Bug 520797
| Summary: | ip_tables: connlimit match: invalid size 24 != 16 | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Jiri Pirko <jpirko> | ||||||
| Component: | iptables | Assignee: | iptables-maint-list <iptables-maint-list> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Petr Sklenar <psklenar> | ||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | urgent | ||||||||
| Version: | 5.4 | CC: | azelinka, bhu, bugzilla, cdahlin, dkovalsk, eteo, gustavo, jneedle, jpirko, jplans, jscotka, kvolny, lgoncalv, liko, lsmid, mmcallis, pknirsch, psklenar, rkhan, schlichting, simon.matter, syeghiay, tao, thoger, tis, twoerner, williams | ||||||
| Target Milestone: | rc | Keywords: | ZStream | ||||||
| Target Release: | --- | ||||||||
| Hardware: | i686 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | iptables-1.3.5-6.1.el5 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | |||||||||
| : | 525132 (view as bug list) | Environment: | |||||||
| Last Closed: | 2012-02-21 06:21:06 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 499522, 521999, 525132, 529687, 532437 | ||||||||
| Attachments: |
|
||||||||
|
Description
Jiri Pirko
2009-09-02 12:41:45 UTC
Just as a hint, some Debian folks had the same issue: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504989 I made a patch for iptables util and it works for me just fine. Try rpm here: http://people.redhat.com/jpirko/test/iptables-1.3.5-5.3.el5.test.i686.rpm Created attachment 359542 [details]
proposed patch
reassigning this to component iptables. Works fine for me, no problems anymore, tested on i686 and also x86_64 kernel. Thanks, Simon I think I found another bug. # rpm -q iptables iptables-1.3.5-5.3.el5.test # uname -rm 2.6.24.7-126.el5rt i686 # iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 15 -j REJECT iptables: Unknown error 4294967295 # tail -1 /var/log/messages Sep 7 23:07:31 host kernel: ip_tables: connlimit match: invalid size 32 != 24 It worked on 2.6.18-164.el5 i686 though. Hi Eugene, I'm sure Jiri may give you a better answer but how I understand it the issue you see is expected because the iptables package is patched for the patched 2.6.18 kernel which is not compatible with the 2.6.24.7 you are using. Regards, Simon correct - I will look at 2.6.24.7 to see how to make this work for both kernels. Created attachment 360055 [details]
proposed patch #2
Thanks to patch #2 iptables util is compatible with 2.6.24.7-126.el5rt Note that there is needed to patch el5 kernel too. I'm going to fill a bz for this and make it dependent on this bz. According to discussions on irc: 1) The initial alignment patch is ok to be added. 2) Compatibility problems of 2.4.24+ and iptables-1.3.5 have to be solved in the 2.6.24+ rt kernel. Is this iptables update scheduled to be available soon? Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0255.html |