| Message ID | 20151212193237.GB10759@salvia |
|---|---|
| State | RFC |
| Delegated to: | Pablo Neira |
| Headers | show |
On Sat, 12 Dec 2015 20:32:37 +0100 Pablo Neira Ayuso <pablo@netfilter.org> wrote: > There is some problem with the revision infrastructure. > > iptables is asking for a match revision that is not available in the > kernel. So the negotiation between userspace and kernel to use a given > version of this match is failing for some reason. > > Could you apply this patch and tell me what it shows when you run this > command and the one using -m state? > > BTW, any particularly on your setup that is worth mention? Nothing special here. I'll try the patch and reply back. Just a minute.
On Sat, 12 Dec 2015 20:32:37 +0100 Pablo Neira Ayuso <pablo@netfilter.org> wrote: > There is some problem with the revision infrastructure. > > iptables is asking for a match revision that is not available in the > kernel. So the negotiation between userspace and kernel to use a given > version of this match is failing for some reason. > > Could you apply this patch and tell me what it shows when you run this > command and the one using -m state? > > BTW, any particularly on your setup that is worth mention? > > Thanks. Pablo, here's the result with your patch applied: compatible_match_revision name=conntrack revision=3 compatible_match_revision name=conntrack revision=3 compatible_match_revision name=conntrack revision=3 iptables: Protocol wrong type for socket. If you need more info, just ask.
diff --git a/libxtables/xtables.c b/libxtables/xtables.c index f14d503..d0e942c 100644 --- a/libxtables/xtables.c +++ b/libxtables/xtables.c @@ -825,6 +825,8 @@ int xtables_compatible_revision(const char *name, uint8_t revision, int opt) static int compatible_match_revision(const char *name, uint8_t revision) { + printf("compatible_match_revision name=%s revision=%u\n", + name, revision); return xt_params->compat_rev(name, revision, afinfo->so_rev_match); }