PROBLEM: iptables error after kernel upgrade
From: anctop
Date: Mon Apr 29 2013 - 21:26:19 EST
Dear Sir,
I'm writing to report a suspected kernel bug.
The report is formatted as described in the REPORTING-BUGS file.
[1.] iptables error after kernel upgrade
[2.] Full description of the problem/report:
My system was running kernel 2.6.39.2 with iptables 1.4.10. The kernel
was non-modular and had all the required features (e.g. connlimit)
compiled in it. The netfilter rules were implemented by a startup sh
script.
Recently I upgraded the kernel to version 3.8.2, compiled with the
same options as the old one. It boots with no problem but some of the
iptables rules generate lines saying "Protocol wrong type for socket".
I guess something has been changed in the kernel codes.
[3.] Keywords (i.e., modules, networking, kernel):
[4.] Kernel information
[4.1.] Kernel version (from /proc/version):
Linux version 3.8.2 (root@hostname) (gcc version 4.4.6 (GCC) ) #1 SMP
Fri Apr 26 09:59:09 HKT 2013
[4.2.] Kernel .config file:
See attachments 4.2-config-2.6.39.2 and 4.2-config-3.8.2
[5.] Most recent kernel version which did not have the bug:
Version 3.5.7
The problem occurs from version 3.6.1 to the latest 3.9. However the
ChangeLog-3.6.1 does not seem to mention changes in the netfilter
codes.
[6.] Output of Oops.. message (if applicable) with symbolic
information resolved (see Documentation/oops-tracing.txt)
[7.] A small shell script or example program which triggers the
problem (if possible)
The error is reproducible with an example command taken from the iptables man
page :
"iptables -A INPUT -p tcp --syn --dport 23 -m connlimit
--connlimit-above 2 -j REJECT"
[8.] Environment
[8.1.] Software (add the output of the ver_linux script here)
Linux hostname 2.6.39.2 #1 SMP Thu Jun 30 11:00:41 HKT 2011 i686
unknown unknown GNU/Linux
Gnu C 4.4.6
Gnu make 3.82
binutils 2.21.1
util-linux 2.14.2
mount support
module-init-tools 3.9
e2fsprogs 1.41.6
quota-tools 3.17.
Linux C Library 2.13
Dynamic linker (ldd) 2.13
Linux C++ Library ..
Procps 3.2.8
Net-tools 1.60
Kbd 78:
Sh-utils 5.2.1
[8.2.] Processor information (from /proc/cpuinfo):
See attachment 8.2-cpuinfo
[8.3.] Module information (from /proc/modules):
The kernel is compiled without modules support.
[8.4.] Loaded driver and hardware information (/proc/ioports, /proc/iomem)
See attachments 8.4-iomem and 8.4-ioports
[8.5.] PCI information ('lspci -vvv' as root)
See attachment 8.5-lspci-vvv
[8.6.] SCSI information (from /proc/scsi/scsi)
Attached devices:
Host: scsi4 Channel: 00 Id: 00 Lun: 00
Vendor: ATA Model: IC35L060AVER07-0 Rev: ER6O
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi4 Channel: 00 Id: 01 Lun: 00
Vendor: ATA Model: WDC WD800BB-22JH Rev: 05.0
Type: Direct-Access ANSI SCSI revision: 05
[8.7.] Other information that might be relevant to the problem
(please look in /proc and include all information that you
think to be relevant):
[X.] Other notes, patches, fixes, workarounds:
**** END of report ****
Attachment:
4.2-config-2.6.39.2
Description: Binary data
Attachment:
4.2-config-3.8.2
Description: Binary data
Attachment:
8.2-cpuinfo
Description: Binary data
Attachment:
8.4-iomem
Description: Binary data
Attachment:
8.4-ioports
Description: Binary data
Attachment:
8.5-lspci-vvv
Description: Binary data