Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Segfault when delete rule #5
Anytime I delete a POSTROUTING -j FULLCONENAT rule, I got segfault from iptables.
If I retry to delete the rule, iptables becomes deadlocked.
kernel : 4.9.90 x86_64
Hi, thanks for the feedback. Please provide more information about the crash because for now I cannot reproduce this issue.
Thank you for your response :)
Yes, it is.
Tell me if you need something more.
I don't know what it is, it's on a fresh install of linux on a dedicated server hosted by OVH that I got this error. ip netns list returns nothing if it is what you are talking about.
By the way I've tested using the interface name enp1s0 which is the real name (in ifconfig), but same result.
You can find my kernel config here : ftp://ftp.ovh.net/made-in-ovh/bzImage/4.9.90/config-4.9.90-mod-std-ipv6-64
This is weird. It seems that the binary instructions of the existing kernel space function
This may be caused by a mismatch between the linux header version and the actual kernel version, or the kernel is not a standard stable build but somehow altered.
I'm trying to reconstruct the runtime environment by installing your specific debian version along with your kernel configurations into my virtual machines. This will take some time and meanwhile you can try another linux distribution or build a standard kernel.
Another question: regardless of the deletion of the iptables rules, is this module working as expected on your system?
I was on a 4.9.87 kernel when I installed the server, but this kernel wasn't enabling module loading.
So I've installed this .deb:
But I haven't installed the corresponding libc-dev .deb, I will try with this package installed.
Maybe there is a conflict between the kernels 4.9.87 and 4.9.90 ?
Anyway, your module is working perfectly on my system. Connected OpenVPN clients have a positive result with stunserver (http://www.stunprotocol.org/) on linux (not on Windows but looking at Wireshark, it appears that the packets are correctly received, I think that it is a stunserver bug on Windows...)
I found a solution.
It seems that with my kernel, the member
Solution : Adding
Interesting. I didn't know that. It seems there can be only one
I did a search in the kernel source and I found
In my opinion, forcing an
In this FULLCONENAT module, the
Later I will put a condition in this module to disable the notifier stuff accordingly when it's unavailable.
Anyway, thanks for your hacking to the source code. That really helps a lot.