Bug 844436

Summary: Moved kernel modules to kernel-modules-extra leads to Shorewall failure
Product: [Fedora] Fedora Reporter: Eduard Kohler <glandvador>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: gansalmon, glandvador, icon, itamar, jonathan, kernel-maint, madhu.chinakonda
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-10-08 11:16:08 EDT Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Eduard Kohler 2012-07-30 11:42:08 EDT
Description of problem:

Shorewall fails when applying traffic control rules with the following error:
RTNETLINK answers: No such file or directory
This is due to some missing kernel modules that have been moved to kernel-modules-extra package. After Shorewall failure, the system network connectivity is correctly (in my opinion) blocked. Of course, for a network only device is not acceptable.

How reproducible:

Steps to Reproduce:
1. Yum upgrade a working F16 device with a boot generated firewall by Shorewall to F17
2. Reboot
3. Enjoy remote brick

Actual results:
No network connectivity.

Expected results:
Working device.

Additional info:

Modules used by Shorewall that have moved to kernel-modules-extra:
# find /usr/share/shorewall/* -type f -exec grep 'loadmodule ' \{} \; | awk '{print $2}' | sort -u > shorewall.txt
# rpm -ql kernel-modules-extra | egrep -e '\.ko' | xargs -l basename | awk -F"." '{print $1}' >> shorewall.txt
# sort shorewall.txt | uniq -d

Result :

Comment 1 Josh Boyer 2012-07-31 08:07:00 EDT
(In reply to comment #0)
> sch_hfsc
> sch_ingress
> sch_prio
> sch_sfq
> sch_tbf

These should be back in the main kernel package in tomorrow's rawhide and in the  next F17 kernel build.
Comment 2 Eduard Kohler 2012-08-03 05:21:42 EDT
If the next kernel package for f17 is:


then these modules still available only into the kernel-modules-extra package.
Comment 3 Josh Boyer 2012-08-03 08:19:54 EDT
(In reply to comment #2)
> If the next kernel package for f17 is:
> kernel-3.5.0-2.fc17 

Nope.  I said the next kernel build.  It hasn't been built yet.  Bodhi will leave a comment here when it's available.
Comment 4 Josh Boyer 2012-10-08 11:16:08 EDT
This was fixed in 3.5.0-4 (and newer).