Bug 205268 - iptables reporting useless errorcodes
Summary: iptables reporting useless errorcodes
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: iptables
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks: 261481 412441
TreeView+ depends on / blocked
 
Reported: 2006-09-05 17:48 UTC by Daniel Riek
Modified: 2007-12-05 17:18 UTC (History)
0 users

Fixed In Version: iptables-1.3.8-6.fc8
Clone Of:
Environment:
Last Closed: 2007-12-05 17:16:54 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Daniel Riek 2006-09-05 17:48:20 UTC
Rawhide iptables reports a useless errorcode, e.g. when trying to operate on the
wrong table:
[root@myhost ~]# iptables -t mangle -I PREROUTING -p tcp --dport 2222 -d
192.168.1.1 -j DNAT --to-destination 192.168.1.2:22 iptables: Unknown error
18446744073709551615

Instead it should report a human readable description of what went wrong.

Package versions are:
iptables-1.3.5-1.2.1
kernel-xen-2.6.17-1.2600.fc6

Comment 2 Thomas Woerner 2007-08-23 10:18:15 UTC
What kind of hardware is this?

Comment 3 Daniel Riek 2007-08-28 19:06:12 UTC
x86_64:
cpu family      : 15
model           : 43
model name      : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
stepping        : 1


Still happens in RHEL 5.1 beta:
kernel-xen-2.6.18-37.el5
iptables-1.3.5-1.2.1

Comment 4 Thomas Woerner 2007-09-26 16:33:03 UTC
Can yopu please verify this with the latest iptables-1.3.8 verison in rawhide? I
do not get this cryptic error message.
BTW: This message reflacts probably a kernel module problem.

Comment 5 macker 2007-10-25 00:08:07 UTC
Related poor output (crappy error code, rather than a real error)  from
iptables-1.3.5-1.2.1 (RHEL5):

# iptables -A INPUT -p tcp -m udp -j ACCEPT
iptables: Unknown error 4294967295
# iptables -A INPUT -p tcp -m udp --dport 23 -j ACCEPT
iptables: Unknown error 4294967295

The error is easy to observe in this format, but when looking at a long list of
rules in /etc/sysconfig/iptables, it is not.  The error is introduced by
incomplete editing following copy/paste to duplicate similar rules, e.g. adding
a copy of the rule for UDP in addition to TCP.

I can move this into its own bug if needed, but makes sense to append it here,
if it still occurs in the affected version.

Comment 6 Daniel Riek 2007-12-05 17:16:54 UTC
iptables-1.3.8-6.fc8 on x86-64 now reports:
iptables: Invalid argument

Not a bug anymore, but makes yo uthink about an RFE for meaningful error
reporting in iptables.

E.g. if you use a non-existing table, it should say so. Will file a separate bug
for that.



Note You need to log in before you can comment on or make changes to this bug.