sirmax Posted January 25, 2009 Posted January 25, 2009 (edited) Пробую собрать ipset для 2.6.28.1 #ipset -Vipset v2.4.6 Protocol version 2. #iptables -Viptables v1.4.2 # ipset -N testset ipmap --network 172.16.32.0/24# ipset -A testset172.16.32.1 # ipset -nL Name: testset Type: ipmap References: 0 Default binding: Header: from: 172.16.32.0 to: 172.16.32.255 Members: 172.16.32.1 Bindings: iptables -A INPUT -m set --set testset dst Ком*** так и не завершается, в dmesg [ 1964.703747] ip_tables: © 2000-2006 Netfilter Core Team[ 1964.718280] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 [ 1964.718379] IP: [<ffffffffa005d008>] 0xffffffffa005d008 [ 1964.718379] PGD 1369ec067 PUD 12cc2c067 PMD 0 [ 1964.718379] Oops: 0000 [#1] SMP [ 1964.718379] last sysfs file: /sys/devices/pci0000:00/0000:00:02.0/i2c-adapter/i2c-0/0-002e/vrm [ 1964.718379] CPU 3 [ 1964.718379] Modules linked in: ipt_set iptable_filter ip_tables ip_set_ipmap ip_set lm85 hwmon_vid e1000 i2c_piix4 k8temp hwmon [ 1964.718379] Pid: 8497, comm: iptables Not tainted 2.6.28.1-sirmax2-layer7-ipset #2 [ 1964.718379] RIP: 0010:[<ffffffffa005d008>] [<ffffffffa005d008>] 0xffffffffa005d008 [ 1964.718379] RSP: 0000:ffff8801364e9d50 EFLAGS: 00010282 [ 1964.718379] RAX: ffffffffa005d008 RBX: ffffffffa005d440 RCX: 0000000000000020 [ 1964.718379] RDX: 0000000000020000 RSI: 0000000000000020 RDI: ffff8801364e9db8 [ 1964.718379] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8148e550 [ 1964.718379] R10: ffff88013b57ea88 R11: 0000000000000000 R12: ffff8801364e9db8 [ 1964.718379] R13: ffff8801364c3000 R14: 0000000000000000 R15: 0000000000000000 [ 1964.718379] FS: 00007f9d17e766f0(0000) GS:ffff88013fc08b80(0000) knlGS:0000000000000000 [ 1964.718379] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 1964.718379] CR2: 0000000000000020 CR3: 00000001364b3000 CR4: 00000000000006a0 [ 1964.718379] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1964.718379] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1964.718379] Process iptables (pid: 8497, threadinfo ffff8801364e8000, task ffff88013b57ea40) [ 1964.718379] Stack: [ 1964.718379] ffffffff81288337 0000000000000000 ffff8801364e9de0 ffff8801364c3070 [ 1964.718379] 0000000000000070 ffff8801364c3000 ffff880136428780 ffff8801364c3000 [ 1964.718379] ffffffffa004dced ffff8801364c3072 ffffffffa004df8e ffff8801364e9e38 [ 1964.718379] Call Trace: [ 1964.718379] [<ffffffff81288337>] xt_check_match+0x12a/0x143 [ 1964.718379] [<ffffffffa004dced>] check_match+0x37/0x41 [ip_tables] [ 1964.718379] [<ffffffffa004df8e>] translate_table+0x238/0x3cb [ip_tables] [ 1964.718379] [<ffffffffa004f126>] do_ipt_set_ctl+0xda/0x163 [ip_tables] [ 1964.718379] [<ffffffff8128700b>] nf_sockopt+0x5e/0x77 [ 1964.718379] [<ffffffff8128704d>] nf_setsockopt+0x1a/0x1d [ 1964.718379] [<ffffffff812930e8>] ip_setsockopt+0x64/0x7b [ 1964.718379] [<ffffffff81263905>] sys_setsockopt+0x77/0x9c [ 1964.718379] [<ffffffff8100b0cb>] system_call_fastpath+0x16/0x1b [ 1964.718379] Code: <0f> b7 39 53 48 89 cb e8 fb 60 fe ff 66 ff c0 75 2f 48 c7 c2 e4 d0 [ 1964.718379] RIP [<ffffffffa005d008>] 0xffffffffa005d008 [ 1964.718379] RSP <ffff8801364e9d50> [ 1964.718379] CR2: 0000000000000020 [ 1964.727499] ---[ end trace 8d4dc08ff3bc5dc4 ]--- ребут только через sysrq Идеи? Патчей на ядре - только Layer7 в виде модулей, не загружены. Edited January 25, 2009 by sirmax Вставить ник Quote
