netfilter buglog - Mar 2018 - [Bug 1235] New: Error Message "Memory allocation problem" using hashlimit match

https://bugzilla.netfilter.org/show_bug.cgi?id=1235

            Bug ID: 1235
           Summary: Error Message "Memory allocation problem" using
                    hashlimit match
           Product: iptables
           Version: 1.6.x
          Hardware: x86_64
                OS: Gentoo
            Status: NEW
          Severity: normal
          Priority: P5
         Component: iptables
          Assignee: netfilter-buglog at lists.netfilter.org
          Reporter: nrittner at layer23.de

When using "--match hashlimit" with "--hashlimit-name" that
contains a slash,
iptables terminates with the error message: "iptables: Memory allocation
problem."
since "--hashlimit-name" is used to compose a state-filename within
/proc/net/ipt_hashlimit without any further subdirectories, a useful hint
should be printed out, rather than dying with that error.
relevant lines of strace are:

getsockopt(4, SOL_IP, IPT_SO_GET_INFO,
"filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84])
= 0
getsockopt(4, SOL_IP, IPT_SO_GET_ENTRIES,
"filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
[34176]) = 0
setsockopt(4, SOL_IP, IPT_SO_SET_REPLACE,
"filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
34720) = -1
ENOMEM (Cannot allocate memory)
close(4)                                = 0
write(2, "iptables: Memory allocation prob"..., 37iptables: Memory
allocation
problem.
) = 37

kernel version: 4.9.76 x86_64
reproducible:   always

maybe the reason is to be find in kernel-code rather than in the
iptables-command ? - don't know

cheers,

nico

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180316/48e5c6d8/attachment.html>