Bug 31133
| Summary: | do not assume that nat, mangle tables exist | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] Red Hat Public Beta | Reporter: | Ben Liblit <liblit> | ||||
| Component: | iptables | Assignee: | Bernhard Rosenkraenzer <bero> | ||||
| Status: | CLOSED ERRATA | QA Contact: | David Lawrence <dkl> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | roswell | ||||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | i386 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2001-11-07 14:16:53 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Ben Liblit
2001-03-09 01:46:43 UTC
Created attachment 12142 [details]
one possible approach to fixing this bug
I've attached a patch above that suggests one possible way of fixing this bug. The general idea is to create an "iftable" function that takes the name of a table and an iptables command line which is to be run only if the given table exists. It ends up looking at /proc/net/ip_tables_names quite a few times, but that doesn't seem to be a performance problem in practice. Most of the problems I reported are fixed, then, by using "iftable" instead of calling "iptables" directly. The one exception is the "status" handler. In this case, it seemed wiser to make the code more generic, and have it display all tables listed in /proc/net/ip_tables_names. I suppose the other option would be to split out the filter, nat, and mangle tables into their own initscripts. Each one could be controlled by a distinct "chkconfig" option, so that each system's administrator could explicitly activate or deactivate just the tables of interest. Fixed since 1.2.0-10 According to <bero> this problem has been "fixed since 1.2.0-10". However, that is exactly the version and release against which I filed this report in the first place. The problem has not been fixed since 1.2.0-10, and is easily demonstrated using 1.2.0-10 on any machine that does not have the mangle and nat tables. Please reconsider the status of this bug. Note, as well, that there's already a patch attached to this report that illustrates one reasonable way of fixing the problem. Hmm. Maybe there's some confusion here. When Bero wrote "Fixed since 1.2.0-10", did he mean that the bug had already been fixed going as far back as 1.2.0-10? Or did he mean that it had been fixed at some unspecified release that happened after 1.2.0-10? If the former, I disagree. If the later, then I eagerly await the arrival of this unspecified later release. For the record, this bug is still present in iptables-1.2.1a, which shipped with Red Hat 7.1. Perhaps someone should change the "Product" and "Version" fields? I'm not sure if I have permission to do that. And again, please consider applying the patch I attached earlier. It fixes this problem quite cleanly. That patch was created for 1.2.0; I haven't checked to see if it needs changes for 1.2.1a, but that shouldn't be hard. I had added your patch and forgotten to send the package through the buildsystem, therefore it was lost. It's fixed for real in 1.2.2-3. Bero claims that "It's fixed for real in 1.2.2-3". It is not. The problem still appears in the iptables-1.2.2-3 RPM which is part of Red Hat's "roswell" beta. True, it was fixed only partially. I've added the full fix in 1.2.4-1 (rawhide now, errata soon). |