Modify

Opened 5 years ago

Closed 5 years ago

Last modified 2 years ago

#10378 closed defect (fixed)

ipset input/output error

Reported by: colchaodemola@… Owned by: developers
Priority: high Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: Cc:

Description

# ipset -N myLAN macipmap --network 192.168.1.0/24
# ipset  -A LAN  192.168.1.1,00:01:02:03:04:05
# iptables  -A INPUT -i br-lan -p tcp --dport ssh -m set --match-set LAN src  -j ACCEPT
iptables: Input/output error.
# lsmod | grep -i set
ipt_SET                 1072  0 
ipt_set                  832  0 
ip_set_setlist          2944  0 
ip_set_portmap          3184  0 
ip_set_nethash          7776  0 
ip_set_macipmap         2336  1 
ip_set_iptreemap        8368  0 
ip_set_iptree           4416  0 
ip_set_ipportnethash     9584  0 
ip_set_ipportiphash     7232  0 
ip_set_ipporthash       6656  0 
ip_set_ipmap            2960  0 
ip_set_iphash           5584  0 
ip_set                 11648 24 ipt_SET,ipt_set,ip_set_setlist,ip_set_portmap,ip_set_nethash,ip_set_macipmap,ip_set_iptreemap,ip_set_iptree,ip_set_ipportnethash,ip_set_ipportiphash,ip_set_ipporthash,ip_set_ipmap,ip_set_iphash
x_tables                9936 33 xt_connlimit,xt_IMQ,ipt_SET,ipt_set,xt_CLASSIFY,xt_time,xt_tcpmss,xt_mark,xt_length,xt_string,xt_layer7,xt_hl,xt_HL,xt_pkttype,xt_physdev,ipt_REDIRECT,ipt_MASQUERADE,iptable_nat,xt_recent,xt_connmark,xt_conntrack,iptable_raw,xt_state,ipt_REJECT,xt_TCPMSS,ipt_LOG,xt_multiport,xt_mac,xt_limit,iptable_mangle,iptable_filter,ip_tables,xt_tcpudp


It just does not work as it worked before.

ATTITUDE ADJUSTMENT (bleeding edge, r28527)

Linux KamiKASE 3.0.3 # 23 Mon Nov 7 20:11:16 BRT 2011 mips GNU/Linux

Attachments (1)

969-iptables-fix.patch (511 bytes) - added by anonymous 5 years ago.

Download all attachments as: .zip

Change History (12)

comment:1 Changed 5 years ago by colchaodemola@…

no one with this problem ?
There is no log in syslog or dmesg. Any other information i could provide ?

comment:2 Changed 5 years ago by colchaodemola@…

The end ofa strace shows me this:

open("/lib/libgcc_s.so.1", O_RDONLY)    = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=71575, ...}) = 0
close(3)                                = 0
open("/lib/libc.so.0", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=351357, ...}) = 0
close(3)                                = 0
open("/lib/libdl.so.0", O_RDONLY)       = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=8350, ...}) = 0
close(3)                                = 0
open("/lib/libgcc_s.so.1", O_RDONLY)    = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=71575, ...}) = 0
close(3)                                = 0
open("/lib/libc.so.0", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=351357, ...}) = 0
close(3)                                = 0
open("/lib/libc.so.0", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=351357, ...}) = 0
close(3)                                = 0
open("/lib/libc.so.0", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=351357, ...}) = 0
close(3)                                = 0
open("/lib/libc.so.0", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=351357, ...}) = 0
close(3)                                = 0
stat("/lib/ld-uClibc.so.0", {st_mode=S_IFREG|0755, st_size=28978, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|0x4000000, -1, 0) = 0x2b10a000
set_thread_area(0x2b1112d0)             = 0
mprotect(0x2b157000, 4096, PROT_READ)   = 0
mprotect(0x2b204000, 4096, PROT_READ)   = 0
mprotect(0x2b118000, 4096, PROT_READ)   = 0
ioctl(0, TIOCNXCL, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCNXCL, {B38400 opost isig icanon echo ...}) = 0
open("/usr/lib/iptables/libxt_set.so", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=7355, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|0x4000000, -1, 0) = 0x2b10b000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\10\0\1\0\0\0`\10\0\0004\0\0\0"..., 4096) = 4096
old_mmap(NULL, 73728, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b20b000
old_mmap(0x2b20b000, 6988, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x2b20b000
old_mmap(0x2b21c000, 3259, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1000) = 0x2b21c000
close(3)                                = 0
brk(0)                                  = 0x46d000
brk(0x46e000)                           = 0x46e000
munmap(0x2b10b000, 4096)                = 0
open("/lib/libgcc_s.so.1", O_RDONLY)    = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=71575, ...}) = 0
close(3)                                = 0
open("/lib/libc.so.0", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=351357, ...}) = 0
close(3)                                = 0
open("/lib/libc.so.0", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=351357, ...}) = 0
close(3)                                = 0
open("/lib/ld-uClibc.so.0", O_RDONLY)   = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=28978, ...}) = 0
close(3)                                = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
getsockopt(3, SOL_IP, 0x42 /* IP_??? */, 0x7f96babc, 0x7f96bab8) = -1 EPROTONOSUPPORT (Protocol not supported)
close(3)                                = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
getsockopt(3, SOL_IP, 0x42 /* IP_??? */, "set\0\0\20\22+\0\0\0\0x\321F\0\0\0\0\0000\327\24+\2\0\0\0\340\0", [30]) = 0
close(3)                                = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
getsockopt(3, SOL_IP, 0x53 /* IP_??? */, "\0\1\0\0\4\0\0\0", [8]) = 0
getsockopt(3, SOL_IP, 0x53 /* IP_??? */, "\6\0\0\0\4\0\0\0\0\0N\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [40]) = 0
close(3)                                = 0
open("/usr/lib/iptables/libxt_standard.so", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=2371, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|0x4000000, -1, 0) = 0x2b10b000
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\10\0\1\0\0\0\300\5\0\0004\0\0\0"..., 4096) = 2371
old_mmap(NULL, 69632, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b21d000
old_mmap(0x2b21d000, 2200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x2b21d000
old_mmap(0x2b22d000, 2371, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x2b22d000
close(3)                                = 0
munmap(0x2b10b000, 4096)                = 0
open("/lib/libgcc_s.so.1", O_RDONLY)    = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=71575, ...}) = 0
close(3)                                = 0
open("/lib/libc.so.0", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=351357, ...}) = 0
close(3)                                = 0
open("/lib/libc.so.0", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=351357, ...}) = 0
close(3)                                = 0
open("/lib/ld-uClibc.so.0", O_RDONLY)   = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=28978, ...}) = 0
close(3)                                = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
getsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84]) = 0
brk(0x46f000)                           = 0x46f000
getsockopt(3, SOL_IP, 0x41 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [3656]) = 0
brk(0x470000)                           = 0x470000
brk(0x471000)                           = 0x471000
setsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 3928) = -1 EIO (Input/output error)
close(3)                                = 0
write(2, "iptables: ", 10iptables: )              = 10
write(2, "Input/output error", 18Input/output error)      = 18
write(2, ".\n", 2.
)                      = 2
munmap(0x2b21d000, 67952)               = 0
munmap(0x2b20b000, 72928)               = 0
exit_group(1)                           = ?

