bugzilla-daemon at bugzilla.netfilter.org
2009-Apr-07 11:34 UTC
[Bug 590] New: iptables unknown target data
http://bugzilla.netfilter.org/show_bug.cgi?id=590
Summary: iptables unknown target data
Product: iptables
Version: CVS (please indicate timestamp)
Platform: i386
OS/Version: Ubuntu
Status: NEW
Severity: normal
Priority: P1
Component: iptables
AssignedTo: laforge at netfilter.org
ReportedBy: idallen at idallen.ca
I downloaded the sources iptables-1.4.3.2.tar.bz2 (April 6 2009)
Unpacked in /tmp and ran: ./configure ; make ; sudo ./iptables -L -t mangle
Got this garbage output for one of my chains:
---------------------------------------------------------------------
Chain ianmark (0 references)
target prot opt source destination
CONNMARK all -- anywhere anywhere [12 bytes of
unknown target data]
RETURN all -- anywhere anywhere UNKNOWN match
`mark' [4 bytes of unknown target data]
LOG all -- anywhere anywhere [32 bytes of
unknown target data]
RETURN udp -- anywhere anywhere UNKNOWN match
`udp' [4 bytes of unknown target data]
RETURN tcp -- anywhere anywhere UNKNOWN match
`tcp' [4 bytes of unknown target data]
RETURN all -- anywhere 192.168.0.0/16 [4 bytes of
unknown target data]
RETURN all -- anywhere 172.16.0.0/12 [4 bytes of
unknown target data]
RETURN all -- anywhere 10.0.0.0/8 [4 bytes of
unknown target data]
---------------------------------------------------------------------
What I expected was what the installed version of iptables gives me:
sudo iptables -L -t mangle
---------------------------------------------------------------------
Chain ianmark (0 references)
target prot opt source destination
CONNMARK all -- anywhere anywhere CONNMARK restore
RETURN all -- anywhere anywhere MARK match !0x0
LOG all -- anywhere anywhere LOG level debug
tcp-sequence prefix `IDA-CON'
RETURN udp -- anywhere anywhere udp dpt:domain
RETURN tcp -- anywhere anywhere tcp dpt:domain
RETURN all -- anywhere 192.168.0.0/16
RETURN all -- anywhere 172.16.0.0/12
RETURN all -- anywhere 10.0.0.0/8
---------------------------------------------------------------------
Surely the new iptables shouldn't even compile if it isn't compatible
with this older kernel?
Linux idallen.ca 2.6.24-23-generic #1 SMP Mon Jan 26 00:13:11 UTC 2009 i686
GNU/Linux
LSB Version:
core-2.0-ia32:core-3.0-ia32:core-3.1-ia32:core-3.2-ia32:core-2.0-noarch:core-3.0-noarch:core-3.1-noarch:core-3.2-noarch:cxx-2.0-ia32:cxx-3.0-ia32:cxx-3.1-ia32:cxx-3.2-ia32:cxx-2.0-noarch:cxx-3.0-noarch:cxx-3.1-noarch:cxx-3.2-noarch:desktop-3.1-ia32:desktop-3.2-ia32:desktop-3.1-noarch:desktop-3.2-noarch:graphics-2.0-ia32:graphics-3.0-ia32:graphics-3.1-ia32:graphics-3.2-ia32:graphics-2.0-noarch:graphics-3.0-noarch:graphics-3.1-noarch:graphics-3.2-noarch:languages-3.2-ia32:languages-3.2-noarch:multimedia-3.2-ia32:multimedia-3.2-noarch:printing-3.2-ia32:printing-3.2-noarch
Distributor ID: Ubuntu
Description: Ubuntu 8.04.2
Release: 8.04
Codename: hardy
Module Size Used by
nf_conntrack_netlink 28800 0
nfnetlink 5784 1 nf_conntrack_netlink
ipt_LOG 7296 1
ipt_owner 2944 0
xt_mark 2816 1
xt_CONNMARK 4224 1
xt_MARK 3200 0
isofs 36388 0
loop 18948 0
nls_iso8859_1 4992 0
nls_cp437 6656 0
vfat 14464 0
fat 54556 1 vfat
usb_storage 73792 0
libusual 19236 1 usb_storage
nfs 262540 0
nfsd 228848 17
lockd 67720 3 nfs,nfsd
nfs_acl 4608 2 nfs,nfsd
auth_rpcgss 43424 1 nfsd
sunrpc 185500 11 nfs,nfsd,lockd,nfs_acl,auth_rpcgss
exportfs 6016 1 nfsd
ext2 73352 0
vmnet 46144 9
vmblock 16672 3
vmci 54104 0
vmmon 75792 0
drbd 213256 0
ipt_ULOG 10116 1
nbd 24864 0
ppdev 10372 0
xt_multiport 4224 0
xt_state 3328 0
ipt_MASQUERADE 4608 0
iptable_nat 8324 0
