Linux 4.19.8 kernel panics with netfilter/iptables

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Linux 4.19.8 kernel panics with netfilter/iptables

Ralph Seichter
With kernel versions 4.19.0 to 4.19.8, I see kernel panics whenever
I activate some iptables rules. The same ruleset works fine with all
earlier kernel versions.

I found https://marc.info/?l=netfilter-devel&m=154211825506348&w=2 and
was wondering if there is any workaround/patch availabe in Gentoo?

-Ralph

Reply | Threaded
Open this post in threaded view
|

Re: Linux 4.19.8 kernel panics with netfilter/iptables

Hasan Ç.
Can you share your iptables rules i am on 4.19.8 too with exact version of kernel c headers & updated glibc.
I can share my results.

Hasan.

Ralph Seichter <[hidden email]>, 12 Ara 2018 Çar, 16:40 tarihinde şunu yazdı:
With kernel versions 4.19.0 to 4.19.8, I see kernel panics whenever
I activate some iptables rules. The same ruleset works fine with all
earlier kernel versions.

I found https://marc.info/?l=netfilter-devel&m=154211825506348&w=2 and
was wondering if there is any workaround/patch availabe in Gentoo?

-Ralph

Reply | Threaded
Open this post in threaded view
|

Re: Linux 4.19.8 kernel panics with netfilter/iptables

Ralph Seichter
* Hasan Ç.:

> Can you share your iptables rules i am on 4.19.8 too with exact
> version of kernel c headers & updated glibc.

Here you go: https://pastebin.com/f8V8DfFU

As you can see, I obfuscated some IP addresses, but other than that,
this is the original ruleset.

-Ralph

Reply | Threaded
Open this post in threaded view
|

Re: Linux 4.19.8 kernel panics with netfilter/iptables

Ralph Seichter
In reply to this post by Hasan Ç.
* Hasan Ç.:

> I can share my results.

Have you been able to run some tests yet?

-Ralph

Reply | Threaded
Open this post in threaded view
|

Re: Linux 4.19.8 kernel panics with netfilter/iptables

Andrew Savchenko
In reply to this post by Ralph Seichter
On Wed, 12 Dec 2018 14:39:48 +0100 Ralph Seichter wrote:
> With kernel versions 4.19.0 to 4.19.8, I see kernel panics whenever
> I activate some iptables rules. The same ruleset works fine with all
> earlier kernel versions.
>
> I found https://marc.info/?l=netfilter-devel&m=154211825506348&w=2 and
> was wondering if there is any workaround/patch availabe in Gentoo?

You can apply patches by your own. This is easy:

1. Create dir /etc/portage/patches/sys-kernel/gentoo-sources-4.19.8
(or whatever kernel you are using).
2. Put patches there, ensure file names end with ".patch".

More details are here:
https://wiki.gentoo.org/wiki//etc/portage/patches

Best regards,
Andrew Savchenko

attachment0 (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Linux 4.19.8 kernel panics with netfilter/iptables

Hasan Ç.
Hi Ralph,

Sorry for very very late answer.I am on prod. with 4.19.8 kernel and i confirm that i don't have a such problem with iptables.I am not sure what is the exact solution of your problem but the one thing i guess your linux headers (4.13 or 4.14 if you follow mainstream) & kernel .config and kernel version mistmatch.I have own compiled kernel and also re-compiled glibc with 4.19.8 headers also re-compiled @world and @system :)

The only issue i faced with this setup is kernel audit. sys-process/audit package can't compile because of 4.19.8 headers.


Andrew Savchenko <[hidden email]>, 23 Ara 2018 Paz, 18:34 tarihinde şunu yazdı:
On Wed, 12 Dec 2018 14:39:48 +0100 Ralph Seichter wrote:
> With kernel versions 4.19.0 to 4.19.8, I see kernel panics whenever
> I activate some iptables rules. The same ruleset works fine with all
> earlier kernel versions.
>
> I found https://marc.info/?l=netfilter-devel&m=154211825506348&w=2 and
> was wondering if there is any workaround/patch availabe in Gentoo?

You can apply patches by your own. This is easy:

1. Create dir /etc/portage/patches/sys-kernel/gentoo-sources-4.19.8
(or whatever kernel you are using).
2. Put patches there, ensure file names end with ".patch".

More details are here:
https://wiki.gentoo.org/wiki//etc/portage/patches

Best regards,
Andrew Savchenko