PROBLEM: iptables error after kernel upgrade

From: anctop
Date: Mon Apr 29 2013 - 21:26:19 EST


Dear Sir,

I'm writing to report a suspected kernel bug.
The report is formatted as described in the REPORTING-BUGS file.

[1.] iptables error after kernel upgrade

[2.] Full description of the problem/report:

My system was running kernel 2.6.39.2 with iptables 1.4.10. The kernel
was non-modular and had all the required features (e.g. connlimit)
compiled in it. The netfilter rules were implemented by a startup sh
script.
Recently I upgraded the kernel to version 3.8.2, compiled with the
same options as the old one. It boots with no problem but some of the
iptables rules generate lines saying "Protocol wrong type for socket".
I guess something has been changed in the kernel codes.

[3.] Keywords (i.e., modules, networking, kernel):

[4.] Kernel information
[4.1.] Kernel version (from /proc/version):

Linux version 3.8.2 (root@hostname) (gcc version 4.4.6 (GCC) ) #1 SMP
Fri Apr 26 09:59:09 HKT 2013

[4.2.] Kernel .config file:

See attachments 4.2-config-2.6.39.2 and 4.2-config-3.8.2

[5.] Most recent kernel version which did not have the bug:

Version 3.5.7
The problem occurs from version 3.6.1 to the latest 3.9. However the
ChangeLog-3.6.1 does not seem to mention changes in the netfilter
codes.

[6.] Output of Oops.. message (if applicable) with symbolic
information resolved (see Documentation/oops-tracing.txt)

[7.] A small shell script or example program which triggers the
problem (if possible)

The error is reproducible with an example command taken from the iptables man
page :
"iptables -A INPUT -p tcp --syn --dport 23 -m connlimit
--connlimit-above 2 -j REJECT"

[8.] Environment
[8.1.] Software (add the output of the ver_linux script here)

Linux hostname 2.6.39.2 #1 SMP Thu Jun 30 11:00:41 HKT 2011 i686
unknown unknown GNU/Linux

Gnu C 4.4.6
Gnu make 3.82
binutils 2.21.1
util-linux 2.14.2
mount support
module-init-tools 3.9
e2fsprogs 1.41.6
quota-tools 3.17.
Linux C Library 2.13
Dynamic linker (ldd) 2.13
Linux C++ Library ..
Procps 3.2.8
Net-tools 1.60
Kbd 78:
Sh-utils 5.2.1

[8.2.] Processor information (from /proc/cpuinfo):

See attachment 8.2-cpuinfo

[8.3.] Module information (from /proc/modules):

The kernel is compiled without modules support.

[8.4.] Loaded driver and hardware information (/proc/ioports, /proc/iomem)

See attachments 8.4-iomem and 8.4-ioports

[8.5.] PCI information ('lspci -vvv' as root)

See attachment 8.5-lspci-vvv

[8.6.] SCSI information (from /proc/scsi/scsi)

Attached devices:
Host: scsi4 Channel: 00 Id: 00 Lun: 00
Vendor: ATA Model: IC35L060AVER07-0 Rev: ER6O
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi4 Channel: 00 Id: 01 Lun: 00
Vendor: ATA Model: WDC WD800BB-22JH Rev: 05.0
Type: Direct-Access ANSI SCSI revision: 05

[8.7.] Other information that might be relevant to the problem
(please look in /proc and include all information that you
think to be relevant):

[X.] Other notes, patches, fixes, workarounds:

**** END of report ****

Attachment: 4.2-config-2.6.39.2
Description: Binary data

Attachment: 4.2-config-3.8.2
Description: Binary data

Attachment: 8.2-cpuinfo
Description: Binary data

Attachment: 8.4-iomem
Description: Binary data

Attachment: 8.4-ioports
Description: Binary data

Attachment: 8.5-lspci-vvv
Description: Binary data