comment:3 Changed 5 years ago by anonymous

I am having exactly the same problem.
I think it is related to the 2.6.35 api changes;

comment:4 Changed 5 years ago by anonymous

i tried update to iptables 1.4.12 and still get input output error

comment:5 follow-up: Changed 5 years ago by vovan@…

I have this problem with r28279(kernel 2.6.39.4, iptables v1.4.10). Any updates on this matter?

comment:6 in reply to: ↑ 5 ; follow-up: Changed 5 years ago by anonymous

Replying to vovan@…:

I have this problem with r28279(kernel 2.6.39.4, iptables v1.4.10). Any updates on this matter?

I had the same issue and modified the x_tables.c as below :
function xt_check_match: changed following lines from :

if (par->match->checkentry != NULL) { ret = par->match->checkentry(par); if (ret < 0) return ret; else if (ret > 0) { /* Flag up potential errors. */ return -EIO; } }

to :

if (par->match->checkentry != NULL && !par->match->checkentry(par)) return -EINVAL;

Similarly in function xt_check_target : changed lines from:

if (par->target->checkentry != NULL) { ret = par->target->checkentry(par); if (ret < 0) return ret; else if (ret > 0) { /* Flag up potential errors. */ return -EIO; } }

to:

if (par->target->checkentry != NULL && !par->target->checkentry(par)) return -EINVAL;

Changed the new kernel code to old kernel code then the issue was not seen.

Changed 5 years ago by anonymous

comment:7 in reply to: ↑ 6 Changed 5 years ago by anonymous

Replying to anonymous:

Replying to vovan@…:

I have this problem with r28279(kernel 2.6.39.4, iptables v1.4.10). Any updates on this matter?

I had the same issue and modified the x_tables.c as below :
function xt_check_match: changed following lines from :

if (par->match->checkentry != NULL) { ret = par->match->checkentry(par); if (ret < 0) return ret; else if (ret > 0) { /* Flag up potential errors. */ return -EIO; } }

to :

if (par->match->checkentry != NULL && !par->match->checkentry(par)) return -EINVAL;

Similarly in function xt_check_target : changed lines from:

if (par->target->checkentry != NULL) { ret = par->target->checkentry(par); if (ret < 0) return ret; else if (ret > 0) { /* Flag up potential errors. */ return -EIO; } }

to:

if (par->target->checkentry != NULL && !par->target->checkentry(par)) return -EINVAL;

Changed the new kernel code to old kernel code then the issue was not seen.

