kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #67484
[Bug 1234877] Re: ip6tables - --reject-with tcp-reset does not work correctly in chain OUTPUT
Please include patch in the first comment. It resolves this problem on
kernels >=3.5
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1234877
Title:
ip6tables - --reject-with tcp-reset does not work correctly in chain
OUTPUT
Status in “linux” package in Ubuntu:
Confirmed
Bug description:
Hello,
We use:
Description: Ubuntu 12.04.3 LTS
Release: 12.04
kernel 3.2.2 (checked also 3.8* and 3.10.5-031005-generic kernels. Same.)
iptables=1.4.12-1ubuntu5
and ipv6
We noticed that --reject-with tcp-reset works 7 seconds:
ip6tables -I OUTPUT -p tcp --dport 10001 -j REJECT --reject-with tcp-reset
such rule
ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp anywhere anywhere tcp dpt:10001 reject-with tcp-reset
time telnet <ourlovelyipv6onlyserver> 10001
Trying 2a02:6b8:0:c10*...
telnet: Unable to connect to remote host: Connection timed out
real 0m7.012s
user 0m0.000s
sys 0m0.000s
Rule works:
ip6tables -vL
Chain INPUT (policy ACCEPT 506 packets, 49495 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 346 packets, 37392 bytes)
pkts bytes target prot opt in out source destination
3 216 REJECT tcp any any anywhere anywhere tcp dpt:10001 reject-with tcp-reset
Tcpdump is empty. Packet counter increases. All well.
But it works 7 seconds
iptables does the same within 0.005s
I think this is a bug.
Thank you.
Have a nice day.
---
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.25.
ApportVersion: 2.0.1-0ubuntu17.1
Architecture: amd64
ArecordDevices:
**** List of CAPTURE Hardware Devices ****
card 0: PCH [HDA Intel PCH], device 0: ALC269VC Analog [ALC269VC Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: katyavoid 3072 F.... pulseaudio
CRDA:
country RU:
(2402 - 2482 @ 40), (N/A, 20)
(5735 - 5835 @ 20), (N/A, 30)
Card0.Amixer.info:
Card hw:0 'PCH'/'HDA Intel PCH at 0xf0700000 irq 50'
Mixer name : 'Intel PantherPoint HDMI'
Components : 'HDA:10ec0269,144dc0d3,00100202 HDA:80862806,80860101,00100000'
Controls : 24
Simple ctrls : 10
DistroRelease: Ubuntu 12.04
EcryptfsInUse: Yes
HibernationDevice: RESUME=UUID=3063eded-5480-466f-aa94-80e7ad79ded3
InstallationMedia: Ubuntu 12.04.2 LTS "Precise Pangolin" - Release amd64 (20130213)
Lsusb:
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 004: ID 2232:1024
MachineType: SAMSUNG ELECTRONICS CO., LTD. 900X3C/900X3D/900X4C/900X4D
MarkForUpload: True
Package: linux (not installed)
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.5.0-26-generic root=UUID=3418390a-f857-4ee2-86ec-f16d01e5014c ro quiet splash vt.handoff=7
ProcVersionSignature: Ubuntu 3.5.0-26.42~precise1-generic 3.5.7.6
RelatedPackageVersions:
linux-restricted-modules-3.5.0-26-generic N/A
linux-backports-modules-3.5.0-26-generic N/A
linux-firmware 1.79.1
Tags: precise
Uname: Linux 3.5.0-26-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
dmi.bios.date: 09/19/2012
dmi.bios.vendor: Phoenix Technologies Ltd.
dmi.bios.version: P02ABK
dmi.board.asset.tag: Base Board Asset Tag
dmi.board.name: NP900X3C-A03RU
dmi.board.vendor: SAMSUNG ELECTRONICS CO., LTD.
dmi.board.version: FAB1
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 9
dmi.chassis.vendor: SAMSUNG ELECTRONICS CO., LTD.
dmi.chassis.version: 0.1
dmi.modalias: dmi:bvnPhoenixTechnologiesLtd.:bvrP02ABK:bd09/19/2012:svnSAMSUNGELECTRONICSCO.,LTD.:pn900X3C/900X3D/900X4C/900X4D:pvr0.1:rvnSAMSUNGELECTRONICSCO.,LTD.:rnNP900X3C-A03RU:rvrFAB1:cvnSAMSUNGELECTRONICSCO.,LTD.:ct9:cvr0.1:
dmi.product.name: 900X3C/900X3D/900X4C/900X4D
dmi.product.version: 0.1
dmi.sys.vendor: SAMSUNG ELECTRONICS CO., LTD.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1234877/+subscriptions