FS#18845 : state matching (--rcheck) in xt

FS#18845 - state matching (--rcheck) in xt_recent kernel module fails

Attached to Project: Arch Linux
Opened by Leonid Isaev (lisaev) - Friday, 26 March 2010, 15:52 GMT
Last edited by Jan de Groot (JGC) - Friday, 09 April 2010, 20:08 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	No-one
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 Daniel Micay (thestinger) (2010-03-27)
Private	No

Details

Description:

In the recent kernel the module xt_recent is buggy: when one tries to match the state of a packet with "-m recent ... --rcheck -j my_chain", the event fails, although the packet should have passed to my_chain. This is only a failure of --rcheck, as --set/--remove/--seconds do work.

PS: This is clearly an upstream issue, I just add this for information.

Additional info:
A similar bug has already been noticed in Ubuntu:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/544984
* package version(s)
kernel26 2.6.32.10-1
iptables 1.4.7-1
* config and/or log files etc.
Please see the attached firewall rules, which actually fail. Note the --rcheck in IF_KNOCK chain.
Steps to reproduce:

iptables.rules_new (2.1 KiB)

This task depends upon

Closed by Jan de Groot (JGC)
Friday, 09 April 2010, 20:08 GMT
Reason for closing: Fixed

Comment by Leonid Isaev (lisaev) - Tuesday, 30 March 2010, 18:06 GMT

Reported upstream at netfilter's bugzilla:
http://bugzilla.netfilter.org/show_bug.cgi?id=642

Comment by Leonid Isaev (lisaev) - Friday, 09 April 2010, 19:53 GMT

Fixed upstream and in 2.6.33.2-1... please close.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#18845 - state matching (--rcheck) in xt_recent kernel module fails

Details

Loading...