Debian Bug report logs - #529954
add ip6tables TPROXY support

version graph

Package: iptables; Maintainer for iptables is Laurence J. Lane <ljlane@debian.org>; Source for iptables is src:iptables.

Reported by: martin f krafft <madduck@debian.org>

Date: Fri, 22 May 2009 13:42:02 UTC

Severity: wishlist

Tags: fixed-upstream, ipv6

Found in version iptables/1.4.3.2-2

Fixed in version iptables/1.4.11.1-1

Done: ljlane@debian.org (Laurence J. Lane)

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, ljlane@debian.org (Laurence J. Lane):
Bug#529954; Package iptables. (Fri, 22 May 2009 13:42:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to martin f krafft <madduck@debian.org>:
New Bug report received and forwarded. Copy sent to ljlane@debian.org (Laurence J. Lane). (Fri, 22 May 2009 13:42:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: martin f krafft <madduck@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ip6tables: faulty TPROXY support
Date: Fri, 22 May 2009 15:40:00 +0200
[Message part 1 (text/plain, inline)]
Package: iptables
Version: 1.4.3.2-2
Severity: normal
Tags: ipv6

ip6tables seems not to support TPROXY:

  ip6tables -t mangle -A PREROUTING -p tcp -s 2001:41b8:202:deb:213:21ff:fe20:1426/128 --dport 25 -j TPROXY --on-port 10025
  ip6tables v1.4.3.2: unknown option `--on-port'

If I try using the lenny version (1.4.2-6), I get:

  ip6tables v1.4.2: Unknown arg `(null)'

which may be due to lacking kernel support.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30-rc5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages iptables depends on:
ii  libc6                         2.9-12     GNU C Library: Shared libraries

iptables recommends no packages.

iptables suggests no packages.

-- no debconf information


-- 
 .''`.   martin f. krafft <madduck@d.o>      Related projects:
: :'  :  proud Debian developer               http://debiansystem.info
`. `'`   http://people.debian.org/~madduck    http://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
[digital_signature_gpg.asc (application/pgp-signature, inline)]

Message sent on to martin f krafft <madduck@debian.org>:
Bug#529954. (Mon, 25 May 2009 19:18:04 GMT) Full text and rfc822 format available.

Message #8 received at 529954-submitter@bugs.debian.org (full text, mbox):

From: Jan Engelhardt <jengelh@medozas.de>
To: 529954-submitter@bugs.debian.org
Date: Mon, 25 May 2009 21:14:48 +0200 (CEST)
The error message "Unknown arg (null)" is a result of, I would guess to 
say, improprer argument handling. This is fixed in iptables 1.4.3, where 
instead you get:

ip6tables v1.4.3.2: unknown option `--on-port'

And the reason for that is simple -- the userspace module only registers 
for NFPROTO_IPV4 (and correctly so, since the kernel module registers 
itself for IPV4 only, too).





Information stored :
Bug#529954; Package iptables. (Tue, 26 May 2009 04:57:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to martin f krafft <madduck@debian.org>:
Extra info received and filed, but not forwarded. (Tue, 26 May 2009 04:57:02 GMT) Full text and rfc822 format available.

Message #13 received at 529954-quiet@bugs.debian.org (full text, mbox):

From: martin f krafft <madduck@debian.org>
To: Jan Engelhardt <jengelh@medozas.de>, 529954-quiet@bugs.debian.org
Cc: 529954-submitter@bugs.debian.org
Subject: Re: Bug#529954: (no subject)
Date: Tue, 26 May 2009 06:53:46 +0200
[Message part 1 (text/plain, inline)]
also sprach Jan Engelhardt <jengelh@medozas.de> [2009.05.25.2114 +0200]:
> And the reason for that is simple -- the userspace module only
> registers for NFPROTO_IPV4 (and correctly so, since the kernel
> module registers itself for IPV4 only, too).

It shows up in the ip6tables manpage — and it would be really nice
to have this sort of functionality with IPv6. Port redirections and
SNAT/DNAT are *not* dead or unnecessary with IPv6 anymore, just
because MASQUERADE is mostly a thing of the past...

-- 
 .''`.   martin f. krafft <madduck@d.o>      Related projects:
: :'  :  proud Debian developer               http://debiansystem.info
`. `'`   http://people.debian.org/~madduck    http://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
[digital_signature_gpg.asc (application/pgp-signature, inline)]

Message sent on to martin f krafft <madduck@debian.org>:
Bug#529954. (Tue, 26 May 2009 04:57:03 GMT) Full text and rfc822 format available.

Tags added: fixed-upstream Request was from Jan Engelhardt <jengelh@medozas.de> to control@bugs.debian.org. (Wed, 27 May 2009 07:57:03 GMT) Full text and rfc822 format available.

Information stored :
Bug#529954; Package iptables. (Wed, 27 May 2009 07:57:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jan Engelhardt <jengelh@medozas.de>:
Extra info received and filed, but not forwarded. (Wed, 27 May 2009 07:57:04 GMT) Full text and rfc822 format available.

