iptables (1.4.2 release) failed to run on embedded system with "can't initialize iptables table `filter'"

iptables (1.4.2 release) failed to run on embedded system with "can't initialize iptables table `filter'"

[David Wu]

I am trying to run iptables (1.4.2 release)on a MCF53281(m68knommu, 2.6.26
kernel) embedded board.
It failed with "
iptables v1.4.2: can't initialize iptables table `filter': No
chain/target/match by that name
Perhaps iptables or your kernel needs to be upgraded.

I traced the calls and found out that it failed at
iptcc_chain_index_alloc():

           h->chain_index = malloc(array_mem);

in the first call to iptcc_chain_index_alloc() array_mem is 0 which means
malloc(0) is called in the above statement.
depends on the implementation malloc(0) may return NULL which is the case
for m68k-uclinux-gcc(gcc version 4.2.3 and uClibc-0.9.29-20081003)

I have changed the code to:
          if(array_mem == 0)
                  h->chain_index = malloc(1);
          else
          h->chain_index = malloc(array_mem);

and it works(while I have to fix another error -- ip_tables: ERROR target:
invalid size 30 != 32)

My question:
    1 why tries to allocate 0 size memory, it is useful?
    2 is there any problem to the iptables program in my change?
      I may have to rebuild the toolchain so malloc will return a live
pointer for 0 size allocation.
    3 I have got the error
      ip_tables: ERROR target: invalid size 30 != 32
      from 1.3.7 and 1.4.2 (didn't try other versions) and sent to this list
a question before but haven't received any answer
   then I assume I have done something wrong.

If this is not the correct mailing list for these questions then can
someone let me know the right mailing list ?

thanks,


David Wu

iptables (1.4.2 release) failed to run on embedded system with "can't initialize iptables table `filter'"

[David Wu]

I am trying to run iptables (1.4.2 release)on a MCF53281(m68knommu, 2.6.26
kernel) embedded board.
It failed with "
iptables v1.4.2: can't initialize iptables table `filter': No
chain/target/match by that name
Perhaps iptables or your kernel needs to be upgraded.

I traced the calls and found out that it failed at
iptcc_chain_index_alloc():

            h->chain_index = malloc(array_mem);

in the first call to iptcc_chain_index_alloc() array_mem is 0 which means
malloc(0) is called in the above statement.
depends on the implementation malloc(0) may return NULL which is the case
for m68k-uclinux-gcc(gcc version 4.2.3 and uClibc-0.9.29-20081003)

I have changed the code to:
           if(array_mem == 0)
                   h->chain_index = malloc(1);
           else
           h->chain_index = malloc(array_mem);

and it works(while I have to fix another error -- ip_tables: ERROR target:
invalid size 30 != 32)

My question:
     1 why tries to allocate 0 size memory, it is useful?
     2 is there any problem to the iptables program in my change?
       I may have to rebuild the toolchain so malloc will return a live
pointer for 0 size allocation.
     3 I have got the error
       ip_tables: ERROR target: invalid size 30 != 32
       from 1.3.7 and 1.4.2 (didn't try other versions) and sent to this  
list
a question before but haven't received any answer
    then I assume I have done something wrong.

If this is not the correct mailing list for these questions then can
someone let me know the right mailing list ?

thanks,


David Wu

Re: iptables (1.4.2 release) failed to run on embedded system with "can't initialize iptables table `filter'"

[Jan Engelhardt]

On Friday 2008-11-21 15:51, David Wu wrote:

> My question:
>   1 why tries to allocate 0 size memory, it is useful?

        array_elems = (h->num_chains / list_length) + 
                      (h->num_chains % list_length ? 1 : 0); 
        array_mem   = sizeof(h->chain_index) * array_elems; 


Logically,
array_mem == 0  =>  (sizeof(h->chain_index) == 0) ^ (array_elems == 0).
And given that sizeof() is unlikely to return 0 here, array_elems must 
be 0. And the only way array_elems can be 0 is that h->num_chains < 
list_length && h->num_chains == 0.  Buf if you have 0 chains to start 
with, it sounds like it really could not get the filter to table to 
work. gdb will help.