nf_nat 20396 3 nf_conntrack_netlink,ipt_MASQUERADE,iptable_nat
nf_conntrack_ipv4 19080 3 iptable_nat
nf_conntrack 66752 7
nf_conntrack_netlink,xt_CONNMARK,xt_state,ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4
cpufreq_userspace 5284 0
cpufreq_powersave 2688 0
xt_TCPMSS 5504 0
cpufreq_ondemand 9740 0
xt_tcpmss 3200 0
cpufreq_conservative 8712 0
xt_tcpudp 4096 2
cpufreq_stats 7104 0
iptable_mangle 3712 1
freq_table 5536 2 cpufreq_ondemand,cpufreq_stats
sbs 15112 0
sbshc 7680 1 sbs
video 19856 0
output 4736 1 video
container 5632 0
dock 11280 0
battery 14212 0
pppoe 14528 0
pppox 4876 1 pppoe
af_packet 23812 0
ppp_generic 29588 2 pppoe,pppox
slhc 7040 1 ppp_generic
iptable_filter 3840 0
ip_tables 14820 3 iptable_nat,iptable_mangle,iptable_filter
x_tables 16132 14
ipt_LOG,ipt_owner,xt_mark,xt_CONNMARK,xt_MARK,ipt_ULOG,xt_multiport,xt_state,ipt_MASQUERADE,iptable_nat,xt_TCPMSS,xt_tcpmss,xt_tcpudp,ip_tables
ac 6916 0
sbp2 24072 0
lp 12324 0
snd_mpu401 9448 0
snd_mpu401_uart 9728 1 snd_mpu401
parport_pc 36260 1
parport 37832 3 ppdev,lp,parport_pc
analog 13600 0
gameport 16008 1 analog
pcspkr 4224 0
matrox_w1 4992 0
snd_intel8x0 35356 0
snd_ac97_codec 101028 1 snd_intel8x0
wire 24324 1 matrox_w1
evdev 13056 3
ac97_bus 3072 1 snd_ac97_codec
snd_pcm_oss 42144 0
snd_mixer_oss 17920 1 snd_pcm_oss
cn 9632 2 drbd,wire
snd_pcm 78596 3 snd_intel8x0,snd_ac97_codec,snd_pcm_oss
snd_seq_dummy 4868 0
snd_seq_oss 35584 0
snd_seq_midi 9376 0
snd_rawmidi 25760 2 snd_mpu401_uart,snd_seq_midi
snd_seq_midi_event 8320 2 snd_seq_oss,snd_seq_midi
snd_seq 54224 6
snd_seq_dummy,snd_seq_oss,snd_seq_midi,snd_seq_midi_event
snd_timer 24836 2 snd_pcm,snd_seq
snd_seq_device 9612 5
snd_seq_dummy,snd_seq_oss,snd_seq_midi,snd_rawmidi,snd_seq
shpchp 34452 0
pci_hotplug 30880 1 shpchp
snd 56996 13
snd_mpu401,snd_mpu401_uart,snd_intel8x0,snd_ac97_codec,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_seq_dummy,snd_seq_oss,snd_rawmidi,snd_seq,snd_timer,snd_seq_device
soundcore 8800 1 snd
snd_page_alloc 11400 2 snd_intel8x0,snd_pcm
i2c_nforce2 7680 0
i2c_core 24832 1 i2c_nforce2
button 9232 0
nvidia_agp 9628 1
agpgart 34760 1 nvidia_agp
ext3 136840 4
jbd 48404 1 ext3
mbcache 9600 2 ext2,ext3
pata_acpi 8320 0
st 41500 0
osst 56348 0
sd_mod 30720 8
sr_mod 17956 0
sg 36880 0
cdrom 37408 1 sr_mod
usbhid 32128 1
hid 38784 1 usbhid
pata_amd 14212 0
floppy 59588 0
ohci1394 33584 0
sata_sil 12296 4
ieee1394 93752 2 sbp2,ohci1394
aic7xxx 178264 0
scsi_transport_spi 25472 1 aic7xxx
pata_pdc2027x 12676 1
ata_generic 8324 0
3c59x 46376 0
mii 6400 1 3c59x
skge 43536 0
libata 159600 5
pata_acpi,pata_amd,sata_sil,pata_pdc2027x,ata_generic
scsi_mod 151436 10
usb_storage,sbp2,st,osst,sd_mod,sr_mod,sg,aic7xxx,scsi_transport_spi,libata
ehci_hcd 37900 0
ohci_hcd 26640 0
forcedeth 51980 0
usbcore 146412 7 usb_storage,libusual,usbhid,ehci_hcd,ohci_hcd
thermal 16796 0
processor 36488 1 thermal
fan 5636 0
fbcon 42912 0
tileblit 3456 1 fbcon
font 9472 1 fbcon
bitblit 6784 1 fbcon
softcursor 3072 1 bitblit
fuse 50708 1
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at bugzilla.netfilter.org
2009-Apr-07 12:16 UTC
[Bug 590] iptables unknown target data
