Re: [xtables-addons] xt_ipp2p: fix compatibility with pre-5.1 kernels

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2021-09-14, at 09:46:20 +0200, kaskada@xxxxxxxx wrote:
> On 13. 9. 2021, at 21:53:43, Jeremy Sowden wrote:
> > `ip_transport_len` and `ipv6_transport_len` were introduced in 5.1.
> > They are both single-statement static inline functions, so add
> > fall-back implementations for compatibility with older kernels.
>
> now it is possible to compile the source on Debian 10 (kernel
> 4.19.0-17-amd64), but when I run:
>
>   $ ip6tables -t mangle -A PREROUTING -m ipp2p --dc -j ACCEPT
>
> I still get this error:
>
>   ip6tables v1.8.4 (legacy): Couldn't load match `ipp2p':No such file or directory
>   Try `ip6tables -h' or 'ip6tables --help' for more information.
>
> When I run it with strace:
>
>   $ strace ip6tables -t mangle -A PREROUTING -m ipp2p --dc -j ACCEPT
>   [...]
>   stat("/usr/lib/x86_64-linux-gnu/xtables/libip6t_ipp2p.so", 0x7fff3562dea0) = -1 ENOENT (Adresář nebo soubor neexistuje)
>
> It says this (it seems that
> "/usr/lib/x86_64-linux-gnu/xtables/libip6t_ipp2p.so" is missing, which
> is a bit suspicious).

It tries libip6t_ipp2p.so first, which fails, ...

>   stat("/usr/lib/x86_64-linux-gnu/xtables/libxt_ipp2p.so", {st_mode=S_IFREG|0755, st_size=33512, ...}) = 0
>   brk(NULL)                               = 0x562ecafdb000
>   brk(0x562ecaffc000)                     = 0x562ecaffc000
>   openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/xtables/libxt_ipp2p.so", O_RDONLY|O_CLOEXEC) = 3

... and then libxt_ipp2p.so, which succeeds.

>   read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\20\0\0\0\0\0\0"..., 832) = 832
>   fstat(3, {st_mode=S_IFREG|0755, st_size=33512, ...}) = 0
>   mmap(NULL, 16680, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f902e63a000
>   mmap(0x7f902e63b000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7f902e63b000
>   mmap(0x7f902e63c000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f902e63c000
>   mmap(0x7f902e63d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f902e63d000
>   close(3)                                = 0
>   mprotect(0x7f902e63d000, 4096, PROT_READ) = 0
>   socket(AF_INET6, SOCK_RAW, IPPROTO_RAW) = 3
>   fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
>   lstat("/proc/net/ip6_tables_names", {st_mode=S_IFREG|0440, st_size=0, ...}) = 0
>   statfs("/proc/net/ip6_tables_names", {f_type=PROC_SUPER_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0
>   getsockopt(3, SOL_IPV6, IP6T_SO_GET_REVISION_MATCH, 0x7fff3562ddb0, [30]) = -1 ENOENT (Adresář nebo soubor neexistuje)

This is the problem.  The kernel is reporting that it could not find an
ipv6 version.  That's because I forgot to add an ipv6 module alias.  I
will send a patch shortly.

J.

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux