netfilter buglog - Mar 2011 - [Bug 711] New: iptables -m iprange causes unknown error

http://bugzilla.netfilter.org/show_bug.cgi?id=711

           Summary: iptables -m iprange causes unknown error
           Product: netfilter/iptables
           Version: linux-2.6.x
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ip_tables (kernel)
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: sven-kernel at incase.de
   Estimated Hours: 0.0


Created an attachment (id=351)
 --> (http://bugzilla.netfilter.org/attachment.cgi?id=351)
used kernel config.

hi.

This is what I found to reproduce the bug:

09:45 root at i-fw0
~ # iptables -A INPUT -m iprange --src-range 10.10.60.55-10.10.60.56 -d
10.0.0.0/8 -p tcp --dport 161 -j ACCEPT
iptables: Unknown error 18446744073709551615

however, the xt_iprange module is loaded. Also, using the iprange module
wrongly causes a correct error message:

~ # iptables -A INPUT -m iprange -s 10.10.60.55 -d 10.0.0.0/8 -p tcp --dport
161 -j ACCEPT
iptables v1.3.5: iprange match: You must specify `--src-range' or
`--dst-range'
Try `iptables -h' or 'iptables --help' for more information.


Normal iptables (no iprange used) works well, too:

09:45 root at i-fw0
~ # iptables -A INPUT -s 10.10.60.55 -d 10.0.0.0/8 -p tcp --dport 161 -j ACCEPT
09:45 root at i-fw0

As google searches hinted at a missing module, I wrote a small shell wrapper
around modprobe which just logs the parameters that modprobe is called with.
This results in the following log:

-q -- net-pf-16-proto-9
-q -- ipt_iprange
-q -- net-pf-16-proto-9

net-pf-16 should be af_netlink, if my memory and Google foo don't fail me,
but
this module doesn't exist with my 2.6.32.29 kernel (config attached), but
seems
to be compiled in statically. But this means that the kernel shouldn't try
to
load it (in my understanding).

Also: Why does the kernel try to load ipt_iprange, when xt_iprange is loaded,
which has an alias for ipt_iprange?

I'm at the end of my wisdom what else might be causing this.

Any hints?


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

http://bugzilla.netfilter.org/show_bug.cgi?id=711


Sven Mueller <sven-kernel at incase.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sven-kernel at incase.de




-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

http://bugzilla.netfilter.org/show_bug.cgi?id=711


Sven Mueller <sven-kernel at incase.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|normal                      |major




--- Comment #1 from Sven Mueller <sven-kernel at incase.de>  2011-03-28
09:57:19 ---
I really need some help here. Any hints as to why this happens would help.
I'm
willing to do quite some trial and error, but I already tried like 5 different
kernels, all with the same result. So I think this has got to do with the
kernel configuration I'm using, on a stock kernel.org 2.6.32.29


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

http://bugzilla.netfilter.org/show_bug.cgi?id=711


Patrick McHardy <kaber at trash.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kaber at trash.net




--- Comment #2 from Patrick McHardy <kaber at trash.net>  2011-04-05
14:25:34 ---
You need to upgrade iptables, we removed support for the old iprange revision
in 2.6.31 or 2.6.32.


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

http://bugzilla.netfilter.org/show_bug.cgi?id=711


Sven Mueller <sven-kernel at incase.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




--- Comment #3 from Sven Mueller <sven-kernel at incase.de>  2011-04-06
14:36:04 ---
Confirmed: Everything works fine if I upgrade to iptables >= 1.4.9 (probably
any 1.4.x version would work?).


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

http://bugzilla.netfilter.org/show_bug.cgi?id=711


Sven Mueller <sven-kernel at incase.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|major                       |minor
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |




--- Comment #4 from Sven Mueller <sven-kernel at incase.de>  2011-04-06
14:41:45 ---
Actually, thinking about it, I should probably leave the bug open:

The error message should be fixed somehow. Just returning "-1", cast
to an
unsigned value is all but helpful. Also the kernel logs (dmesg) are not really
helpful either. Downgrading to minor though (enhancement would probably also be
OK).


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

http://bugzilla.netfilter.org/show_bug.cgi?id=711


Patrick McHardy <kaber at trash.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |FIXED




--- Comment #5 from Patrick McHardy <kaber at trash.net>  2011-04-06
16:36:58 ---
That has been fixed a long time ago. Closing.


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.