[Bug 711] New: iptables -m iprange causes unknown error

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Fri Mar 18 11:58:30 CET 2011 

http://bugzilla.netfilter.org/show_bug.cgi?id=711

           Summary: iptables -m iprange causes unknown error
           Product: netfilter/iptables
           Version: linux-2.6.x
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ip_tables (kernel)
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: sven-kernel at incase.de
   Estimated Hours: 0.0


Created an attachment (id=351)
 --> (http://bugzilla.netfilter.org/attachment.cgi?id=351)
used kernel config.

hi.

This is what I found to reproduce the bug:

09:45 root at i-fw0
~ # iptables -A INPUT -m iprange --src-range 10.10.60.55-10.10.60.56 -d
10.0.0.0/8 -p tcp --dport 161 -j ACCEPT
iptables: Unknown error 18446744073709551615

however, the xt_iprange module is loaded. Also, using the iprange module
wrongly causes a correct error message:

~ # iptables -A INPUT -m iprange -s 10.10.60.55 -d 10.0.0.0/8 -p tcp --dport
161 -j ACCEPT
iptables v1.3.5: iprange match: You must specify `--src-range' or `--dst-range'
Try `iptables -h' or 'iptables --help' for more information.


Normal iptables (no iprange used) works well, too:

09:45 root at i-fw0
~ # iptables -A INPUT -s 10.10.60.55 -d 10.0.0.0/8 -p tcp --dport 161 -j ACCEPT
09:45 root at i-fw0

As google searches hinted at a missing module, I wrote a small shell wrapper
around modprobe which just logs the parameters that modprobe is called with.
This results in the following log:

-q -- net-pf-16-proto-9
-q -- ipt_iprange
-q -- net-pf-16-proto-9

net-pf-16 should be af_netlink, if my memory and Google foo don't fail me, but
this module doesn't exist with my 2.6.32.29 kernel (config attached), but seems
to be compiled in statically. But this means that the kernel shouldn't try to
load it (in my understanding).

Also: Why does the kernel try to load ipt_iprange, when xt_iprange is loaded,
which has an alias for ipt_iprange?

I'm at the end of my wisdom what else might be causing this.

Any hints?


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

More information about the netfilter-buglog mailing list