lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.61.0612302308020.32449@yvahk01.tjqt.qr>
Date:	Sat, 30 Dec 2006 23:08:38 +0100 (MET)
From:	Jan Engelhardt <jengelh@...ux01.gwdg.de>
To:	Sergey Vlasov <vsu@...linux.ru>
cc:	netfilter@...ts.netfilter.org, linux-kernel@...r.kernel.org
Subject: Re: ip_tables init broken [fixd]


On Dec 30 2006 21:30, Sergey Vlasov wrote:
>On Sat, 30 Dec 2006 18:14:35 +0100 (MET) Jan Engelhardt wrote:
>
>> when the ip_tables module is loaded automatically when inserting the
>> first rule, something gets screwed up, as -L -v -n shows:
>>
>>
>> 17:39 ichi:~ # lsmod | grep ip_tables
>> 17:39 ichi:~ # iptables -t mangle -A FORWARD -i eth1 -j MARK --set-mark 161
>> 17:39 ichi:~ # iptables -t mangle -A FORWARD -i eth1 -j MARK --set-mark 161
>> 17:39 ichi:~ # iptables -t mangle -L -v -n | grep eth1
>> p b targ pr opt in  out src       dst
>> 0 0 MARK 0  -- eth1 *   0.0.0.0/0 0.0.0.0/0  0xa1
>> 0 0 MARK 0  -- eth1 *   0.0.0.0/0 0.0.0.0/0  MARK set 0xa1
>>
>> Everything is fine if ip_tables was loaded before.
>>
>> This box runs 2.6.18.5. Can anyone confirm this bug?
>
>Looks like this problem was fixed between iptables releases 1.3.5 and
>1.3.7 (the old buggy version was trying to detect whether the kernel
>supports the newer MARK target version before loading the ip_tables
>module, therefore the check was giving bogus results).

Yup, upgrading to 1.3.7 fixed the problem, thanks for giving hint.
(netfilter svn commit #6692 seems relevant)

	-`J'
-- 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