Segfault when delete rule #5
Comments
Hi, thanks for the feedback. Please provide more information about the crash because for now I cannot reproduce this issue.
|
Thank you for your response :)
Yes, it is.
Tell me if you need something more.
I don't know what it is, it's on a fresh install of linux on a dedicated server hosted by OVH that I got this error. ip netns list returns nothing if it is what you are talking about. By the way I've tested using the interface name enp1s0 which is the real name (in ifconfig), but same result. You can find my kernel config here : ftp://ftp.ovh.net/made-in-ovh/bzImage/4.9.90/config-4.9.90-mod-std-ipv6-64 |
This is weird. It seems that the binary instructions of the existing kernel space function This may be caused by a mismatch between the linux header version and the actual kernel version, or the kernel is not a standard stable build but somehow altered. I'm trying to reconstruct the runtime environment by installing your specific debian version along with your kernel configurations into my virtual machines. This will take some time and meanwhile you can try another linux distribution or build a standard kernel. Another question: regardless of the deletion of the iptables rules, is this module working as expected on your system? |
I was on a 4.9.87 kernel when I installed the server, but this kernel wasn't enabling module loading. So I've installed this .deb: ftp://ftp.ovh.net/made-in-ovh/bzImage/4.9.90/DEB/ovhkernel-4.9-mod-std-ipv6-headers_4.9.90-1_amd64.deb But I haven't installed the corresponding libc-dev .deb, I will try with this package installed. Maybe there is a conflict between the kernels 4.9.87 and 4.9.90 ? Anyway, your module is working perfectly on my system. Connected OpenVPN clients have a positive result with stunserver (http://www.stunprotocol.org/) on linux (not on Windows but looking at Wireshark, it appears that the packets are correctly received, I think that it is a stunserver bug on Windows...) |
I found a solution. It seems that with my kernel, the member Solution : Adding |
Interesting. I didn't know that. It seems there can be only one I did a search in the kernel source and I found In my opinion, forcing an In this FULLCONENAT module, the Later I will put a condition in this module to disable the notifier stuff accordingly when it's unavailable. Anyway, thanks for your hacking to the source code. That really helps a lot. |
Glad to help ! Good luck and thank you for your work :) |
Hello,
Anytime I delete a POSTROUTING -j FULLCONENAT rule, I got segfault from iptables.
This does not happen with PREROUTING rules
If I retry to delete the rule, iptables becomes deadlocked.
System
kernel : 4.9.90 x86_64
dist : debian 9.3
iptables 1.6.2
Reproduce
Log
Thank you.
The text was updated successfully, but these errors were encountered: