Summary: | [2.6.28 regression] xt_owner rules written incorrectly with 2.6.28 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Michał Górny <mgorny> |
Component: | [OLD] Core system | Assignee: | Gentoo Kernel Bug Wranglers and Kernel Maintainers <kernel> |
Status: | RESOLVED DUPLICATE | ||
Severity: | minor | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | linux-2.6.28-regression | ||
Package list: | Runtime testing required: | --- | |
Attachments: | iptables patch |
Description
Michał Górny
2009-01-10 16:09:50 UTC
Hello there, which iptables version are you using? Such rules used to be saved normally in previous kernels? If yes, which was the latest kernel version that functioned correctly? Thanks :) (In reply to comment #1) > which iptables version are you using? =net-firewall/iptables-1.4.2-r1 Same result with 1.4.1, olders doesn't even compile (probably my fault). > Such rules used to be saved normally in previous kernels? If yes, which was the > latest kernel version that functioned correctly? I used tuxonice-sources, so last I tried before this one was 2.6.26 and it worked without any problems - AFAIR it even saved username instead of numerical UID. It looks like they removed some special handling of xt_owner writes, replacing it with some universal methods, I think. AMD64, should I add. I don't know if 2.6.27 does work. If it'd be really helpful, I can try it during the weekend. Yes, please test 2.6.27 so that we can be sure that this is due to a change in kernel behaviour. I'll check that 2.6.27 in a moment. In the meantime, I've discovered that also 'iptables -L' shows xt_owner rules weird: Chain LOCAL_MPD (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere owner UID matchmpd (i.e. no space between 'match' and username) Same thing with 'ip6tables -L'. (In reply to comment #3) > Yes, please test 2.6.27 so that we can be sure that this is due to a change in > kernel behaviour. 2.6.27 works fine. Did you check "iptables -L" under 2.6.27? I checked the source code and it seems like a pretty obvious bug there which should be kernel independent. Created attachment 178786 [details, diff] iptables patch Actually, before you do that... Please apply this patch to iptables. Does is fix the problem under 2.6.28? If not, please leave it applied and then go back to 2.6.27 and then respond to comment #6. Thanks! (In reply to comment #7) > Please apply this patch to iptables. Does is fix the problem under 2.6.28? Yes, it does. Both 'iptables -L' and 'iptables-save' print out the rules correctly. ip6tables too. *** This bug has been marked as a duplicate of bug 255113 *** |