LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* iptables problem upgrading kernel from 3.18.8 to 3.19.1
@ 2015-03-08 10:12 David R
  2015-03-08 17:55 ` Florian Westphal
  0 siblings, 1 reply; 4+ messages in thread
From: David R @ 2015-03-08 10:12 UTC (permalink / raw)
  To: netdev; +Cc: linux-kernel

I've just had an exception to my "uneventful kernel upgrade" monotony.

My boot scripts failed when setting up the firewall due to this :-

    xt_recent: hitcount (1) is larger than packets to be remembered (1)
for table xxxx

This is a completely straightforward

    iptables -A yyyy -j REJECT -p tcp --reject-with tcp-reset -m recent
--set --name xxxx --rsource

Looking at the history for xt_recent.c it looks like this was introduced
in abc86d0f99242b7f142b7cb8f90e30081dd3c256 but maybe corrected in
cef9ed86ed62eeffcd017882278bbece32001f86 ?

Whatever, 3.19.1 is still affected, it can be worked around by setting
ip_pkt_list_tot in the module parameters.

Cheers
David

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: iptables problem upgrading kernel from 3.18.8 to 3.19.1
  2015-03-08 10:12 iptables problem upgrading kernel from 3.18.8 to 3.19.1 David R
@ 2015-03-08 17:55 ` Florian Westphal
  2015-03-12 19:47   ` David Miller
  0 siblings, 1 reply; 4+ messages in thread
From: Florian Westphal @ 2015-03-08 17:55 UTC (permalink / raw)
  To: David R; +Cc: netdev, linux-kernel, pablo, stable

David R <david@unsolicited.net> wrote:

[ CC Pablo & stable@ ]

> I've just had an exception to my "uneventful kernel upgrade" monotony.
> 
> My boot scripts failed when setting up the firewall due to this :-
> 
>     xt_recent: hitcount (1) is larger than packets to be remembered (1)
> for table xxxx
> 
> This is a completely straightforward
> 
>     iptables -A yyyy -j REJECT -p tcp --reject-with tcp-reset -m recent
> --set --name xxxx --rsource
> 
> Looking at the history for xt_recent.c it looks like this was introduced
> in abc86d0f99242b7f142b7cb8f90e30081dd3c256 but maybe corrected in
> cef9ed86ed62eeffcd017882278bbece32001f86 ?

Right.  I would recommend to revert abc86d0f99242b7f142b7cb8f90e30081dd3c256
in 3.19.y series rather than applying cef9ed86ed62, though.

Sorry,
Florian

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: iptables problem upgrading kernel from 3.18.8 to 3.19.1
  2015-03-08 17:55 ` Florian Westphal
@ 2015-03-12 19:47   ` David Miller
  2015-03-16 13:54     ` Greg KH
  0 siblings, 1 reply; 4+ messages in thread
From: David Miller @ 2015-03-12 19:47 UTC (permalink / raw)
  To: fw; +Cc: david, netdev, linux-kernel, pablo, stable, gregkh

From: Florian Westphal <fw@strlen.de>
Date: Sun, 8 Mar 2015 18:55:53 +0100

> David R <david@unsolicited.net> wrote:
> 
> [ CC Pablo & stable@ ]
> 
>> I've just had an exception to my "uneventful kernel upgrade" monotony.
>> 
>> My boot scripts failed when setting up the firewall due to this :-
>> 
>>     xt_recent: hitcount (1) is larger than packets to be remembered (1)
>> for table xxxx
>> 
>> This is a completely straightforward
>> 
>>     iptables -A yyyy -j REJECT -p tcp --reject-with tcp-reset -m recent
>> --set --name xxxx --rsource
>> 
>> Looking at the history for xt_recent.c it looks like this was introduced
>> in abc86d0f99242b7f142b7cb8f90e30081dd3c256 but maybe corrected in
>> cef9ed86ed62eeffcd017882278bbece32001f86 ?
> 
> Right.  I would recommend to revert abc86d0f99242b7f142b7cb8f90e30081dd3c256
> in 3.19.y series rather than applying cef9ed86ed62, though.

Greg, please queue up a revert of abc86d0f99242b7f142b7cb8f90e30081dd3c256 for
3.19.x -stable, if you haven't done so already.

Thanks.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: iptables problem upgrading kernel from 3.18.8 to 3.19.1
  2015-03-12 19:47   ` David Miller
@ 2015-03-16 13:54     ` Greg KH
  0 siblings, 0 replies; 4+ messages in thread
From: Greg KH @ 2015-03-16 13:54 UTC (permalink / raw)
  To: David Miller; +Cc: fw, david, netdev, linux-kernel, pablo, stable

On Thu, Mar 12, 2015 at 03:47:56PM -0400, David Miller wrote:
> From: Florian Westphal <fw@strlen.de>
> Date: Sun, 8 Mar 2015 18:55:53 +0100
> 
> > David R <david@unsolicited.net> wrote:
> > 
> > [ CC Pablo & stable@ ]
> > 
> >> I've just had an exception to my "uneventful kernel upgrade" monotony.
> >> 
> >> My boot scripts failed when setting up the firewall due to this :-
> >> 
> >>     xt_recent: hitcount (1) is larger than packets to be remembered (1)
> >> for table xxxx
> >> 
> >> This is a completely straightforward
> >> 
> >>     iptables -A yyyy -j REJECT -p tcp --reject-with tcp-reset -m recent
> >> --set --name xxxx --rsource
> >> 
> >> Looking at the history for xt_recent.c it looks like this was introduced
> >> in abc86d0f99242b7f142b7cb8f90e30081dd3c256 but maybe corrected in
> >> cef9ed86ed62eeffcd017882278bbece32001f86 ?
> > 
> > Right.  I would recommend to revert abc86d0f99242b7f142b7cb8f90e30081dd3c256
> > in 3.19.y series rather than applying cef9ed86ed62, though.
> 
> Greg, please queue up a revert of abc86d0f99242b7f142b7cb8f90e30081dd3c256 for
> 3.19.x -stable, if you haven't done so already.

Now done, thanks.

greg k-h

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2015-03-16 13:54 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-08 10:12 iptables problem upgrading kernel from 3.18.8 to 3.19.1 David R
2015-03-08 17:55 ` Florian Westphal
2015-03-12 19:47   ` David Miller
2015-03-16 13:54     ` Greg KH

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).