>   2 is there any problem to the iptables program in my change?
>     I may have to rebuild the toolchain so malloc will return a live
> pointer for 0 size allocation.
>   3 I have got the error
>     ip_tables: ERROR target: invalid size 30 != 32
>     from 1.3.7 and 1.4.2 (didn't try other versions) and sent to this list
> a question before but haven't received any answer

It needs the same ABI, as was answered before:

http://marc.info/?l=netfilter-devel&m=122309437709848&w=2

Re: iptables (1.4.2 release) failed to run on embedded system with "can't initialize iptables table `filter'"

[David Wu]

On Fri, 21 Nov 2008 11:07:41 -0500, Jan Engelhardt <jengelh@medozas.de>  
wrote:

> On Friday 2008-11-21 15:51, David Wu wrote:
>
>> My question:
>>   1 why tries to allocate 0 size memory, it is useful?
>
>         array_elems = (h->num_chains / list_length) +
>                       (h->num_chains % list_length ? 1 : 0);
>         array_mem   = sizeof(h->chain_index) * array_elems;
>
>
> Logically,
> array_mem == 0  =>  (sizeof(h->chain_index) == 0) ^ (array_elems == 0).
> And given that sizeof() is unlikely to return 0 here, array_elems must
> be 0. And the only way array_elems can be 0 is that h->num_chains <
> list_length && h->num_chains == 0.  Buf if you have 0 chains to start
> with, it sounds like it really could not get the filter to table to
> work. gdb will help.

It seems that I really have a 0 chains to start. Does this include default  
chains or is it only user defined chains?

I have compiled on x86(openSUSE 11.0 (X86-64)VERSION = 11.0)
(Linux cyprus 2.6.25.11-0.1-default #1 SMP 2008-07-13 20:48:28 +0200  
x86_64 x86_64 x86_64 GNU/Linux)
and enable debug() in libiptc/libiptc.c

This is output:
cyprus:/home/wmq/iptables/iptables-1.4.2 # ./iptables -L
Alloc Chain index, elems:0 mem:0 bytes
Building chain index
Number of user defined chains:0 bucket_sz:40 array_sz:0
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

>
>>   2 is there any problem to the iptables program in my change?
>>     I may have to rebuild the toolchain so malloc will return a live
>> pointer for 0 size allocation.
>>   3 I have got the error
>>     ip_tables: ERROR target: invalid size 30 != 32
>>     from 1.3.7 and 1.4.2 (didn't try other versions) and sent to this  
>> list
>> a question before but haven't received any answer
>
> It needs the same ABI, as was answered before:
>
> http://marc.info/?l=netfilter-devel&m=122309437709848&w=2

I have built it with: (I added --disable-largefile)
$ ../configure --host=m68k-uclinux  
--with-kernel=/home/wmq/HG-REV/5329/uCmib.devel/kernel --disable-largefile  
--disable-shared CFLAGS=-DNO_SHARED_LIBS
on a machine (uname -a Linux ivymike 2.6.18.2-34-bigsmp #1 SMP Mon Nov 27  
11:46:27 UTC 2006 i686 i686 i386 GNU/Linux, openSUSE 10.2 (i586) VERSION =  
10.2)
kernel version is 2.6.26-rc7

embedded system is 32bit, building system is also 32 bit.
I don't have a clue where goes wrong. Could you give more info about which  
ABI involved.(libc ?)
>

thanks,

-- 
David Wu

Re: iptables (1.4.2 release) failed to run on embedded system with "can't initialize iptables table `filter'"

[Jan Engelhardt]

On Friday 2008-11-21 19:35, David Wu wrote:
>
> I have built it with: (I added --disable-largefile)
> $ ../configure --host=m68k-uclinux
> --with-kernel=/home/wmq/HG-REV/5329/uCmib.devel/kernel --disable-largefile
> --disable-shared CFLAGS=-DNO_SHARED_LIBS
> on a machine (uname -a Linux ivymike 2.6.18.2-34-bigsmp #1 SMP Mon Nov 27
> 11:46:27 UTC 2006 i686 i686 i386 GNU/Linux, openSUSE 10.2 (i586) VERSION =
> 10.2)
> kernel version is 2.6.26-rc7
>
> embedded system is 32bit, building system is also 32 bit.
> I don't have a clue where goes wrong. Could you give more info about which ABI
> involved.(libc ?)