nuclearcat Posted January 25, 2009 Posted January 25, 2009 Идея одна - поскорее отписать автору ipset все это. Вставить ник Quote
DemYaN Posted January 25, 2009 Posted January 25, 2009 У меня тоже самое было в связке ipset 2.4.5 + ядро 2.6.28, однако с версией 2.4.6 проблема ушла А с 2.6.28 работает? Вставить ник Quote
sirmax Posted January 25, 2009 Author Posted January 25, 2009 переписываюсь с автором ipset, результат отпишу. DemYaN не пробовал, с 2.6.26 работало Вставить ник Quote
sirmax Posted January 25, 2009 Author Posted January 25, 2009 (edited) проверил с 2.6.28 - проблемы нет. Отписал автору. Edited January 25, 2009 by sirmax Вставить ник Quote
sirmax Posted January 25, 2009 Author Posted January 25, 2009 (edited) дело в изменения между 2.6.28 и 2.6.28.1 On Sun, 25 Jan 2009, sirmax wrote: > I have downloaded and compiled kernel 2.6.28 instead of 2.6.28.1 > with same config and all ipset works OK. > > As far as I can see, there is some uncompatibility with ipset and kernel > 2.6.28.1 (and may be latest (?) I'll check it tomorrow) Then there were some incompatibility changes between 2.6.28 and 2.6.28.1 too. Sigh. I need to update ipset again. I'll release a new version somtime late night tomorrow. Edited January 25, 2009 by sirmax Вставить ник Quote
6PATyCb Posted February 17, 2009 Posted February 17, 2009 Не могу собрать ipset-2.4.9 на 2.6.28 [root@localhost ipset-2.4.9]# make cd kernel; make -C /usr/src/linux-2.6.28 M=`pwd` V=0 IP_NF_SET_MAX=256 IP_NF_SET_HASHSIZE=1024 modules make[1]: Entering directory `/usr/src/linux-2.6.28' CC [M] /usr/src/ipset-2.4.9/kernel/ip_set.o In file included from <command line>:1: ./include/linux/autoconf.h:237:1: warning: "CONFIG_IP_NF_SET_MAX" redefined <command line>:1:1: warning: this is the location of the previous definition ./include/linux/autoconf.h:1102:1: warning: "CONFIG_IP_NF_SET_HASHSIZE" redefined <command line>:1:1: warning: this is the location of the previous definition /usr/src/ipset-2.4.9/kernel/ip_set.c:241: ошибка: conflicting types for ‘ip_set_addip_kernel’ include/linux/netfilter_ipv4/ip_set.h:488: ошибка: previous declaration of ‘ip_set_addip_kernel’ was here /usr/src/ipset-2.4.9/kernel/ip_set.c:275: ошибка: conflicting types for ‘ip_set_delip_kernel’ include/linux/netfilter_ipv4/ip_set.h:491: ошибка: previous declaration of ‘ip_set_delip_kernel’ was here /usr/src/ipset-2.4.9/kernel/ip_set.c:2056: ошибка: conflicting types for ‘ip_set_addip_kernel’ include/linux/netfilter_ipv4/ip_set.h:488: ошибка: previous declaration of ‘ip_set_addip_kernel’ was here /usr/src/ipset-2.4.9/kernel/ip_set.c:2057: ошибка: conflicting types for ‘ip_set_delip_kernel’ include/linux/netfilter_ipv4/ip_set.h:491: ошибка: previous declaration of ‘ip_set_delip_kernel’ was here make[2]: *** [/usr/src/ipset-2.4.9/kernel/ip_set.o] Ошибка 1 make[1]: *** [_module_/usr/src/ipset-2.4.9/kernel] Ошибка 2 make[1]: Leaving directory `/usr/src/linux-2.6.28' make: *** [modules] Ошибка 2 я так понял дублирование функций происходит Вставить ник Quote
6PATyCb Posted February 17, 2009 Posted February 17, 2009 Всетаки собрал. Нужно было заменить всю папку нэтфильтерайпиви4 в ядре на папку нэтфильтерайпиви4 из исходников Вставить ник Quote
.png.5d2afa2996cc6a85d0f2c09b92dd0a28.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.