[Kernel-packages] [Bug 1827040] Re: Misbehaviour of iptables 'timestart' parameter in Ubuntu 19.04
** Changed in: iptables (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1827040 Title: Misbehaviour of iptables 'timestart' parameter in Ubuntu 19.04 Status in iptables package in Ubuntu: Invalid Status in linux package in Ubuntu: Confirmed Bug description: I have detected that iptables does not behave in the same way as with previous kernel. Old behaviour: 'timestart' referred to the absolute time (UTC or whatever) to start applying the rul New behaviour: 'timestart' refers to the offset since boot start It implies a migration of the old rules, and it is difficult to keep compatibility, as the offset is complex to behave as an absolute time. Is that expected? Man page suggests that the correct behaviour is the old one To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1827040/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1827040] Re: Misbehaviour of iptables 'timestart' parameter in Ubuntu 19.04
Hello, Tyler, I works with your patch! Confirmed that with the patch, it understands the times as absolute ones. I managed to test it in a virtual machine. Switching from one version to the other, I can verify the behaviour easily. The command I am testing is: sudo iptables -I OUTPUT -p tcp -m owner --uid-owner -m time --weekdays Su,Mo,Tu,We,Th,Fr,Sa --timestart 00:00:00 --timestop 04:30:00 -j DROP being substituted by the user to be tested. So, when those two conditions are met (the time scheduled specified and the user), then tcp packets are dropped. With 5.0.0-13 kernel, time considered is since startup, so it rejects packets since the computer is up, no matter the time. It is important to specify all the week days (or perhaps Sunday is the one that matters); If not specified all of them, the test may not be tested correctly (that was my experience) With the new kernel, it allows those packets (unless between 00:00 and 04:30, ovbiuously). I think times are UTC based, so I test and try want I want to specify a time. Thanks a lot -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1827040 Title: Misbehaviour of iptables 'timestart' parameter in Ubuntu 19.04 Status in iptables package in Ubuntu: New Status in linux package in Ubuntu: Confirmed Bug description: I have detected that iptables does not behave in the same way as with previous kernel. Old behaviour: 'timestart' referred to the absolute time (UTC or whatever) to start applying the rul New behaviour: 'timestart' refers to the offset since boot start It implies a migration of the old rules, and it is difficult to keep compatibility, as the offset is complex to behave as an absolute time. Is that expected? Man page suggests that the correct behaviour is the old one To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1827040/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1827040] Re: Misbehaviour of iptables 'timestart' parameter in Ubuntu 19.04
Hello Peret - To test the kernel that I built, you need to install the linux-modules, linux-modules-extra and linux-image-unsigned .deb packages and then reboot. After rebooting, run 'cat /proc/version_signature' and ensure that "lp1827040.1" is included in the output. Then try your iptables timestart rules to see if they work as expected. Additionally, could you include an example timestart rule that you have? I could also test it locally. Thanks! -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1827040 Title: Misbehaviour of iptables 'timestart' parameter in Ubuntu 19.04 Status in iptables package in Ubuntu: New Status in linux package in Ubuntu: Confirmed Bug description: I have detected that iptables does not behave in the same way as with previous kernel. Old behaviour: 'timestart' referred to the absolute time (UTC or whatever) to start applying the rul New behaviour: 'timestart' refers to the offset since boot start It implies a migration of the old rules, and it is difficult to keep compatibility, as the offset is complex to behave as an absolute time. Is that expected? Man page suggests that the correct behaviour is the old one To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1827040/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
Re: [Kernel-packages] [Bug 1827040] Re: Misbehaviour of iptables 'timestart' parameter in Ubuntu 19.04
Hello, Tyler,I am happy to know you have probably found the issue. And I am happy to test it. The problem is that I am not experienced in testing kernels at all.I am an advanced users, but not a programmer.I do not know how to switch (with no high risk) the kernel, test, and switch it back.If you can give me some indications, just to have an idea of the process, I think I will manage; maybe it is as simple as copying it to the place where kernels are copied, and changing the 'pointer' to the active kernel somewhere.Thanks! En jueves, 2 de mayo de 2019 16:15:31 CEST, Tyler Hicks escribió: Hi Peret - Thanks for the bug report. I was browsing through the kernel commit log and I think this bug may already be fixed by the following commit: commit 916f6efae62305796e012e7c3a7884a267cbacbf Author: Florian Westphal Date: Wed Apr 17 02:17:23 