Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 678044 - net-firewall/iptables: failure to run iptables commands where kconfig option CONFIG_BPFILTER is set
Summary: net-firewall/iptables: failure to run iptables commands where kconfig option ...
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo's Team for Core System packages
URL: https://bugzilla.netfilter.org/show_b...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-02-15 00:24 UTC by Matthew Thode ( prometheanfire )
Modified: 2019-06-13 14:30 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
strace -f of the failure (fail.log,4.98 KB, text/x-log)
2019-02-15 00:24 UTC, Matthew Thode ( prometheanfire ) 		Details
strace of it working (file_678044.txt,502 bytes, text/plain)
2019-02-17 02:53 UTC, Matthew Thode ( prometheanfire ) 		Details
working kconfig (taken from archlinux) (.config,218.24 KB, text/plain)
2019-02-17 02:54 UTC, Matthew Thode ( prometheanfire ) 		Details
failing kconfig (.config,137.40 KB, text/plain)
2019-02-17 02:55 UTC, Matthew Thode ( prometheanfire ) 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2019-02-15 00:24:32 UTC 
Created attachment 565438 [details]
strace -f of the failure

how to reproduce:

1. boot 4.20.x
2. run 'iptables-save -c'
Comment 1 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2019-02-15 01:44:18 UTC 
reproduced with vanilla sources and tested with linux-headers-4.14 and 4.20 on gentoo sources-4.20.8
Comment 2 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2019-02-17 02:53:05 UTC 
Created attachment 565600 [details]
strace of it working
Comment 3 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2019-02-17 02:54:55 UTC 
Created attachment 565602 [details]
working kconfig (taken from archlinux)
Comment 4 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2019-02-17 02:55:53 UTC 
Created attachment 565604 [details]
failing kconfig
Comment 5 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2019-02-17 03:17:17 UTC 
reported upstream
Comment 6 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2019-04-15 02:53:02 UTC 
Might be related to https://bugzilla.redhat.com/show_bug.cgi?id=1645370
Comment 7 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2019-04-15 03:40:09 UTC 
confirmed, I removed CONFIG_BPFILTER and it started working again
Comment 8 Mike Pagano gentoo-dev 2019-06-13 14:30:23 UTC 
Hello @Base-System

Please consider adding a check for CONFIG_BPFILTER for iptables as that config setting in the kernel will cause the errors described in this bug report.

Mike