Bug 531831
| Summary: | [user space] ip_tables: connlimit match: invalid size 32 != 24 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise MRG | Reporter: | Beth Uptagrafft <bhu> |
| Component: | realtime-kernel | Assignee: | Clark Williams <williams> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | David Sommerseth <davids> |
| Severity: | high | Docs Contact: | |
| Priority: | urgent | ||
| Version: | Development | CC: | bhu, eteo, jpirko, lgoncalv, ovasik, twoerner, williams |
| Target Milestone: | 1.1.9 | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 521999 | Environment: | |
| Last Closed: | 2010-11-01 20:08:52 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 521999 | ||
| Bug Blocks: | |||
|
Comment 1
Beth Uptagrafft
2009-10-29 15:47:35 UTC
Tested against kernel-rt-2.6.24.7-132 and 2.6.18-128.8.1 (latest stock RHEL5.3.z) with the old iptables-1.3.5-4.el5. The new iptables-1.3.5-5.3.el5_4.1 was tested on 2.6.24.7-137 and 2.6.18-128.8.1. Both 32bit and 64bit architectures was tested. The following iptables command was tested: iptables -A INPUT -p tcp --syn --dport 80 -m connlimit \ --connlimit-above 15 -j REJECT On 2.6.18-128.8.1 and 2.6.24.7-132 with the old iptables the result was: * 32bit iptables: Unknown error 4294967295 * 64bit iptables: Unknown error 18446744073709551615 On 2.6.18-128.8.1 with the new iptables version, the result was the same as above. On 2.6.24.7-137 with the new iptables, the result was no errors and iptables accepted the command. This is the expected behaviour. Reverified on iptables-1.3.5-4.el5 (stock RHEL) and iptables-1.3.5-4.el5rt.1 (updated for -137 kernel). Ran tests on kernel-2.6.18-128.el5 and kernel-rt-2.6.24.7-137.el5rt
Used this command line for the check:
iptables -A INPUT -p tcp --syn --dport 80 -m connlimit \
--connlimit-above 15 -j REJECT
** stock RHEL iptables
kernel-2.6.18-128.el5 + iptables-1.3.5-4.el5
i686 ==> fails, as expected, no --connlimit support in kernel.
x86_64 ==> fails, as expected, no --connlimit support in kernel.
kernel-rt-2.6.24.7-137.el5rt + iptables-1.3.5-4.el5
i686 ==> fails, as expected with this iptables version.
x86_64 ==> works, as expected.
** updated iptables for MRG kernel
kernel-2.6.18-128.el5 + iptables-1.3.5-4.el5rt.1
i686 ==> fails, as expected - no --connlimit support in kernel.
x86_64 ==> fails, as expected - no --connlimit support in kernel.
kernel-rt-2.6.24.7-137.el5rt + iptables-1.3.5-4.el5rt.1
i686 ==> works, as expected.
x86_64 ==> works, as expected.
No unexpected behaviour was found with this test routine. Keeping it verified.
|