kernel 2.4.18 and RH 7.2

kernel 2.4.18 and RH 7.2

[Joe]

Not sure if this has been reported as I am not on the mailing list.  I'm
guessing probably yes.

I have a RH 7.2 box and am getting the following error from iptables and
kernel 2.4.18. I don't get it in 2.4.17.

output from /etc/init.d/iptables start

Flushing all current rules and user defined chains:        [  OK  ]
Clearing all current rules and user defined chains:        [  OK  ]
iptables: libiptc/libip4tc.c:384: do_check: Assertion
`h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/init.d/iptables: line -242:  1222 Aborted                 iptables
-t $i -Fiptables: libiptc/libip4tc.c:384: do_check: Assertion
`h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/init.d/iptables: line -239:  1225 Aborted                 iptables
-t $i -Xiptables: libiptc/libip4tc.c:384: do_check: Assertion
`h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/init.d/iptables: line -235:  1228 Aborted                 iptables
-t $i -ZApplying iptables firewall rules:
iptables-restore: libiptc/libip4tc.c:384: do_check: Assertion
`h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/init.d/iptables: line -232:  1230 Done                    grep -v
"^[[:space:]]*#" $IPTABLES_CONFIG
      1231                       | grep -v '^[[:space:]]*$'
      1232 Aborted                 | /sbin/iptables-restore -c

from var/log/messages:

Feb 27 09:53:01 Lserver iptables: Flushing all current rules and user
defined chains: succeeded
Feb 27 09:53:01 Lserver iptables: Clearing all current rules and user
defined chains: succeeded
Feb 27 09:53:01 Lserver iptables: Flushing all current rules and user
defined chains: succeeded
Feb 27 09:53:01 Lserver iptables: Clearing all current rules and user
defined chains: succeeded
Feb 27 09:53:01 Lserver iptables: Applying iptables firewall rules
failed

Joe

Re: kernel 2.4.18 and RH 7.2

[Russell King]

On Wed, Feb 27, 2002 at 10:27:05AM -0800, Joe wrote:
> Not sure if this has been reported as I am not on the mailing list.  I'm
> guessing probably yes.
> 
> I have a RH 7.2 box and am getting the following error from iptables and
> kernel 2.4.18. I don't get it in 2.4.17.
> 
> output from /etc/init.d/iptables start
> 
> Flushing all current rules and user defined chains:        [  OK  ]
> Clearing all current rules and user defined chains:        [  OK  ]
> iptables: libiptc/libip4tc.c:384: do_check: Assertion
> `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
> /etc/init.d/iptables: line -242:  1222 Aborted                 iptables
> -t $i -Fiptables: libiptc/libip4tc.c:384: do_check: Assertion
> `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
> /etc/init.d/iptables: line -239:  1225 Aborted                 iptables
> -t $i -Xiptables: libiptc/libip4tc.c:384: do_check: Assertion
> `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
> /etc/init.d/iptables: line -235:  1228 Aborted                 iptables
> -t $i -ZApplying iptables firewall rules:
> iptables-restore: libiptc/libip4tc.c:384: do_check: Assertion
> `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
> /etc/init.d/iptables: line -232:  1230 Done                    grep -v
> "^[[:space:]]*#" $IPTABLES_CONFIG
>       1231                       | grep -v '^[[:space:]]*$'
>       1232 Aborted                 | /sbin/iptables-restore -c

I'll add a "me too" to this - 2.4.18, iptables 1.2.4

Setting up IPv4 mangle rules:
iptables: libiptc/libip4tc.c:384: do_check: Assertion `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/fw-ipv4/mangle: line 2:   215 Aborted                 iptables -t mangle -F
iptables: libiptc/libip4tc.c:384: do_check: Assertion `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/fw-ipv4/mangle: line 3:   216 Aborted                 iptables -t mangle -X
iptables: libiptc/libip4tc.c:384: do_check: Assertion `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/fw-ipv4/mangle: line 15:   217 Aborted                 iptables -t mangle -A PREROUTING -i eth0 -d xxx.xxx.xxx.xxx/xx -j ACCEPT
... lots more ...

The rules do appear to be in the kernel however.

iptables 1.2.4 was rebuild for the 2.4.17 because it stopped working at
that point.  I hope it isn't requirement to rebuild iptables against each
stable kernel release.

-- 
Russell King (rmk@arm.linux.org.uk)                The developer of ARM Linux
             http://www.arm.linux.org.uk/personal/aboutme.html

Re: kernel 2.4.18 and RH 7.2

[Alan Cox]

> iptables 1.2.4 was rebuild for the 2.4.17 because it stopped working at
> that point.  I hope it isn't requirement to rebuild iptables against each
> stable kernel release.

Its not a requirement for 1.2.4 and 2.4.18 either - what happened was that
some people (Red Hat notably) turned all the paranoid debugging stuff on
and that is what spews the warnings.

Re: kernel 2.4.18 and RH 7.2

[Lukasz Trabinski]

In article <20020227202622.A25404@flint.arm.linux.org.uk> you wrote:

> iptables 1.2.4 was rebuild for the 2.4.17 because it stopped working at
> that point.  I hope it isn't requirement to rebuild iptables against each
> stable kernel release.

Please try  1.2.6 snapshot or try rebuild it with -DNODEBUG make flag.
RPMS/SRPM available at ftp://ftp.wsisiz.edu.pl/pub/Linux/rpms-7x

-- 
*[ Łukasz Trąbiński ]*
SysAdmin @wsisiz.edu.pl

Re: kernel 2.4.18 and RH 7.2

[Joe]

Unfortunately it is not just warnings.  It does not allow the firewall /
packet filter to start and iptables -L shows an open system as the rules were
never applied.  Needless to say I'm back on 2.4.17.

Maybe I should file this as a bug with RH 7.2 then......

> > iptables 1.2.4 was rebuild for the 2.4.17 because it stopped working at
> > that point.  I hope it isn't requirement to rebuild iptables against each
> > stable kernel release.
>
> Its not a requirement for 1.2.4 and 2.4.18 either - what happened was that
> some people (Red Hat notably) turned all the paranoid debugging stuff on
> and that is what spews the warnings.