bugzilla-daemon@bugzilla.netfilter.org
2006-May-11 17:51 UTC
[Bug 474] New: nf_conntrack marks all packets as INVALID on sparc64 (probably endianness bug)
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=474 Summary: nf_conntrack marks all packets as INVALID on sparc64 (probably endianness bug) Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: nf_conntrack AssignedTo: yasuyuki.kozakai@toshiba.co.jp ReportedBy: jan.oravec@6com.sk I have new connection tracking engine in kernel 2.6.16 -- nf_conntrack -- and the following rules in IPv4 iptables INPUT table: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state INVALID -j DROP All INPUT packet are dropped on the INVALID rule. (e.g. icmp echo request/reply, ...) The machine is sparc64 running 64-bit kernel. I think that the problem is related to big endianness, because I haven't observed it on other architectures (amd64, x86). The nf_conntrack is loaded into kernel as module. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Reasonably Related Threads
- [Bug 474] nf_conntrack marks all packets as INVALID on sparc64 (probably endianness bug)
- [Bug 529] New: OOPS in nf_conntrack_ipv6 with fragmented UDPv6
- [Bug 530] New: loading nf_nat verision of the iptable_nat module kills existing connections
- [ADMINISTRATIVE] bugzilla.netfilter.org running again
- [Bug 108] strange text response for illegal ipv6 ip numbers in rules