ABI includes size of types and their alignment, especially:

	sizeof(int), sizeof(long),
	alignof(int), alignof(long),
	alignof(uint32_t), alignof(uint64_t)

Re: iptables (1.4.2 release) failed to run on embedded system with "can't initialize iptables table `filter'"

[David Wu]

On Sat, 22 Nov 2008 06:06:33 -0500, Jan Engelhardt <jengelh@medozas.de>  
wrote:

> On Friday 2008-11-21 19:35, David Wu wrote:
>>
>> I have built it with: (I added --disable-largefile)
>> $ ../configure --host=m68k-uclinux
>> --with-kernel=/home/wmq/HG-REV/5329/uCmib.devel/kernel  
>> --disable-largefile
>> --disable-shared CFLAGS=-DNO_SHARED_LIBS
>> on a machine (uname -a Linux ivymike 2.6.18.2-34-bigsmp #1 SMP Mon Nov  
>> 27
>> 11:46:27 UTC 2006 i686 i686 i386 GNU/Linux, openSUSE 10.2 (i586)  
>> VERSION =
>> 10.2)
>> kernel version is 2.6.26-rc7
>>
>> embedded system is 32bit, building system is also 32 bit.
>> I don't have a clue where goes wrong. Could you give more info about  
>> which ABI
>> involved.(libc ?)
>
> ABI includes size of types and their alignment, especially:
>
> 	sizeof(int), sizeof(long),
> 	alignof(int), alignof(long),
> 	alignof(uint32_t), alignof(uint64_t)
>
OK. I have found this:
http://lists.netfilter.org/pipermail/netfilter-devel/2007-January/026659.html

How about my other problem:

>> My question:
>>  1 why tries to allocate 0 size memory, it is useful?
>>       array_elems = (h->num_chains / list_length) +
>>                      (h->num_chains % list_length ? 1 : 0);
>>        array_mem   = sizeof(h->chain_index) * array_elems;

> Logically,
> array_mem == 0  =>  (sizeof(h->chain_index) == 0) ^ (array_elems == 0).
> And given that sizeof() is unlikely to return 0 here, array_elems must
> be 0. And the only way array_elems can be 0 is that h->num_chains <
> list_length && h->num_chains == 0.  Buf if you have 0 chains to start
> with, it sounds like it really could not get the filter to table to
> work. gdb will help.

It seems that I really have a 0 chains to start. Does this include default  
chains or is it only user defined chains?

I have compiled on x86(openSUSE 11.0 (X86-64)VERSION = 11.0)
(Linux cyprus 2.6.25.11-0.1-default #1 SMP 2008-07-13 20:48:28 +0200  
x86_64 x86_64 x86_64 GNU/Linux)
and enable debug() in libiptc/libiptc.c

This is output:
cyprus:/home/wmq/iptables/iptables-1.4.2 # ./iptables -L
Alloc Chain index, elems:0 mem:0 bytes
Building chain index
Number of user defined chains:0 bucket_sz:40 array_sz:0
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


-- 
David Wu

Re: iptables (1.4.2 release) failed to run on embedded system with "can't initialize iptables table `filter'"

[Jan Engelhardt]

On Tuesday 2008-11-25 18:10, David Wu wrote:
>
> It seems that I really have a 0 chains to start. Does this include default
> chains or is it only user defined chains?

Apparently only user-defined chains. Seems ok to me.

