Bug 1945179
| Summary: | iptables/arptables/ebtables/ipset: kernel: add deprecation notice on module load. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Eric Garver <egarver> |
| Component: | kernel | Assignee: | Phil Sutter <psutter> |
| kernel sub component: | Netfilter | QA Contact: | yiche <yiche> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | medium | ||
| Priority: | unspecified | CC: | egarver, jiji, network-qe, psutter, pvlasin, todoleza, yiche |
| Version: | 9.0 | Keywords: | Triaged |
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
| Target Release: | 9.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | kernel-5.14.0-21.el9 | Doc Type: | No Doc Update |
| Doc Text: |
Release Note: See BZ#1945151.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-05-17 15:38:02 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Eric Garver
2021-03-31 13:11:20 UTC
I'll submit a single patch doing it all at once. The kernel messages are created upon module load. To trigger them all, call: | arptables-legacy -vnL | ebtables-legacy -L | ipset create testset hash:ip | iptables-legacy -vnL | ip6tables-legacy -vnL | iptables-nft -A FORWARD -m conntrack --conntrack-state NEW -j ACCEPT Note the last one: We deprecate nft_compat.ko which is used only if iptables-nft calls xtables extensions. Regular listing or use of e.g. IP address matches and/or standard targets does not require it and therefore won't trigger the warning. *** Bug 1945181 has been marked as a duplicate of this bug. *** *** Bug 1945185 has been marked as a duplicate of this bug. *** *** Bug 1945193 has been marked as a duplicate of this bug. *** Yiche, please consider this ticket for qa_ack+. Feel free to set ITM as you see fit. Thanks! Hi Phil, Would you provide test advice about this change? (In reply to yiche from comment #7) > Hi Phil, > Would you provide test advice about this change? Run each command from comment 1, make sure it causes a kernel log message upon first invocation (and not second). No message should appear multiple times unless a kernel module is unloaded. Is this sufficient or do you need more data? Thanks, Phil > make sure it causes a kernel log message upon
> first invocation (and not second). No message should appear multiple times
I think this is enough, thank you.
Discussion ongoing, hence bumping ITM. Rebased the MR and changed its target from 9.0-beta to main. New MR, turns out I have to aim at centos-stream-9. Sorry for the inconvenience! Yiche, could you please give the new MR's build another try? MR was missed for LNST testing, needs more time for CI. The KCS article has been published: https://access.redhat.com/solutions/6739041 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (new packages: kernel), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:3907 |