Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Corbin Bird <corbinbird@×××××××.net>
To: gentoo-user@l.g.o
Subject: [gentoo-user] firewall -> kernel hardlock error
Date: Fri, 15 Jul 2016 20:50:26
Message-Id: 57894C81.5050409@charter.net
1 Getting an error with kernel 4.1.28 ( USE="experimental symlink" )
2 The firewall ( 2 different packages tried ) locks up the machine during
3 boot.
4
5 The old kernel ( 4.1.27 ) worked with no errors.
6 I copied the /usr/src/linux/.config file over from kernel 4.1.27.
7 Used "make menuconfig" to check if changes were needed.
8 Recompiled 3 different times, minor changes, same result.
9
10 reinstalled iptables, nftables, and ran "perl-cleaner reallyall".
11
12 Always locks up after rules compiled / starting to initialize iptables.
13
14 The firewalls tried :
15 arno-iptables-firewall, shorewall
16
17 Part of the kernel 4.1.28 change-log :
18
19 > Florian Westphal (20):
20 > ipv6: re-enable fragment header matching in ipv6_find_hdr
21 > netfilter: x_tables: validate e->target_offset early
22 > netfilter: x_tables: make sure e->next_offset covers remaining
23 > blob size
24 > netfilter: x_tables: fix unconditional helper
25 > netfilter: x_tables: don't move to non-existent next rule
26 > netfilter: x_tables: validate targets of jumps
27 > netfilter: x_tables: add and use xt_check_entry_offsets
28 > netfilter: x_tables: kill check_entry helper
29 > netfilter: x_tables: assert minimum target size
30 > netfilter: x_tables: add compat version of xt_check_entry_offsets
31 > netfilter: x_tables: check standard target size too
32 > netfilter: x_tables: check for bogus target offset
33 > netfilter: x_tables: validate all offsets and sizes in a rule
34 > netfilter: x_tables: don't reject valid target size on some
35 > architectures
36 > netfilter: arp_tables: simplify translate_compat_table args
37 > netfilter: ip_tables: simplify translate_compat_table args
38 > netfilter: ip6_tables: simplify translate_compat_table args
39 > netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
40 > netfilter: x_tables: do compat validation via translate_table
41 > netfilter: x_tables: introduce and use xt_copy_counters_from_user
42 I suspect this may have something to do with it.
43
44 Is anyone else seeing / experiencing this problem?

Replies

Subject Author
Re: [gentoo-user] firewall -> kernel hardlock error Mick <michaelkintzios@×××××.com>
Report Message
Find on MARC Find on Google Groups