Modify

Opened 9 years ago

Closed 9 years ago

Last modified 4 years ago

#5001 closed defect (fixed)

ebtables problem

Reported by: colrack Owned by: florian
Priority: normal Milestone: Barrier Breaker 14.07
Component: kernel Version: Trunk
Keywords: Cc:

Description

If you select kmod-ebtables only ebtables module is compiled and included in the final package.
ebt_vlan, ebt_ulog, ebt_stp, ebt_snat, ebt_redirect, ebt_pkttype,
ebt_mark_m, ebt_mark, ebt_log, ebt_limit, ebt_ip, ebt_dnat, ebt_arpreply, ebt_arp, ebt_among, ebt_802_3, ebtable_nat, ebtable_filter, ebtable_broute are missing.

Tested on Atheros 231x/5312 2.6.28.9
In addition if you try to compile and include the missing modules dmesg says:

Ebtables v2.0 registered
sys_init_module: 'ebt_ulog'->init suspiciously returned 1, it should follow 0/-E convention
sys_init_module: loading module anyway...
Call Trace:[<8006a304>] 0x8006a304
[<80051b88>] 0x80051b88
[<80051b88>] 0x80051b88
[<80091d6c>] 0x80091d6c
[<800431d0>] 0x800431d0
[<800431d0>] 0x800431d0

There are problem even inserting rules:

root@OpenWrt:/# uname -a
Linux OpenWrt 2.6.28.9 #7 Fri Apr 24 01:25:00 CEST 2009 mips unknown

root@OpenWrt:/# lsmod | grep -i ebt
ebt_vlan                1584  0
ebt_ulog                4400  0
ebt_stp                 1920  0
ebt_snat                 864  0
ebt_redirect             864  0
ebt_pkttype              544  0
ebt_mark_m               608  0
ebt_mark                 704  0
ebt_log                 2496  0
ebt_limit               1088  0
ebt_ip                  1312  0
ebt_dnat                 800  0
ebt_arpreply            1120  0
ebt_arp                 1696  0
ebt_among               2272  0
ebt_802_3                704  0
ebtable_nat              864  0
ebtable_filter           832  0
ebtable_broute           704  0
ebtables               15136  3 ebtable_nat,ebtable_filter,ebtable_broute

root@OpenWrt:/# /usr/sbin/ebtables -I INPUT -i tap0 -p IPv4 --ip-protocol udp --
ip-destination-port 67:68 -j DROP
eb_tables: ip match: invalid size 32 != 28
The kernel doesn't support a certain ebtables extension, consider recompiling your kernel or insmod the extension.
root@OpenWrt:/# /usr/sbin/ebtables -I INPUT -i tap0 -p IPv4 -j DROP
eb_tables: standard target: invalid size 8 != 4
The kernel doesn't support a certain ebtables extension, consider recompiling your kernel or insmod the extension.

With earlier version of kernel all worked great

Attachments (2)

0002-ebtables-nf.patch (5.5 KB) - added by j_ohny_b 9 years ago.
split up ebtables kernel modules a bit more and actually include them into module packages
ebtables_5001.patch (777 bytes) - added by anonymous 9 years ago.
Anyone want to verify that this fixes the problem?

Download all attachments as: .zip

Change History (10)

comment:1 Changed 9 years ago by anonymous

I was having the same problem on rev=15145 with the AR71xx/RouterStation build. For this target it appears to now be fixed in rev=15489,

comment:2 Changed 9 years ago by anonymous

sorry, I double checked, and this is actually still broken. Sorry for the confusion.

comment:3 Changed 9 years ago by anonymous

moin,
I wrote a patch for better ebtables support in the firmware. I'm going to attach it to this ticket.

It splits up ebtables kernel-land into 4 packages: ebtables (which includes all core modules) ebtables-ipv4 (which includes everything needed for IPv4 filtering on layer2), ebtables-ipv6 (which includes the IPv6 module for ebtables) and ebtables-watchers (which includes all modules needed for logging).

This patch will at least include the missing modules into the packages, but the main problem still remains. Anyway, better testing can be done with actually having installed everything that is needed.

bye then
julian

Changed 9 years ago by j_ohny_b

split up ebtables kernel modules a bit more and actually include them into module packages

comment:4 Changed 9 years ago by florian

  • Owner changed from developers to florian
  • Status changed from new to assigned

Patch applied in [16980], thanks !

comment:5 Changed 9 years ago by jochen

There's yet another patch at

http://osdir.com/ml/general/2009-05/msg10369.html

to make the userspace part work correctly.

Changed 9 years ago by anonymous

Anyone want to verify that this fixes the problem?

comment:6 Changed 9 years ago by anonymous

I tested ebtables_5001.patch on SVN revision 17037 and this appears to resolve the original issue listed above. Thanks everyone!

This was tested on a Ubiquity Router Station: Atheros AR71xx/AR7240/AR9131x[2.6]

comment:7 Changed 9 years ago by florian

  • Resolution set to fixed
  • Status changed from assigned to closed

Fixed with [17087], thanks guys.

comment:8 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.