From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 4380B13831E for ; Fri, 15 Jul 2016 20:50:26 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0D5CCE0A61; Fri, 15 Jul 2016 20:50:11 +0000 (UTC) Received: from mtaout003-public.msg.strl.va.charter.net (mtaout003-public.msg.strl.va.charter.net [68.114.190.28]) by pigeon.gentoo.org (Postfix) with ESMTP id D81E2E09D2 for ; Fri, 15 Jul 2016 20:50:09 +0000 (UTC) Received: from impout004 ([68.114.189.19]) by mtaout003.msg.strl.va.charter.net (InterMail vM.9.00.023.01 201-2473-194) with ESMTP id <20160715205009.QMPK7355.mtaout003.msg.strl.va.charter.net@impout004> for ; Fri, 15 Jul 2016 15:50:09 -0500 Received: from [47.32.205.254] ([47.32.205.254]) by impout004 with charter.net id K8q91t0045Vqzzj018q94e; Fri, 15 Jul 2016 15:50:09 -0500 X-Authority-Analysis: v=2.1 cv=Zb6TN6lA c=1 sm=1 tr=0 a=O2Ph9STr0Jn0H3pslTLrdQ==:117 a=O2Ph9STr0Jn0H3pslTLrdQ==:17 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=8nJEP1OIZ-IA:10 a=zLTZwehKObCFOKIqZo4A:9 a=wPNLvfGTeEIA:10 X-Auth-id: Y29yYmluYmlyZEBjaGFydGVyLm5ldA== Message-ID: <57894C81.5050409@charter.net> Date: Fri, 15 Jul 2016 15:50:09 -0500 From: Corbin Bird User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.9) Gecko/20160413 FossaMail/25.2.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] firewall -> kernel hardlock error Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 458701a8-a7ea-4486-b0de-3b7ca5eab9a5 X-Archives-Hash: 03263ececdcf5f0c11af8f4e41676a91 Getting an error with kernel 4.1.28 ( USE="experimental symlink" ) The firewall ( 2 different packages tried ) locks up the machine during boot. The old kernel ( 4.1.27 ) worked with no errors. I copied the /usr/src/linux/.config file over from kernel 4.1.27. Used "make menuconfig" to check if changes were needed. Recompiled 3 different times, minor changes, same result. reinstalled iptables, nftables, and ran "perl-cleaner reallyall". Always locks up after rules compiled / starting to initialize iptables. The firewalls tried : arno-iptables-firewall, shorewall Part of the kernel 4.1.28 change-log : > Florian Westphal (20): > ipv6: re-enable fragment header matching in ipv6_find_hdr > netfilter: x_tables: validate e->target_offset early > netfilter: x_tables: make sure e->next_offset covers remaining > blob size > netfilter: x_tables: fix unconditional helper > netfilter: x_tables: don't move to non-existent next rule > netfilter: x_tables: validate targets of jumps > netfilter: x_tables: add and use xt_check_entry_offsets > netfilter: x_tables: kill check_entry helper > netfilter: x_tables: assert minimum target size > netfilter: x_tables: add compat version of xt_check_entry_offsets > netfilter: x_tables: check standard target size too > netfilter: x_tables: check for bogus target offset > netfilter: x_tables: validate all offsets and sizes in a rule > netfilter: x_tables: don't reject valid target size on some > architectures > netfilter: arp_tables: simplify translate_compat_table args > netfilter: ip_tables: simplify translate_compat_table args > netfilter: ip6_tables: simplify translate_compat_table args > netfilter: x_tables: xt_compat_match_from_user doesn't need a retval > netfilter: x_tables: do compat validation via translate_table > netfilter: x_tables: introduce and use xt_copy_counters_from_user I suspect this may have something to do with it. Is anyone else seeing / experiencing this problem?