Message #23 received at 529954-quiet@bugs.debian.org (full text, mbox):

From: Jan Engelhardt <jengelh@medozas.de>
To: martin f krafft <madduck@debian.org>
Cc: 529954-quiet@bugs.debian.org, 529954-submitter@bugs.debian.org
Subject: Re: Bug#529954: (no subject)
Date: Wed, 27 May 2009 09:51:30 +0200 (CEST)
On Tuesday 2009-05-26 06:53, martin f krafft wrote:

>also sprach Jan Engelhardt [2009.05.25.2114 +0200]:
>> And the reason for that is simple -- the userspace module only
>> registers for NFPROTO_IPV4 (and correctly so, since the kernel
>> module registers itself for IPV4 only, too).
>
>It shows up in the ip6tables manpage

Fixed now.

> — and it would be really nice
>to have this sort of functionality with IPv6. Port redirections and
>SNAT/DNAT are *not* dead or unnecessary with IPv6 anymore, just
>because MASQUERADE is mostly a thing of the past...

talk to the tproxy authors, cc nf-dev.




Message sent on to martin f krafft <madduck@debian.org>:
Bug#529954. (Wed, 27 May 2009 07:57:06 GMT) Full text and rfc822 format available.

Severity set to `wishlist' from `normal' Request was from "Laurence J. Lane" <ljlane@debian.org> to control@bugs.debian.org. (Tue, 23 Jun 2009 14:21:05 GMT) Full text and rfc822 format available.

Changed Bug title to `add ip6tables TPROXY support' from `ip6tables: faulty TPROXY support'. Request was from "Laurence J. Lane" <ljlane@debian.org> to control@bugs.debian.org. (Tue, 23 Jun 2009 14:21:06 GMT) Full text and rfc822 format available.

Information stored :
Bug#529954; Package iptables. (Tue, 23 Jun 2009 14:21:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Laurence J. Lane" <ljlane@debian.org>:
Extra info received and filed, but not forwarded. (Tue, 23 Jun 2009 14:21:08 GMT) Full text and rfc822 format available.

Message #35 received at 529954-quiet@bugs.debian.org (full text, mbox):

From: "Laurence J. Lane" <ljlane@debian.org>
To: 529954-quiet@bugs.debian.org
Subject: ip6tables: faulty TPROXY support
Date: Tue, 23 Jun 2009 10:15:54 -0400
severity 529954 wishlist
retitle 529954 add ip6tables TPROXY support
thanks

The man page is fixed in 1.4.4-1. This probably should be cloned and closed
for that,




Message sent on to martin f krafft <madduck@debian.org>:
Bug#529954. (Mon, 31 Aug 2009 00:42:04 GMT) Full text and rfc822 format available.

Message #38 received at 529954-submitter@bugs.debian.org (full text, mbox):

From: Jan Engelhardt <jengelh@medozas.de>
To: 529954-submitter@bugs.debian.org
Date: Mon, 31 Aug 2009 02:32:05 +0200 (CEST)
Heads up: tproxy-ipv6 support was recently posted to the developer's 
mailing list, so it may be available in a future version of the kernel.




Severity set to 'serious' from 'wishlist' Request was from Clint Adams <schizo@debian.org> to control@bugs.debian.org. (Tue, 23 Mar 2010 01:03:51 GMT) Full text and rfc822 format available.

Severity set to 'wishlist' from 'serious' Request was from Gerfried Fuchs <rhonda@deb.at> to control@bugs.debian.org. (Tue, 23 Mar 2010 08:30:53 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, ljlane@debian.org (Laurence J. Lane):
Bug#529954; Package iptables. (Fri, 17 Dec 2010 23:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jan Engelhardt <jengelh@medozas.de>:
Extra info received and forwarded to list. Copy sent to ljlane@debian.org (Laurence J. Lane). (Fri, 17 Dec 2010 23:27:03 GMT) Full text and rfc822 format available.

Message #47 received at 529954@bugs.debian.org (full text, mbox):

From: Jan Engelhardt <jengelh@medozas.de>
To: 529954@bugs.debian.org
Cc: 529954-submitter@bugs.debian.org
Subject: Re: 529954: add ip6tables TPROXY support
Date: Sat, 18 Dec 2010 00:14:43 +0100 (CET)
>ip6tables seems not to support TPROXY:

Fixed for Linux 2.6.37 and iptables-1.4.11.




Message sent on to martin f krafft <madduck@debian.org>:
Bug#529954. (Fri, 17 Dec 2010 23:27:08 GMT) Full text and rfc822 format available.

Reply sent to ljlane@debian.org (Laurence J. Lane):
You have taken responsibility. (Sun, 12 Jun 2011 21:06:14 GMT) Full text and rfc822 format available.