http://bugzilla.netfilter.org/show_bug.cgi?id=590 ------- Comment #1 from idallen at idallen.ca 2009-04-07 14:16 ------- Maybe this isn't your fault. I got the "official" sources for iptables for Ubuntu 8.04, compiled iptables, and got the same errors. # apt-get source iptables Reading package lists... Done Building dependency tree Reading state information... Done Need to get 759kB of source archives. Get:1 http://ca.archive.ubuntu.com hardy/main iptables 1.3.8.0debian1-1ubuntu2 (dsc) [757B] Get:2 http://ca.archive.ubuntu.com hardy/main iptables 1.3.8.0debian1-1ubuntu2 (tar) [744kB] Get:3 http://ca.archive.ubuntu.com hardy/main iptables 1.3.8.0debian1-1ubuntu2 (diff) [14.1kB] Fetched 759kB in 3s (194kB/s) dpkg-source: extracting iptables in iptables-1.3.8.0debian1 dpkg-source: unpacking iptables_1.3.8.0debian1.orig.tar.gz dpkg-source: applying ./iptables_1.3.8.0debian1-1ubuntu2.diff.gz # cd iptables ; make clean ; make [...] # ./iptables -L -t mangle [...] Chain ianmark (0 references) target prot opt source destination CONNMARK all -- anywhere anywhere [12 bytes of unknown target data] RETURN all -- anywhere anywhere UNKNOWN match `mark' [4 bytes of unknown target data] LOG all -- anywhere anywhere [32 bytes of unknown target data] RETURN udp -- anywhere anywhere UNKNOWN match `udp' [4 bytes of unknown target data] RETURN tcp -- anywhere anywhere UNKNOWN match `tcp' [4 bytes of unknown target data] RETURN all -- anywhere 192.168.0.0/16 [4 bytes of unknown target data] RETURN all -- anywhere 172.16.0.0/12 [4 bytes of unknown target data] RETURN all -- anywhere 10.0.0.0/8 [4 bytes of unknown target data] How did I screw things up at my end? I know I downloaded the openvz kernel at one point, though uname suggests I'm not running it at the moment (assuming that uname would show). Perhaps that affected some #include offsets somewhere? Linux idallen.ca 2.6.24-23-generic #1 SMP Mon Jan 26 00:13:11 UTC 2009 i686 GNU/Linux kernel-related files in /boot: -rw-r--r-- 1 root root 905809 Jan 25 23:30 System.map-2.6.24-23-generic -rw-r--r-- 1 root root 951363 Jan 25 23:51 System.map-2.6.24-23-openvz -rw-r--r-- 1 root root 422838 Jan 25 23:30 abi-2.6.24-23-generic -rw-r--r-- 1 root root 80051 Jan 25 23:30 config-2.6.24-23-generic -rw-r--r-- 1 root root 90360 Jan 25 23:51 config-2.6.24-23-openvz -rw-r--r-- 1 root root 7498495 Feb 11 01:29 initrd.img-2.6.24-23-generic -rw-r--r-- 1 root root 7511690 Feb 17 16:18 initrd.img-2.6.24-23-openvz -rw-r--r-- 1 root root 1922904 Jan 25 23:30 vmlinuz-2.6.24-23-generic -rw-r--r-- 1 root root 1964312 Jan 25 23:51 vmlinuz-2.6.24-23-openvz grub boot entry (default 0 should have booted the openvz kernel...): title Ubuntu 8.04.2, kernel 2.6.24-23-openvz root (hd6,0) kernel /vmlinuz-2.6.24-23-openvz root=UUID=47ee9584-070d-4c4a-b2f9-1d1c896b2873 ro xforcevesa initrd /initrd.img-2.6.24-23-openvz title Ubuntu 8.04.2, kernel 2.6.24-23-openvz (recovery mode) root (hd6,0) kernel /vmlinuz-2.6.24-23-openvz root=UUID=47ee9584-070d-4c4a-b2f9-1d1c896b2873 ro single initrd /initrd.img-2.6.24-23-openvz title Ubuntu 8.04.2, kernel 2.6.24-23-generic root (hd6,0) kernel /vmlinuz-2.6.24-23-generic root=UUID=47ee9584-070d-4c4a-b2f9-1d1c896b2873 ro xforcevesa initrd /initrd.img-2.6.24-23-generic title Ubuntu 8.04.2, kernel 2.6.24-23-generic (recovery mode) root (hd6,0) kernel /vmlinuz-2.6.24-23-generic root=UUID=47ee9584-070d-4c4a-b2f9-1d1c896b2873 ro single initrd /initrd.img-2.6.24-23-generic -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at bugzilla.netfilter.org
2009-Apr-08 16:45 UTC
[Bug 590] iptables unknown target data
http://bugzilla.netfilter.org/show_bug.cgi?id=590
jengelh at medozas.de changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|laforge at netfilter.org |kaber at trash.net
------- Comment #2 from jengelh at medozas.de 2009-04-08 18:45 -------
Something is pretty afoul here. The data size for the mark match is always at
least 16 bytes big on commonplace hardware.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the assignee for the bug, or are watching the assignee.