2019 +0200 netfilter: never get/set skb->tstamp https://git.kernel.org/linus/916f6efae62305796e012e7c3a7884a267cbacbf I've built a test kernel that is 5.0.0-13.14 plus that patch. Would you be able to test it? You can find it here: https://people.canonical.com/~tyhicks/lp1827040/ Thanks again! -- You received this bug notification because you are subscribed to the bug report. https://bugs.launchpad.net/bugs/1827040 Title: Misbehaviour of iptables 'timestart' parameter in Ubuntu 19.04 Status in iptables package in Ubuntu: New Status in linux package in Ubuntu: Confirmed Bug description: I have detected that iptables does not behave in the same way as with previous kernel. Old behaviour: 'timestart' referred to the absolute time (UTC or whatever) to start applying the rul New behaviour: 'timestart' refers to the offset since boot start It implies a migration of the old rules, and it is difficult to keep compatibility, as the offset is complex to behave as an absolute time. Is that expected? Man page suggests that the correct behaviour is the old one To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1827040/+subscriptions -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1827040 Title: Misbehaviour of iptables 'timestart' parameter in Ubuntu 19.04 Status in iptables package in Ubuntu: New Status in linux package in Ubuntu: Confirmed Bug description: I have detected that iptables does not behave in the same way as with previous kernel. Old behaviour: 'timestart' referred to the absolute time (UTC or whatever) to start applying the rul New behaviour: 'timestart' refers to the offset since boot start It implies a migration of the old rules, and it is difficult to keep compatibility, as the offset is complex to behave as an absolute time. Is that expected? Man page suggests that the correct behaviour is the old one To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1827040/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1827040] Re: Misbehaviour of iptables 'timestart' parameter in Ubuntu 19.04
Hi Peret - Thanks for the bug report. I was browsing through the kernel commit log and I think this bug may already be fixed by the following commit: commit 916f6efae62305796e012e7c3a7884a267cbacbf Author: Florian Westphal Date: Wed Apr 17 02:17:23 2019 +0200 netfilter: never get/set skb->tstamp https://git.kernel.org/linus/916f6efae62305796e012e7c3a7884a267cbacbf I've built a test kernel that is 5.0.0-13.14 plus that patch. Would you be able to test it? You can find it here: https://people.canonical.com/~tyhicks/lp1827040/ Thanks again! -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1827040 Title: Misbehaviour of iptables 'timestart' parameter in Ubuntu 19.04 Status in iptables package in Ubuntu: New Status in linux package in Ubuntu: Confirmed Bug description: I have detected that iptables does not behave in the same way as with previous kernel. Old behaviour: 'timestart' referred to the absolute time (UTC or whatever) to start applying the rul New behaviour: 'timestart' refers to the offset since boot start It implies a migration of the old rules, and it is difficult to keep compatibility, as the offset is complex to behave as an absolute time. Is that expected? Man page suggests that the correct behaviour is the old one To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1827040/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1827040] Re: Misbehaviour of iptables 'timestart' parameter in Ubuntu 19.04
** Also affects: iptables (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1827040 Title: Misbehaviour of iptables 'timestart' parameter in Ubuntu 19.04 Status in iptables package in Ubuntu: New Status in linux package in Ubuntu: Confirmed Bug description: I have detected that iptables does not behave in the same way as with previous kernel. Old behaviour: 'timestart' referred to the absolute time (UTC or whatever) to start applying the rul New behaviour: 'timestart' refers to the offset since boot start It implies a migration of the old rules, and it is difficult to keep compatibility, as the offset is complex to behave as an absolute time. Is that expected? Man page suggests that the correct behaviour is the old one To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1827040/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1827040] Re: Misbehaviour of iptables 'timestart' parameter in Ubuntu 19.04
** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1827040 Title: Misbehaviour of iptables 'timestart' parameter in Ubuntu 19.04 Status in linux package in Ubuntu: Confirmed Bug description: I have detected that iptables does not behave in the same way as with previous kernel. Old behaviour: 'timestart' referred to the absolute time (UTC or whatever) to start applying the rul New behaviour: 'timestart' refers to the offset since boot start It implies a migration of the old rules, and it is difficult to keep compatibility, as the offset is complex to behave as an absolute time. Is that expected? Man page suggests that the correct behaviour is the old one To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1827040/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
