 -0500 X-Greylist: delayed 1505 seconds by postgrey-1.27 at vger.kernel.org; Thu, 07 Feb 2019 17:39:22 EST DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eikelenboom.it; s=20180706; h=Content-Transfer-Encoding:Content-Type: MIME-Version:Date:Message-ID:Subject:Cc:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=kFEpf5w44ybqCRJ0hp7WnrAaT8XA3YBS6zPD+17pLs0=; b=Rvpcn8sDRXVPQIOKxIA+9tfRcB ug+i2FAUFwcWRaBaGu6R4M5pBZDpESLxuDqh6+ilpk/aiu6Ioz56sDuIIrl9WTvRvp7KglJCdSN92 n6ROqqaal/UPCfu8ZkAyvz4LUhhUhC70sKgkNPqmWsG50yfReCUGqfZ5AqYsrvEJR/RU=; Received: from ip4da85049.direct-adsl.nl ([77.168.80.73]:43398 helo=[172.16.1.50]) by server.eikelenboom.it with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1grrw9-0001sV-FY; Thu, 07 Feb 2019 23:14:25 +0100 From: Sander Eikelenboom To: Florian Westphal Cc: Pablo Neira Ayuso , "David S. Miller" , netdev , linux-kernel Subject: Kernel 5.0-rc5 regression with NAT, bisected to: netfilter: nat: remove l4proto->manip_pkt Message-ID: <40b70892-daf5-28d7-28b5-869911faf2bb@eikelenboom.it> Date: Thu, 7 Feb 2019 23:15:52 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org L.S., While trying out a 5.0-RC5 kernel I seem to have stumbled over a regression with NAT. (using an nftables firewall with NAT and connection tracking). Unfortunately it isn't too obvious since no errors are logged, but on clients it causes symptoms like firefox intermittently not being able to load pages with: Network Protocol Error An error occurred during a connection to www.example.com The page you are trying to view cannot be shown because an error in the network protocol was detected. Please contact the website owners to inform them of this problem. But it's only intermittently, so i can still visit some webpages with clients, could be that packet size and or fragments are at play ? So I tried testing with git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git with e8c32c32b48c2e889704d8ca0872f92eb027838e as last commit, to be sure to have the latest netdev has to offer, but to no avail. After that I tried to git bisect and ended up with: faec18dbb0405c7d4dda025054511dc3a6696918 is the first bad commit commit faec18dbb0405c7d4dda025054511dc3a6696918 Author: Florian Westphal Date: Thu Dec 13 16:01:33 2018 +0100 netfilter: nat: remove l4proto->manip_pkt This removes the last l4proto indirection, the two callers, the l3proto packet mangling helpers for ipv4 and ipv6, now call the nf_nat_l4proto_manip_pkt() helper. nf_nat_proto_{dccp,tcp,sctp,gre,icmp,icmpv6} are left behind, even though they contain no functionality anymore to not clutter this patch. Next patch will remove the empty files and the nf_nat_l4proto struct. nf_nat_proto_udp.c is renamed to nf_nat_proto.c, as it now contains the other nat manip functionality as well, not just udp and udplite. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso :040000 040000 22d8706921e03cbd6d78a6ebcc5f253ccfd2bf0c b6f8ab2779215b4495dfe641f50e798da73859ac M include :040000 040000 af212a756f1acf00cbe45c3be5b71f38f01f1d34 165c440f9e6f2e05738628a19b51f7603f95752a M net Any ideas or debugging hints ? -- Sander