Re: linux-2.6.24 & iptables/netfilter

jayjwa <jayjwa@xxxxxxxxxxxxxxxxxxx> wrote:

Not again... seems this happened not so long ago as well. I saw there
was a 2.6.24 out now, and it looks like there was alot of changes (9mb
patch against 2.6.23) and new features. The kernel compile was fine; I
wish I could say the same for iptables- it seems to be completely
broken by this update:

Log of make -k
Mon Jan 28 20:22:52 2008

<SNIP>
make[2]: Target `all' not remade because of errors.
make[2]: Leaving directory `/usr/src/iptables--20080127'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/iptables--20080127'
make: *** [all] Error 2
make died with exit status 2

Mon Jan 28 20:24:01 2008
----------------

I left the log long so you could feel my pain ;)

It's switched to autoconf too, and it seems you're getting ipv6 like
it or not (no disable switch). I don't think the distros have picked
up on this yet as Google has nothing about 2.6.24/iptables. There's
going to have to be some serious reworking done if people are going to
start using 2.6.24. I really hate when the kernel people change
everything and pull the floor out from under all other
projects...don't they realize a kernel does not an operating system
alone make?

I can't comment on the issue above except to say that I just upgraded
from 2.6.23 to 2.6.24 with no problems regarding iptables at all. I
didn't use the patch, I downloaded the entire source tree. Then I
copied over my old .config and did a `make oldconfig` and selected all
default replies to the differences.

I use a lot of Rules and it is working just fine.

The only issue I'm having with the new kernel is with the new core
scheduler and `dnetc` (Distributed Computing Client) as the default
rules make my system almost unuseable when the load goes up to nearly
100%. Still investigating this.

--
------------------------------------------------
http://www3.sympatico.ca/dmitton
SPAM Reduction: Remove "x." from my domain.
------------------------------------------------
.

Relevant Pages

  • Re: RT patch acceptance
    ... judge the complexity of a design for that type of system. ... claim that you cannot judge the complexity of a kernel modification. ... Since the patch in question doesn't actually need that information to ... nanokernel's API up to date with additions to Linux's API that RT people ...
    (Linux-Kernel)
  • [RFC] Making percpu module variables have their own memory.
    ... Someone using the -rt patch found that one of the tracing options caused ... 64K for every CPU to cover all the per_cpu variables used in the kernel ... static void wakeup_softirqd_prio ...
    (Linux-Kernel)
  • Re: This is [Re:] How to improve the quality of the kernel[?].
    ... The -mm kernel already implements what your proposed PTS would do. ... If patch have no TS ID, ... Thus i can apply for example lguest patches and implement and test new ... How many open source projects use Bugzilla and how many use the Debian BTS? ...
    (Linux-Kernel)
  • Re: Documentation - how to apply patches for various trees
    ... >> explanation of the various kernel trees and how to apply their patches. ... +a patch to the kernel or, more specifically, what base kernel a patch for ... +and what new version the patch will change the source tree into. ...
    (Linux-Kernel)
  • [Full-Disclosure] Re: Buffer overflow prevention
    ... >> that may need executable stack). ... >> need to be compiled into anything but the kernel. ... the GRsec patch is a single option in the kernel ... way grsecurity gets a little to restrictive with things like restericting ...
    (Full-Disclosure)