When executing "ip6tables -A INPUT -m limit" I get: ip6tables: Invalid argument dmesg says: ip6_tables: limit match: invalid size 40 != 32 This bug was originally reported by pleed but I'm able to reproducable it with sys-kernel/gentoo-sources-2.6.24-r8 and net-firewall/iptables-1.3.8-r3. It's also related to bug 166201 because the patch that fixed ipv4 broke ipv6. (Reverting that patch makes ipv6 work again) # emerge --info Portage 2.1.4.4 (default-linux/sparc/sparc64/2007.0/server, gcc-4.1.2, glibc-2.6.1-r0, 2.6.24-gentoo-r8 sparc64) ================================================================= System uname: 2.6.24-gentoo-r8 sparc64 sun4u Timestamp of tree: Wed, 21 May 2008 16:53:01 +0000 app-shells/bash: 3.2_p33 dev-lang/python: 2.4.4-r9 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.10.1 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.24 ACCEPT_KEYWORDS="sparc" CBUILD="sparc-unknown-linux-gnu" CFLAGS="-mcpu=ultrasparc -mtune=ultrasparc -mvis -Wa,-Av8plusa -frename-registers -O2 -pipe" CHOST="sparc-unknown-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-mcpu=ultrasparc -mtune=ultrasparc -mvis -Wa,-Av8plusa -frename-registers -O2 -pipe" DISTDIR="/tmp/distfiles" FEATURES="collision-protect distlocks parallel-fetch sandbox strict test unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="de_DE.UTF-8" LDFLAGS="-Wl,-O1" LINGUAS="en de" MAKEOPTS="-j17" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="apache2 caps cli cracklib cups dri extensions fortran gdbm gpm hpn iconv ipv6 isdnlog ldap mailwrapper midi mudflap mysql nls nothreads nptl nptlonly openmp pcre ppds pppd reflection server session snmp sparc spl ssl symlink tftp truetype unicode vim xml xorg" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LINGUAS="en de" USERLAND="GNU" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
istr there being sparc magic in iptables which changed in the latest version please test the different versions in the tree and narrow down ones that pass and ones that fail
(In reply to comment #1) > istr there being sparc magic in iptables which changed in the latest version do you mean bug 166201? > please test the different versions in the tree and narrow down ones that pass > and ones that fail last good: net-firewall/iptables-1.3.6-r1 first bad: net-firewall/iptables-1.3.7 The main difference between them is: 1.3.7 applies ${FILESDIR}/iptables-1.3.7-sparc64.patch, 1.3.6-r1 does not. From what I can tell it looks like the ipv4 stuff needs to be compiled without -DKERNEL_64_USERSPACE_32 and the ipv6 stuff needs to be compiled with -DKERNEL_64_USERSPACE_32. (For kernel >=2.6.20)
so you're saying if you take iptables-1.3.7 and drop that sparc64 patch, it then works for you ?
yes, after dropping that patch ipv6 works but ipv4 doesn't anymore.
Closing, upstream fixed it in linux 2.6.25-rc1, which means our current stable is fine :) Just for reference, the commit: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3bc3fe5eed5e866c0871db6d745f3bf58af004ef
