CentOS 6.0: iptables stacktrace with named chains > 28 chars
Hi,
I'm not sure where to ask this question, you, redhat or netfilter so I'll
ask you guys first, hoping you can redirect me where this post belongs.
I have an issue with my CentOS 6 box with named chains in iptables.
Apparently there is a builtin #define to limit chain names up to 30 chars,
but the test condition fails and iptables crashes with a stacktrace.
# cat /etc/redhat-release
CentOS Linux release 6.0 (Final)
Use cases prove that you can create chains with names up to =30 chars but
you can only reference <=28 chars named chains.
Trying to reference a 29 or 30 chars named chains will crash iptables.
=====
Use cases with 28,29,30 and 31 chars long named chains:
# iptables -N $(for((i=0;i<28;i++));do printf "%s" "a";done) && echo ok ||
echo ko
ok
# iptables -N $(for((i=0;i<29;i++));do printf "%s" "b";done) && echo ok ||
echo ko
ok
# iptables -N $(for((i=0;i<30;i++));do printf "%s" "c";done) && echo ok ||
echo ko
ok
iptables -N $(for((i=0;i<31;i++));do printf "%s" "d";done) && echo ok ||
echo ko
iptables v1.4.7: chain name `ddddddddddddddddddddddddddddddd' too long (must
be under 30 chars)
Try `iptables -h' or 'iptables --help' for more information.
ko
# iptables -I INPUT -j aaaaaaaaaaaaaaaaaaaaaaaaaaaa && echo ok || echo ko
ok
# iptables -I INPUT -j bbbbbbbbbbbbbbbbbbbbbbbbbbbbb && echo ok || echo ko
<stacktrace>
ko
# iptables -I INPUT -j cccccccccccccccccccccccccccccc && echo ok || echo ko
<stacktrace>
ko
I can attach strace output or the stacktrace if required.
Any infos where to report this issue much appreciated.
Florian.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
09-29-2011, 07:38 AM
"Florian Crouzat"
CentOS 6.0: iptables stacktrace with named chains > 28 chars
Florian CROUZAT wrote on*2011-09-28:
> Hi,
>
> I'm not sure where to ask this question, you, redhat or netfilter so
> I'll ask you guys first, hoping you can redirect me where this post
> belongs. I have an issue with my CentOS 6 box with named chains in
> iptables. Apparently there is a builtin #define to limit chain names up
> to 30 chars, but the test condition fails and iptables crashes with a
> stacktrace.
>
> # cat /etc/redhat-release
> CentOS Linux release 6.0 (Final)
>
> # rpm -qa | fgrep iptables
> iptables-ipv6-1.4.7-3.el6.x86_64
> iptables-1.4.7-3.el6.x86_64
>
> Use cases prove that you can create chains with names up to =30 chars
> but you can only reference <=28 chars named chains. Trying to reference
> a 29 or 30 chars named chains will crash iptables.
>
> =====
>
> Use cases with 28,29,30 and 31 chars long named chains:
>
> # iptables -N $(for((i=0;i<28;i++));do printf "%s" "a";done) && echo ok
> || echo ko ok
>
> # iptables -N $(for((i=0;i<29;i++));do printf "%s" "b";done) && echo ok
> || echo ko ok
>
> # iptables -N $(for((i=0;i<30;i++));do printf "%s" "c";done) && echo ok
> || echo ko ok
>
> iptables -N $(for((i=0;i<31;i++));do printf "%s" "d";done) && echo ok ||
> echo ko iptables v1.4.7: chain name `ddddddddddddddddddddddddddddddd'
> too long (must be under 30 chars) Try `iptables -h' or 'iptables --help'
> for more information. ko
>
> # iptables -I INPUT -j aaaaaaaaaaaaaaaaaaaaaaaaaaaa && echo ok || echo
> ko ok
>
> # iptables -I INPUT -j bbbbbbbbbbbbbbbbbbbbbbbbbbbbb && echo ok || echo
> ko <stacktrace> ko
>
> # iptables -I INPUT -j cccccccccccccccccccccccccccccc && echo ok ||
> echo ko
> <stacktrace>
> ko
>
> I can attach strace output or the stacktrace if required.
> Any infos where to report this issue much appreciated.
>
> Florian.
> http://lists.centos.org/mailman/listinfo/centos
This bug is not reproducible on CentOS release 5.6 (Final).
Florian
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
CentOS 6.0: iptables stacktrace with named chains > 28 chars
