Public bug reported:
In the example below the local IP 10.0.0.12 UDP port 1234 is DNAT'ed to the
local IP 10.0.0.11 port 1234.
After sending packets to the DNAT'ed IP/port, packets to the other IP/port
never reaches user space on the server.
- On server, add IPs and DNAT rule:
ip addr add 10.0.0.11/24 dev <interface>
ip addr add 10.0.0.12/24 dev <interface>
nft -f - <<EOF
table ip dnat-test {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
ip daddr 10.0.0.12 udp dport 1234 counter dnat to 10.0.0.11:1234
}
}
EOF
- On server, listen on 10.0.0.11:1234 and reply: echo pong|nc -l -u 10.0.0.11
1234
- On client, send to DNAT'ed 10.0.0.12:1234 and await reply: echo ping|nc -u -p
4321 10.0.0.12 1234
- Ping/pong received on both ends
- Terminate nc on both ends and continue before conntrack state timeout
- On server, listen on 10.0.0.11:1234 and reply: echo pong|nc -l -u 10.0.0.11
1234
- On client, send to 10.0.0.11:1234 and await reply: echo ping|nc -u -p 4321
10.0.0.11 1234
Expected with kernel 6.8.0-(47..55)-generic:
- Ping/pong received on both ends
Regression with kernel 6.8.0-(56..60)-generic:
- Ping never reaches user space on server, kernel doesn't send ICMP
unreachable hinting user space is listening
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: linux-image-6.8.0-59-generic 6.8.0-59.61
ProcVersionSignature: Ubuntu 6.8.0-59.61-generic 6.8.12
Uname: Linux 6.8.0-59-generic x86_64
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 May 3 11:22 seq
crw-rw---- 1 root audio 116, 33 May 3 11:22 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.28.1-0ubuntu3.5
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/timer',
'/dev/snd/seq'] failed with exit code 1:
CRDA: N/A
CasperMD5CheckResult: pass
CurrentDmesg: Error: command ['dmesg'] failed with exit code 1: dmesg: read
kernel buffer failed: Operation not permitted
Date: Sat May 3 11:27:10 2025
InstallationDate: Installed on 2025-05-02 (1 days ago)
InstallationMedia: Ubuntu-Server 24.04.2 LTS "Noble Numbat" - Release amd64
(20250216.2)
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
Lsusb:
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd QEMU Tablet
Lsusb-t:
/: Bus 001.Port 001: Dev 001, Class=root_hub, Driver=uhci_hcd/2p, 12M
|__ Port 001: Dev 002, If 0, Class=Human Interface Device, Driver=usbhid,
12M
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
PciMultimedia:
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
ProcFB: 0 bochs-drmdrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-6.8.0-59-generic
root=/dev/mapper/ubuntu--vg-ubuntu--lv ro
RelatedPackageVersions:
linux-restricted-modules-6.8.0-59-generic N/A
linux-backports-modules-6.8.0-59-generic N/A
linux-firmware 20240318.git3b128b60-0ubuntu2.11
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
acpidump:
dmi.bios.date: 04/01/2014
dmi.bios.release: 0.0
dmi.bios.vendor: SeaBIOS
dmi.bios.version: rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.version: pc-i440fx-9.2
dmi.modalias:
dmi:bvnSeaBIOS:bvrrel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org:bd04/01/2014:br0.0:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-9.2:cvnQEMU:ct1:cvrpc-i440fx-9.2:sku:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-9.2
dmi.sys.vendor: QEMU
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2109889
Title:
Netfilter DNAT regression with dropped packets in kernel 6.8.0-56 and
above
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2109889/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
