* ebtables not working correctly with 1086bbe97a074844188c6c988fa0b1a98c3ccbb9
@ 2015-05-26 2:09 Bernhard Thaler
2015-05-26 8:14 ` Florian Westphal
0 siblings, 1 reply; 2+ messages in thread
From: Bernhard Thaler @ 2015-05-26 2:09 UTC (permalink / raw)
To: netfilter-devel; +Cc: davej, Pablo Neira Ayuso
Hi,
setting rules with ebtables does not work for me any more with
1086bbe97a074844188c6c988fa0b1a98c3ccbb9 / "netfilter: ensure number of
counters is >0 in do_replace()" in place.
There is an error message and no rules set in the end.
e.g.
root@kali:~# ebtables -t nat -A POSTROUTING --src 12:34:56:78:9a:bc -j DROP
Unable to update the kernel. Two possible causes:
1. Multiple ebtables programs were executing simultaneously. The ebtables
userspace tool doesn't by default support multiple ebtables programs
running
concurrently. The ebtables option --concurrent or a tool like flock
can be
used to support concurrent scripts that update the ebtables kernel
tables.
2. The kernel doesn't support a certain ebtables extension, consider
recompiling your kernel or insmod the extension.
.
The rule is not set:
root@kali:~# ebtables -t nat -Ln --Lc
Bridge table: nat
Bridge chain: PREROUTING, entries: 0, policy: ACCEPT
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
Bridge chain: POSTROUTING, entries: 0, policy: ACCEPT
With 1086bbe97a074844188c6c988fa0b1a98c3ccbb9 reverted everything works
fine again.
root@kali:~# ebtables -t nat -A POSTROUTING --src 12:34:56:78:9a:bc -j DROP
root@kali:~# ebtables -t nat -Ln --Lc
Bridge table: nat
Bridge chain: PREROUTING, entries: 0, policy: ACCEPT
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
Bridge chain: POSTROUTING, entries: 1, policy: ACCEPT
-s 12:34:56:78:9a:bc -j DROP , pcnt = 0 -- bcnt = 0
It is not this particular example, almost every rule I want to add with
ebtables leads to this error message.
Any ideas why this is happening? I used Debian 7 packaged ebtables
version and newly compiled ebtables from current git repository, same
result for both.
Regards,
Bernhard
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: ebtables not working correctly with 1086bbe97a074844188c6c988fa0b1a98c3ccbb9
2015-05-26 2:09 ebtables not working correctly with 1086bbe97a074844188c6c988fa0b1a98c3ccbb9 Bernhard Thaler
@ 2015-05-26 8:14 ` Florian Westphal
0 siblings, 0 replies; 2+ messages in thread
From: Florian Westphal @ 2015-05-26 8:14 UTC (permalink / raw)
To: Bernhard Thaler; +Cc: netfilter-devel, davej, Pablo Neira Ayuso
Bernhard Thaler <bernhard.thaler@wvnet.at> wrote:
> setting rules with ebtables does not work for me any more with
> 1086bbe97a074844188c6c988fa0b1a98c3ccbb9 / "netfilter: ensure number of
> counters is >0 in do_replace()" in place.
>
> There is an error message and no rules set in the end.
>
> e.g.
>
> root@kali:~# ebtables -t nat -A POSTROUTING --src 12:34:56:78:9a:bc -j DROP
> Unable to update the kernel. Two possible causes:
> 1. Multiple ebtables programs were executing simultaneously. The ebtables
> userspace tool doesn't by default support multiple ebtables programs
> running
[..]
> With 1086bbe97a074844188c6c988fa0b1a98c3ccbb9 reverted everything works
> fine again.
Yes, seems we don't want the ebtables part of that commit.
The vmalloc() calls are conditional on repl->num_counters in ebtables,
and no counters are fetched on zero.
Would you mind submitting a partial revert patch?
Thanks for debugging this!
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-05-26 8:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-05-26 2:09 ebtables not working correctly with 1086bbe97a074844188c6c988fa0b1a98c3ccbb9 Bernhard Thaler
2015-05-26 8:14 ` Florian Westphal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).