[gentoo-user] Linux 4.19.8 kernel panics with netfilter/iptables

[gentoo-user] Linux 4.19.8 kernel panics with netfilter/iptables

[Ralph Seichter]

With kernel versions 4.19.0 to 4.19.8, I see kernel panics whenever
I activate some iptables rules. The same ruleset works fine with all
earlier kernel versions.

I found https://marc.info/?l=netfilter-devel&m=154211825506348&w=2 and
was wondering if there is any workaround/patch availabe in Gentoo?

-Ralph

Re: [gentoo-user] Linux 4.19.8 kernel panics with netfilter/iptables

[Hasan Ç.]

[-- Attachment #1: Type: text/plain, Size: 582 bytes --]

Can you share your iptables rules i am on 4.19.8 too with exact version of
kernel c headers & updated glibc.
I can share my results.

Hasan.

Ralph Seichter <m16+gentoo@monksofcool.net>, 12 Ara 2018 Çar, 16:40
tarihinde şunu yazdı:

> With kernel versions 4.19.0 to 4.19.8, I see kernel panics whenever
> I activate some iptables rules. The same ruleset works fine with all
> earlier kernel versions.
>
> I found https://marc.info/?l=netfilter-devel&m=154211825506348&w=2 and
> was wondering if there is any workaround/patch availabe in Gentoo?
>
> -Ralph
>
>

[-- Attachment #2: Type: text/html, Size: 1020 bytes --]

Re: [gentoo-user] Linux 4.19.8 kernel panics with netfilter/iptables

[Ralph Seichter]

* Hasan Ç.:

> Can you share your iptables rules i am on 4.19.8 too with exact
> version of kernel c headers & updated glibc.

Here you go: https://pastebin.com/f8V8DfFU

As you can see, I obfuscated some IP addresses, but other than that,
this is the original ruleset.

-Ralph

Re: [gentoo-user] Linux 4.19.8 kernel panics with netfilter/iptables

[Ralph Seichter]

* Hasan Ç.:

> I can share my results.

Have you been able to run some tests yet?

-Ralph

Re: [gentoo-user] Linux 4.19.8 kernel panics with netfilter/iptables

[Andrew Savchenko]

[-- Attachment #1: Type: text/plain, Size: 709 bytes --]

On Wed, 12 Dec 2018 14:39:48 +0100 Ralph Seichter wrote:
> With kernel versions 4.19.0 to 4.19.8, I see kernel panics whenever
> I activate some iptables rules. The same ruleset works fine with all
> earlier kernel versions.
> 
> I found https://marc.info/?l=netfilter-devel&m=154211825506348&w=2 and
> was wondering if there is any workaround/patch availabe in Gentoo?

You can apply patches by your own. This is easy:

1. Create dir /etc/portage/patches/sys-kernel/gentoo-sources-4.19.8
(or whatever kernel you are using).
2. Put patches there, ensure file names end with ".patch".

More details are here:
https://wiki.gentoo.org/wiki//etc/portage/patches

Best regards,
Andrew Savchenko

[-- Attachment #2: Type: application/pgp-signature, Size: 833 bytes --]

Re: [gentoo-user] Linux 4.19.8 kernel panics with netfilter/iptables

[Hasan Ç.]

[-- Attachment #1: Type: text/plain, Size: 1412 bytes --]

Hi Ralph,

Sorry for very very late answer.I am on prod. with 4.19.8 kernel and i
confirm that i don't have a such problem with iptables.I am not sure what
is the exact solution of your problem but the one thing i guess your linux
headers (4.13 or 4.14 if you follow mainstream) & kernel .config and kernel
version mistmatch.I have own compiled kernel and also re-compiled glibc
with 4.19.8 headers also re-compiled @world and @system :)

The only issue i faced with this setup is kernel audit. sys-process/audit
package can't compile because of 4.19.8 headers.


Andrew Savchenko <bircoph@gentoo.org>, 23 Ara 2018 Paz, 18:34 tarihinde
şunu yazdı:

> On Wed, 12 Dec 2018 14:39:48 +0100 Ralph Seichter wrote:
> > With kernel versions 4.19.0 to 4.19.8, I see kernel panics whenever
> > I activate some iptables rules. The same ruleset works fine with all
> > earlier kernel versions.
> >
> > I found https://marc.info/?l=netfilter-devel&m=154211825506348&w=2 and
> > was wondering if there is any workaround/patch availabe in Gentoo?
>
> You can apply patches by your own. This is easy:
>
> 1. Create dir /etc/portage/patches/sys-kernel/gentoo-sources-4.19.8
> (or whatever kernel you are using).
> 2. Put patches there, ensure file names end with ".patch".
>
> More details are here:
> https://wiki.gentoo.org/wiki//etc/portage/patches
>
> Best regards,
> Andrew Savchenko
>

[-- Attachment #2: Type: text/html, Size: 2016 bytes --]