[Bug 474] New: nf_conntrack marks all packets as INVALID on sparc64
(probably endianness bug)
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Thu May 11 17:51:44 CEST 2006
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=474
Summary: nf_conntrack marks all packets as INVALID on sparc64
(probably endianness bug)
Product: netfilter/iptables
Version: linux-2.6.x
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: nf_conntrack
AssignedTo: yasuyuki.kozakai at toshiba.co.jp
ReportedBy: jan.oravec at 6com.sk
I have new connection tracking engine in kernel 2.6.16 -- nf_conntrack -- and
the following rules in IPv4 iptables INPUT table:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state INVALID -j DROP
All INPUT packet are dropped on the INVALID rule. (e.g. icmp echo request/reply,
...)
The machine is sparc64 running 64-bit kernel. I think that the problem is
related to big endianness, because I haven't observed it on other architectures
(amd64, x86).
The nf_conntrack is loaded into kernel as module.
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the netfilter-buglog
mailing list