netfilter buglog - Apr 2007 - [Bug 563] New: iptables fails when modules are unable to load

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=563

           Summary: iptables fails when modules are unable to load
           Product: iptables
           Version: unspecified
          Platform: All
               URL: http://bugs.gentoo.org/show_bug.cgi?id=136813
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: iptables
        AssignedTo: laforge@netfilter.org
        ReportedBy: JoseJX@gentoo.org


When running iptables on PPC32, compiled statically, we were seeing a strange
error message:

# iptables
getsockopt failed strangely: No such file or directory

There was nothing printed in the logs after the failure.  After some
investigation, I found that when ip_tables tries to load modules, we are
returned -ENOENT when the module can't be loaded (from
try_then_request_module).

try_then_request_module tries to call the symbol xt_find_revision to satisfy
this request.  Unfortunately, the symbol isn't available, so it tries to
load
the module that contains it.  If you haven't compiled the module it's
requesting, you'll get -2 (-ENOENT) back, which is causing the error above.

I think it would be appropriate to check for -ENOENT in the kernel module to
print notification that the requested module is missing.  If this is not
acceptable, the check for -EPROTONOSUPPORT could be augmented by a check by
-ENOENT to allow iptables to continue working, but this would not provide
information about the error in the logs.

I'll attach a patch that implements the first option.

-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.