bugzilla-daemon@bugzilla.netfilter.org
2006-May-11 17:51 UTC
[Bug 474] New: nf_conntrack marks all packets as INVALID on sparc64 (probably endianness bug)
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=474
Summary: nf_conntrack marks all packets as INVALID on sparc64
(probably endianness bug)
Product: netfilter/iptables
Version: linux-2.6.x
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: nf_conntrack
AssignedTo: yasuyuki.kozakai@toshiba.co.jp
ReportedBy: jan.oravec@6com.sk
I have new connection tracking engine in kernel 2.6.16 -- nf_conntrack -- and
the following rules in IPv4 iptables INPUT table:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state INVALID -j DROP
All INPUT packet are dropped on the INVALID rule. (e.g. icmp echo request/reply,
...)
The machine is sparc64 running 64-bit kernel. I think that the problem is
related to big endianness, because I haven't observed it on other
architectures
(amd64, x86).
The nf_conntrack is loaded into kernel as module.
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Possibly Parallel Threads
- [Bug 474] nf_conntrack marks all packets as INVALID on sparc64 (probably endianness bug)
- [Bug 529] New: OOPS in nf_conntrack_ipv6 with fragmented UDPv6
- [Bug 530] New: loading nf_nat verision of the iptable_nat module kills existing connections
- [ADMINISTRATIVE] bugzilla.netfilter.org running again
- [Bug 108] strange text response for illegal ipv6 ip numbers in rules
Wisdom of the Ancients