> I have compiled on x86(openSUSE 11.0 (X86-64)VERSION = 11.0)
> (Linux cyprus 2.6.25.11-0.1-default #1 SMP 2008-07-13 20:48:28 +0200 x86_64
> x86_64 x86_64 GNU/Linux)
> and enable debug() in libiptc/libiptc.c
>

Re: iptables (1.4.2 release) failed to run on embedded system with "can't initialize iptables table `filter'"

[David Wu]

On Tue, 25 Nov 2008 12:45:55 -0500, Jan Engelhardt <jengelh@medozas.de>  
wrote:

> On Tuesday 2008-11-25 18:10, David Wu wrote:
>>
>> It seems that I really have a 0 chains to start. Does this include  
>> default
>> chains or is it only user defined chains?
>
> Apparently only user-defined chains. Seems ok to me.

Then will there be a patch for the implementation of malloc() which  
returns a NULL for 0 size allocation?

>> I have compiled on x86(openSUSE 11.0 (X86-64)VERSION = 11.0)
>> (Linux cyprus 2.6.25.11-0.1-default #1 SMP 2008-07-13 20:48:28 +0200  
>> x86_64
>> x86_64 x86_64 GNU/Linux)
>> and enable debug() in libiptc/libiptc.c
>>
>
>



-- 
David Wu

Re: iptables (1.4.2 release) failed to run on embedded system with "can't initialize iptables table `filter'"

[Jan Engelhardt]

On Tuesday 2008-11-25 20:07, David Wu wrote:
> On Tue, 25 Nov 2008 12:45:55 -0500, Jan Engelhardt <jengelh@medozas.de> wrote:
>> On Tuesday 2008-11-25 18:10, David Wu wrote:
>> >
>> >It seems that I really have a 0 chains to start. Does this include default
>> >chains or is it only user defined chains?
>>
>> Apparently only user-defined chains. Seems ok to me.
>
> Then will there be a patch for the implementation of malloc() which returns a
> NULL for 0 size allocation?

Like this?
(Patrick, try not to screw up utf-8 in the git log too often ;-)

commit 3430170eca6bf73b590ddbd1a1ee0573862ff555
Author: Jan Engelhardt <jengelh@medozas.de>
Date:   Wed Nov 26 17:13:57 2008 +0100

libiptc: guard chain index allocation for different malloc implementations

Some libc implementations such as µClibc return NULL on malloc(0).
They are free to do that per C standard.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 libiptc/libiptc.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index 13e4c69..544a5b2 100644
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -503,7 +503,7 @@ static int iptcc_chain_index_alloc(struct xtc_handle *h)
 	      array_elems, array_mem);
 
 	h->chain_index = malloc(array_mem);
-	if (!h->chain_index) {
+	if (h->chain_index == NULL && array_mem > 0) {
 		h->chain_index_sz = 0;
 		return -ENOMEM;
 	}

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: iptables (1.4.2 release) failed to run on embedded system with "can't initialize iptables table `filter'"

[Patrick McHardy]

Jan Engelhardt wrote:
> (Patrick, try not to screw up utf-8 in the git log too often ;-)

If you try not to use it at every possible opportunity ... :)

> commit 3430170eca6bf73b590ddbd1a1ee0573862ff555
> Author: Jan Engelhardt <jengelh@medozas.de>
> Date:   Wed Nov 26 17:13:57 2008 +0100
> 
> libiptc: guard chain index allocation for different malloc implementations
> 
> Some libc implementations such as µClibc return NULL on malloc(0).
> They are free to do that per C standard.

Applied, thanks.

That behaviour is a bit stupid in my opinion though, it puts the burden
on every caller using dynamically calculated sizes. I would expect more
things to break from this.

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: iptables (1.4.2 release) failed to run on embedded system with "can't initialize iptables table `filter'"

[Jan Engelhardt]

On Wednesday 2008-11-26 17:25, Patrick McHardy wrote:
> Jan Engelhardt wrote:
>> (Patrick, try not to screw up utf-8 in the git log too often ;-)
>
> If you try not to use it at every possible opportunity ... :)

You fail it ;-)


Date:   Wed Nov 26 17:18:08 2008 +0100

    libiptc: guard chain index allocation for different malloc implementations
    
    Some libc implementations such as <265>Clibc return NULL on malloc(0).
    They are free to do that per C standard.