Possible Bug? /proc/net/ip_tables_targets listing problem?
hno at marasystems.com
Mon Oct 10 11:28:04 CEST 2005
On Sun, 9 Oct 2005, Rob M wrote:
> The problem here is that I've only built v1.3.2 on this box. I've found
> there is a similar problem in the listing for `/proc/net/ip_tables_matches'.
> There I find a double listing for `multiport'. I don't think this is a
> feature mislisting since it is a clean build and I've done no patching (well
> the patches leading up to yes but not) beyond v1.3.2. It's as clean of a
> build as I think you can get with out totally unmerging the package and
> remerging v1.3.3, but I digress.
It is a misfeature of current Linux kernels.
> If the problem were the comparison of built modules to features that I had
> built into the kernel, there _should_ be more duplicates then 1 match and 1
> target in their respected lists.
It depends on the target/matches loaded. Some have multiple versions to
support old iptables binaries and gets listed multiple times.
> As far as I can tell, it does not affect
Correct, and is why it is a misfeature not a bug.
> But then again, I assume that when it checks to see if a match or target
> is loaded, it compared the requested match/target against the required
> list, and in turn could cause problems for checking available
> match/targets. This is an assumption that I'm making, whether it's true
> or false. If this isn't affect anything and it's simply an aesthetic
> issue, then I'm going to get back to work and just code what I'm working
> on to expect the possibilities for duplicates in these lists.
You could also submit a patch to the kernel to only list these
More information about the netfilter