Bug 205268

Summary: iptables reporting useless errorcodes
Product: [Fedora] Fedora Reporter: Daniel Riek <riek>
Component: iptablesAssignee: Thomas Woerner <twoerner>
Status: CLOSED CURRENTRELEASE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: low    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: iptables-1.3.8-6.fc8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-12-05 17:16:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 261481, 412441    

Description Daniel Riek 2006-09-05 17:48:20 UTC 
Rawhide iptables reports a useless errorcode, e.g. when trying to operate on the
wrong table:
[root@myhost ~]# iptables -t mangle -I PREROUTING -p tcp --dport 2222 -d
192.168.1.1 -j DNAT --to-destination 192.168.1.2:22 iptables: Unknown error
18446744073709551615

Instead it should report a human readable description of what went wrong.

Package versions are:
iptables-1.3.5-1.2.1
kernel-xen-2.6.17-1.2600.fc6
Comment 2 Thomas Woerner 2007-08-23 10:18:15 UTC 
What kind of hardware is this?
Comment 3 Daniel Riek 2007-08-28 19:06:12 UTC 
x86_64:
cpu family      : 15
model           : 43
model name      : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
stepping        : 1


Still happens in RHEL 5.1 beta:
kernel-xen-2.6.18-37.el5
iptables-1.3.5-1.2.1
Comment 4 Thomas Woerner 2007-09-26 16:33:03 UTC 
Can yopu please verify this with the latest iptables-1.3.8 verison in rawhide? I
do not get this cryptic error message.
BTW: This message reflacts probably a kernel module problem.
Comment 5 macker 2007-10-25 00:08:07 UTC 
Related poor output (crappy error code, rather than a real error)  from
iptables-1.3.5-1.2.1 (RHEL5):

# iptables -A INPUT -p tcp -m udp -j ACCEPT
iptables: Unknown error 4294967295
# iptables -A INPUT -p tcp -m udp --dport 23 -j ACCEPT
iptables: Unknown error 4294967295

The error is easy to observe in this format, but when looking at a long list of
rules in /etc/sysconfig/iptables, it is not.  The error is introduced by
incomplete editing following copy/paste to duplicate similar rules, e.g. adding
a copy of the rule for UDP in addition to TCP.

I can move this into its own bug if needed, but makes sense to append it here,
if it still occurs in the affected version.
Comment 6 Daniel Riek 2007-12-05 17:16:54 UTC 
iptables-1.3.8-6.fc8 on x86-64 now reports:
iptables: Invalid argument

Not a bug anymore, but makes yo uthink about an RFE for meaningful error
reporting in iptables.

E.g. if you use a non-existing table, it should say so. Will file a separate bug
for that.