From: Florian Westphal <fw@strlen.de>
To: Josh Boyer <jwboyer@fedoraproject.org>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
netfilter-devel@vger.kernel.org,
David Miller <davem@davemloft.net>,
netdev <netdev@vger.kernel.org>,
Eric Dumazet <edumazet@google.com>
Subject: Re: [PATCH 1/2] netfilter: kill nf_send_reset6() from include/net/netfilter/ipv6/nf_reject.h
Date: Mon, 13 Oct 2014 17:55:10 +0200 [thread overview]
Message-ID: <20141013155510.GA26105@breakpoint.cc> (raw)
In-Reply-To: <CA+5PVA7-k-HFGUUeZ3LTCmVcmR1h_=8W-_PzRO4-2dcc_cRHaQ@mail.gmail.com>
Josh Boyer <jwboyer@fedoraproject.org> wrote:
> On Thu, Oct 9, 2014 at 2:27 PM, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> > nf_send_reset6() now resides in net/ipv6/netfilter/nf_reject_ipv6.c
> >
> > Fixes: c8d7b98 ("netfilter: move nf_send_resetX() code to nf_reject_ipvX modules")
> > Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
> > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> > Acked-by: Eric Dumazet <edumazet@google.com>
> > ---
> > include/net/netfilter/ipv6/nf_reject.h | 157 +-------------------------------
> > 1 file changed, 2 insertions(+), 155 deletions(-)
>
> Hi All,
>
> This morning I was testing a kernel build from Linus' tree as of Linux
> v3.17-7639-g90eac7eee2f4. When I rebooted my test machines, I
> couldn't ssh back into any of them. I poked around a bit and noticed
> that it seems the iptables rules weren't getting loaded properly.
> Traffic out worked fine, and I could ping the machine, but other
> incoming traffic was blocked. Then I saw that the ip6t_REJECT and
> ip6t_rpfilter modules were not being loaded on the bad kernel.
> Looking in dmesg I see:
>
> [ 14.619028] nf_reject_ipv6: module license 'unspecified' taints kernel.
> [ 14.619125] nf_reject_ipv6: Unknown symbol ip6_local_out (err 0)
Ouch. ip6_local_is EXPORT_SYMBOL_GPL.
http://patchwork.ozlabs.org/patch/398501/
should fix this.
next prev parent reply other threads:[~2014-10-13 15:55 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-09 18:27 [PATCH 0/2] Netfilter fixes for net-next Pablo Neira Ayuso
2014-10-09 18:27 ` [PATCH 1/2] netfilter: kill nf_send_reset6() from include/net/netfilter/ipv6/nf_reject.h Pablo Neira Ayuso
2014-10-13 15:41 ` Josh Boyer
2014-10-13 15:55 ` Florian Westphal [this message]
2014-10-13 16:01 ` Josh Boyer
2014-10-13 17:18 ` Josh Boyer
2014-10-09 18:27 ` [PATCH 2/2] netfilter: fix wrong arithmetics regarding NFT_REJECT_ICMPX_MAX Pablo Neira Ayuso
2014-10-10 19:01 ` [PATCH 0/2] Netfilter fixes for net-next David Miller
-- strict thread matches above, loose matches on Subject: below --
2014-10-07 17:45 [PATCH 1/2] netfilter: kill nf_send_reset6() from include/net/netfilter/ipv6/nf_reject.h Pablo Neira Ayuso
2014-10-07 17:52 ` Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141013155510.GA26105@breakpoint.cc \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jwboyer@fedoraproject.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.