Notification sent to martin f krafft <madduck@debian.org>:
Bug acknowledged by developer. (Sun, 12 Jun 2011 21:06:15 GMT) Full text and rfc822 format available.

Message #55 received at 529954-close@bugs.debian.org (full text, mbox):

From: ljlane@debian.org (Laurence J. Lane)
To: 529954-close@bugs.debian.org
Subject: Bug#529954: fixed in iptables 1.4.11.1-1
Date: Sun, 12 Jun 2011 21:02:23 +0000
Source: iptables
Source-Version: 1.4.11.1-1

We believe that the bug you reported is fixed in the latest version of
iptables, which is due to be installed in the Debian FTP archive:

iptables-dev_1.4.11.1-1_amd64.deb
  to main/i/iptables/iptables-dev_1.4.11.1-1_amd64.deb
iptables_1.4.11.1-1.debian.tar.gz
  to main/i/iptables/iptables_1.4.11.1-1.debian.tar.gz
iptables_1.4.11.1-1.dsc
  to main/i/iptables/iptables_1.4.11.1-1.dsc
iptables_1.4.11.1-1_amd64.deb
  to main/i/iptables/iptables_1.4.11.1-1_amd64.deb
iptables_1.4.11.1.orig.tar.bz2
  to main/i/iptables/iptables_1.4.11.1.orig.tar.bz2



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 529954@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laurence J. Lane <ljlane@debian.org> (supplier of updated iptables package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 12 Jun 2011 12:33:47 -0400
Source: iptables
Binary: iptables iptables-dev
Architecture: source amd64
Version: 1.4.11.1-1
Distribution: unstable
Urgency: low
Maintainer: Laurence J. Lane <ljlane@debian.org>
Changed-By: Laurence J. Lane <ljlane@debian.org>
Description: 
 iptables   - administration tools for packet filtering and NAT
 iptables-dev - iptables development files
Closes: 429579 529954 598315 611990 615121
Changes: 
 iptables (1.4.11.1-1) unstable; urgency=low
 .
   * New upstream release
   * Upstream fixes by Jan Engelhardt. Thanks.
     + localtz option of time match reported by Damyan Ivanov.
       Closes: #615121
     + segmentation faults on empty source address reported by
       Jussi Judin. Closes: #611990
     + ipv5 TPROXY support requested by martin f krafft.
       Closes: # 529954
     + "can't set policy error" reported by Rob Leslie.
       Closes: #598315
     + formatting issues reported by jdanni. Closes: #429579
Checksums-Sha1: 
 c90f0788b0dc15bb618f082e6729adea44079298 1099 iptables_1.4.11.1-1.dsc
 2aa0d215485133f2817973b0914a132f628d9f3a 486926 iptables_1.4.11.1.orig.tar.bz2
 dc22948b7b266683746098b0d6c0a1ef8bba5be4 40175 iptables_1.4.11.1-1.debian.tar.gz
 e92790b00b1968a66e5f859991e02897272826e6 331986 iptables_1.4.11.1-1_amd64.deb
 7a116f25af637537332e15cc8f2c1115cacb3621 59408 iptables-dev_1.4.11.1-1_amd64.deb
Checksums-Sha256: 
 20dd50704df292ca9c756455c964cdd5e116b4c8b8b8e56d4dbd486d40b831dc 1099 iptables_1.4.11.1-1.dsc
 170c294698ca573477b1b2a3815e1563bf9929d182efef6cf0331a6e955c9ade 486926 iptables_1.4.11.1.orig.tar.bz2
 37fcb0fde0cf3c8fdd22b52315b0f25211be056111b8d3b934477904249c611f 40175 iptables_1.4.11.1-1.debian.tar.gz
 c1f59bd024a3790999f4e11035a6bd1f5b213d2c70faf0638de54c3da5360289 331986 iptables_1.4.11.1-1_amd64.deb
 616ebd3df7cf23a0b9a2f1959f03d7ed32149b601860f7a2ba87036ca91391c1 59408 iptables-dev_1.4.11.1-1_amd64.deb
Files: 
 71538ecdad681bc096d15b410356c4b3 1099 net important iptables_1.4.11.1-1.dsc
 7de6e1ae7ed8a2025f184763a6a24b9a 486926 net important iptables_1.4.11.1.orig.tar.bz2
 edbe4927f9f5f7736dba08383b3d9a6c 40175 net important iptables_1.4.11.1-1.debian.tar.gz
 ebea8f3312c117bdbad0345f15c6271f 331986 net important iptables_1.4.11.1-1_amd64.deb
 859c1dfab982939f558a946aa723690b 59408 devel optional iptables-dev_1.4.11.1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk31JhQACgkQxJBkNlXToemxbQCeOJZhVnGx9DCcqQHPUNCr0nSp
gOAAn0wTnFm6Il8Lo2TdmqjpwYHbZumu
=qDJO
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 12 Jul 2011 07:39:22 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 06:41:57 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.