Modify

Opened 8 years ago

Closed 8 years ago

Last modified 4 years ago

#5779 closed defect (duplicate)

Iptables unable to delete entries

Reported by: mschank@… Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: kernel Version: Trunk
Keywords: iptables netfilter Cc:

Description

I was receiving an error when deleting certain rules from iptables. For example, see below:

  iptables -N mytest
  iptables -A INPUT -j mytest
  iptables -D INPUT -j mytest

The delete command would fail with the message "No chain/target/match by that name."

I tracked the problem down to the 110-netfiter_match_speedup.patch. The patch defines a new flag, called IPT_F_NO_DEF_MATCH and sets it in ipt_ip.flags. The ipt_ip structures are shared between user-land and kernel iptables and this new flag is being leaked out to the user-land iptables. This is causing a mismatch when iptables is searching for a matching rule. As a work around I modified user-land iptables to apply the mask IPT_F_MASK to flags before comparing the head structures in libiptc/libip4tc.c is_same() function.

I believe the correct fix is to modify the kernel side iptables to not leak this flag value to the user-land side.

I am running Kamikaze (bleeding edge r17456) on an RB450 platform.

Attachments (0)

Change History (3)

comment:1 Changed 8 years ago by florian

This issue is still present on r20303.

comment:2 Changed 8 years ago by thepeople

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #5628

comment:3 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.