FS#61303 - [ebtables] ebtables-restore always throws an error

Attached to Project: Arch Linux
Opened by Michael Taboada (lilmike) - Monday, 07 January 2019, 23:23 GMT
Last edited by Sébastien Luttringer (seblu) - Tuesday, 13 April 2021, 09:53 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Sébastien Luttringer (seblu)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:

When running ebtables-restore at any time, I get the following error:

Unable to update the kernel. Two possible causes:
1. Multiple ebtables programs were executing simultaneously. The ebtables
userspace tool doesn't by default support multiple ebtables programs running
concurrently. The ebtables option --concurrent or a tool like flock can be
used to support concurrent scripts that update the ebtables kernel tables.
2. The kernel doesn't support a certain ebtables extension, consider
recompiling your kernel or insmod the extension.
.

I know not more than one ebtables program is running at the same time, and I know the kernel has all extensions needed because I can run ebtables on each line of /etc/ebtables.conf manually and it works fine.

Additional info:
* package version(s) 2.0.10_4-7
* config and/or log files etc.


Steps to reproduce:

Use ebtables to add a rule like "-A FORWARD -p IPv4 -s <random mac address> --ip-src <random ipv4 address> -j ACCEPT" and set forward policy to DROP "ebtables -P FORWARD DROP", /usr/lib/systemd/scripts/ebtables save, then reboot or clear ebtables, and /usr/lib/systemd/scripts/ebtables start. you will get the error above.
This task depends upon

Closed by  Sébastien Luttringer (seblu)
Tuesday, 13 April 2021, 09:53 GMT
Reason for closing:  Won't fix
Additional comments about closing:  Remove from the tree
Comment by Michael Taboada (lilmike) - Friday, 25 January 2019, 22:40 GMT
Any news on this one?
Comment by loqs (loqs) - Sunday, 27 January 2019, 22:44 GMT
You could investigate http://git.netfilter.org/ebtables/tree/communication.c?id=1a7e3fd95e395117fc468b10560a49a5716ef035#n218 and report the issue upstream possibly http://vger.kernel.org/vger-lists.html#netfilter
Comment by PyroPeter (pyropeter) - Thursday, 06 February 2020, 14:09 GMT
This bug is probably just caused by ArchLinux shipping a 9 years old release of ebtables. Maybe someone could updated the package? It was flagged out-of-date three months ago.
Comment by Sébastien Luttringer (seblu) - Thursday, 06 February 2020, 14:58 GMT
2 month ago. Did the new version fixed the issue?
Comment by Gerardo Exequiel Pozzi (djgera) - Friday, 18 September 2020, 16:14 GMT
2.0.11 fix the issue, anyway is an really old tool. Better go with iptables-nft with up-to-date compat/legacy tools.

Loading...