| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Apr 2013 09:26:07 +0800
From: anctop <anctop@...il.com>
To: linux-kernel@...r.kernel.org
Subject: PROBLEM: iptables error after kernel upgrade
Dear Sir,
I'm writing to report a suspected kernel bug.
The report is formatted as described in the REPORTING-BUGS file.
[1.] iptables error after kernel upgrade
[2.] Full description of the problem/report:
My system was running kernel 2.6.39.2 with iptables 1.4.10. The kernel
was non-modular and had all the required features (e.g. connlimit)
compiled in it. The netfilter rules were implemented by a startup sh
script.
Recently I upgraded the kernel to version 3.8.2, compiled with the
same options as the old one. It boots with no problem but some of the
iptables rules generate lines saying "Protocol wrong type for socket".
I guess something has been changed in the kernel codes.
[3.] Keywords (i.e., modules, networking, kernel):
[4.] Kernel information
[4.1.] Kernel version (from /proc/version):
Linux version 3.8.2 (root@...tname) (gcc version 4.4.6 (GCC) ) #1 SMP
Fri Apr 26 09:59:09 HKT 2013
[4.2.] Kernel .config file:
See attachments 4.2-config-2.6.39.2 and 4.2-config-3.8.2
[5.] Most recent kernel version which did not have the bug:
Version 3.5.7
The problem occurs from version 3.6.1 to the latest 3.9. However the
ChangeLog-3.6.1 does not seem to mention changes in the netfilter
codes.
[6.] Output of Oops.. message (if applicable) with symbolic
information resolved (see Documentation/oops-tracing.txt)
[7.] A small shell script or example program which triggers the
problem (if possible)
The error is reproducible with an example command taken from the iptables man
page :
"iptables -A INPUT -p tcp --syn --dport 23 -m connlimit
--connlimit-above 2 -j REJECT"
[8.] Environment
[8.1.] Software (add the output of the ver_linux script here)
Linux hostname 2.6.39.2 #1 SMP Thu Jun 30 11:00:41 HKT 2011 i686
unknown unknown GNU/Linux
Gnu C 4.4.6
Gnu make 3.82
binutils 2.21.1
util-linux 2.14.2
mount support
module-init-tools 3.9
e2fsprogs 1.41.6
quota-tools 3.17.
Linux C Library 2.13
Dynamic linker (ldd) 2.13
Linux C++ Library ..
Procps 3.2.8
Net-tools 1.60
Kbd 78:
Sh-utils 5.2.1
[8.2.] Processor information (from /proc/cpuinfo):
See attachment 8.2-cpuinfo
[8.3.] Module information (from /proc/modules):
The kernel is compiled without modules support.
[8.4.] Loaded driver and hardware information (/proc/ioports, /proc/iomem)
See attachments 8.4-iomem and 8.4-ioports
[8.5.] PCI information ('lspci -vvv' as root)
See attachment 8.5-lspci-vvv
[8.6.] SCSI information (from /proc/scsi/scsi)
Attached devices:
Host: scsi4 Channel: 00 Id: 00 Lun: 00
Vendor: ATA Model: IC35L060AVER07-0 Rev: ER6O
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi4 Channel: 00 Id: 01 Lun: 00
Vendor: ATA Model: WDC WD800BB-22JH Rev: 05.0
Type: Direct-Access ANSI SCSI revision: 05
[8.7.] Other information that might be relevant to the problem
(please look in /proc and include all information that you
think to be relevant):
[X.] Other notes, patches, fixes, workarounds:
**** END of report ****
Download attachment "4.2-config-2.6.39.2" of type "application/octet-stream" (49327 bytes)
Download attachment "4.2-config-3.8.2" of type "application/octet-stream" (59456 bytes)
Download attachment "8.2-cpuinfo" of type "application/octet-stream" (1514 bytes)
Download attachment "8.4-iomem" of type "application/octet-stream" (2090 bytes)
Download attachment "8.4-ioports" of type "application/octet-stream" (1882 bytes)
Download attachment "8.5-lspci-vvv" of type "application/octet-stream" (28741 bytes)
Powered by blists - more mailing lists