Hallo,
I had the same problems with -j MARK
and found the reason and a solution for me.
The reason for the segfault is the iptables ABI change form 5 to 6 in
2011-04-14.
in file extensions/libxt_MARK.c the struct field .parse is not
initialized any more. They use now the fields .x6_parse etc. So this
change breaks wheezy stable iproute tc/m_xt.c in function parse_ipt(...)
at every placer where ->parse(...) is used.
This bug is fixed in iproute2 (2013-01-16 16:14:48 act_ipt fix xtables
breakage) upstream/3.8.0.
I tested it for libxt_MARK.c with source (3.8.0) fetched from kernel.org
and it works.
It works with debian/3.14.0-1 for me too.
My system is a little bit special ( xen-4.4 with a kernel 3.12.17 in dom0 ).
But there is an other segfault bug in iproute tc/m_xt.c print_ipt(...)
which ist not fixed up to debian/3.14.0-1
in print_ipt(...) xtables will be initialized with the static struct
tcipt_globals
at xtables_init_all(&tcipt_globals, ....) and at the end the call
xtables_free_opts(1) will destroy the .opts field of this static struct.
This will cause a segfault in tc filter show ... if there exists more
than one filter -J MARK action (for example).
I found a fix but I am not sure if it is correct.
/* tcipt_globals must be cloned because xtables_free_opts(1) destroy
tcipt_globals */
print_ipt(....) {
....
struct xtables_globals tmp_tcipt_globals;
memcpy(&tmp_tcipt_globals, &tcipt_globals, sizeof(struct xtables_globals) );
replace all other occurrence of tcipt_globals with tmp_tcipt_globals in
print_ipt(....)
Up to now I have tested this fix only with 3.8.0 after testing with 3.14
I will make a bug report at the iproute2 comunity
Sorry for the rough English. I hope the Information helps.
Best wishes
Andreas Greve
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
