Nevertheless, I would recommend to mr-4 to have a ipset and libmnl
compiled with debug info, point to it via LD_LIBRARY_PATH, and then feed
it through valgrind with the same input. That may give some more
insight.
Oh, by the way, forgot to add this - there is a bug in xtables-addon I
ran into while I was dealing with all this - if I have ipv6 compiled as
a *module* when I try to install xtables-addons (via kickstart) I get
these errors:
WARNING:
/lib/modules/2.6.35.13-91.fc13.i686/extra/xtables-addons/xt_RAWNAT.ko
needs unknown symbol ipv6_find_hdr
WARNING:
/lib/modules/2.6.35.13-91.fc13.i686/extra/xtables-addons/xt_SYSRQ.ko
needs unknown symbol ipv6_find_hdr
WARNING:
/lib/modules/2.6.35.13-91.fc13.i686/extra/xtables-addons/ip6table_rawpost.ko
needs unknown symbol ip6t_unregister_table
I managed to fix the "ip6table_rawpost.ko" error - the problem was with
the extensions/Kbuild file - it needed another "ifneq
(${CONFIG_IPV6_MODULE},)" "endif" block after "ifneq (${CONFIG_IPV6},)".
I saw in xt_RAWNAT.c that there is preprocessor directive which was like
"#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)" to separate
the ipv6 code from the "normal" one, but it didn't work properly for
some reason. When I forcefully removed the ipv6 code blocks from both
xt_RAWNAT.c and xt_SYSRQ.c everything was fine, so I think you need to
look at this!
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