This change will make target LOG return "Invalid argument"
I am facing the same problem, with r30857 & Linux 3.2.9 & iptables 1.4.10
just delete "else if (ret > 0) { /* Flag up potential errors. */ return -EIO; }" solve the problem, and I have attached my patch

comment:8 Changed 5 years ago by jow

  • Resolution set to fixed
  • Status changed from new to closed

I updated ipset to version 6.11 and successfully tested it with Kernel 3.2.9 on ar71xx:

root@OpenWrt:/# 
root@OpenWrt:/# ipset create test hash:ip
root@OpenWrt:/# iptables -I OUTPUT -m set --match-set test dst -j LOG
root@OpenWrt:/# ping 141.1.1.1 >/dev/null &
root@OpenWrt:/# ipset add test 141.1.1.1
root@OpenWrt:/# [  609.970000] IN= OUT=br-lan SRC=10.11.12.151 DST=141.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=12 
[  610.980000] IN= OUT=br-lan SRC=10.11.12.151 DST=141.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=13 
[  611.990000] IN= OUT=br-lan SRC=10.11.12.151 DST=141.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=14 
[  613.010000] IN= OUT=br-lan SRC=10.11.12.151 DST=141.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=15 
[  614.020000] IN= OUT=br-lan SRC=10.11.12.151 DST=141.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=16 
[  615.030000] IN= OUT=br-lan SRC=10.11.12.151 DST=141.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=17 
root@OpenWrt:/# [  616.040000] IN= OUT=br-lan SRC=10.11.12.151 DST=141.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=18 
[  617.060000] IN= OUT=br-lan SRC=10.11.12.151 DST=141.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=19 
ipset[  618.070000] IN= OUT=br-lan SRC=10.11.12.151 DST=141.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=20 
 remove t[  619.080000] IN= OUT=br-lan SRC=10.11.12.151 DST=141.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=21 
est 141.[  620.100000] IN= OUT=br-lan SRC=10.11.12.151 DST=141.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=22 
1.1.1
root@OpenWrt:/# [  621.110000] IN= OUT=br-lan SRC=10.11.12.151 DST=141.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=23 
[  622.120000] IN= OUT=br-lan SRC=10.11.12.151 DST=141.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=24 
[  623.140000] IN= OUT=br-lan SRC=10.11.12.151 DST=141.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=25 
[  624.150000] IN= OUT=br-lan SRC=10.11.12.151 DST=141.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=26 
[  625.160000] IN= OUT=br-lan SRC=10.11.12.151 DST=141.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=27 
ipset del test 141.1.1.1
[  629.220000] IN= OUT=br-lan SRC=10.11.12.151 DST=141.1.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=31 

root@OpenWrt:/# 
root@OpenWrt:/# 
root@OpenWrt:/#

comment:9 Changed 5 years ago by darkwin

  • Resolution fixed deleted
  • Status changed from closed to reopened

I have a compile error since Changeset 30899
make clean hasn´t help.

[code]
make -C /home/sven/openwrt/trunk/build_dir/linux-lantiq_ar9/linux-3.1.10 M=$PWD/kernel/net/netfilter V=0 \

IP_SET_MAX=256 KDIR=$PWD/kernel modules

make[5]: Entering directory `/home/sven/openwrt/trunk/build_dir/linux-lantiq_ar9/linux-3.1.10'

CC [M] /home/sven/openwrt/trunk/build_dir/linux-lantiq_ar9/ipset-6.11/kernel/net/netfilter/ipset/ip_set_getport.o

/home/sven/openwrt/trunk/build_dir/linux-lantiq_ar9/ipset-6.11/kernel/net/netfilter/ipset/ip_set_getport.c:12:26: fatal error:inux/export.h: No such file or directory
compilation terminated.
make[7]: * home/sven/openwrt/trunk/build_dir/linux-lantiq_ar9/ipset-6.11/kernel/net/netfilter/ipset/ip_set_getport.o Erro1
make[6]:
* home/sven/openwrt/trunk/build_dir/linux-lantiq_ar9/ipset-6.11/kernel/net/netfilter/ipset Error 2
make[5]: * [_module_/home/sven/openwrt/trunk/build_dir/linux-lantiq_ar9/ipset-6.11/kernel/net/netfilter] Error 2
make[5]: Leaving directory `/home/sven/openwrt/trunk/build_dir/linux-lantiq_ar9/linux-3.1.10'
make[4]:
* [modules] Error 2
make[4]: Leaving directory `/home/sven/openwrt/trunk/build_dir/linux-lantiq_ar9/ipset-6.11'
make[3]: * home/sven/openwrt/trunk/build_dir/linux-lantiq_ar9/ipset-6.11/.built Error 2
make[3]: Leaving directory `/home/sven/openwrt/trunk/feeds/packages/net/ipset'
make[2]:
* [package/feeds/packages/ipset/compile] Error 2
make[2]: Leaving directory `/home/sven/openwrt/trunk'
make[1]: * home/sven/openwrt/trunk/staging_dir/target-mips_r2_uClibc-0.9.33/stamp/.package_compile Error 2
make[1]: Leaving directory `/home/sven/openwrt/trunk'
make:
* [world] Error 2
code

comment:10 Changed 5 years ago by jow

  • Resolution set to fixed
  • Status changed from reopened to closed

Fixed with r30911

comment:11 Changed 2 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.