From: Eugene <john@sakh.com>
To: sisyphus@lists.altlinux.org
Subject: [sisyphus] и снова el-smp & ipset
Date: Sun, 2 Oct 2011 20:13:18 +1100
Message-ID: <201110022013.18949.john@sakh.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1083 bytes --]
Добрый день
Снова наткнулся на нездоровую вешь с ipset
Имеем:
# uname -a
Linux asterisk.sakh.com 2.6.32-el-smp-alt27 #1 SMP Tue Sep 20 19:38:45 UTC
2011 x86_64 GNU/Linux
# rpm -qa | grep ipset
kernel-modules-ipset-el-smp-6.9.1-alt1.132640.27
ipset-6.9.1-alt2
Выполняем
# ipset create TEST hash:ip
# ipset list
Name: TEST
Type: hash:ip
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16504
References: 0
Members:
# ipset add TEST 192.168.0.1
# ipset list
Name: TEST
Type: hash:ip
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16536
References: 0
Members:
192.168.0.1
# /sbin/iptables -N TEST_IPSET
# /sbin/iptables -A TEST_IPSET -m set --match-set TEST dst -j ACCEPT
iptables: Invalid argument. Run `dmesg' for more information.
запуск dmesg ничего не дал, в /var/log/kernel пусто
Пришлось снова откатиться на el-smp-alt24
--
С уважением, Серов Евгений
E-mail: john@sakh.com
UIN: 17777140
JID: Rep@sakhalin.name
[-- Attachment #2: ipset.strace --]
[-- Type: text/plain, Size: 6290 bytes --]
execve("/sbin/iptables", ["/sbin/iptables", "-A", "TEST_IPSET", "-m", "set", "--match-set", "TEST", "dst", "-j", "ACCEPT"], [/* 31 vars */]) = 0
brk(0) = 0x1e13000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f64efd9b000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=55419, ...}) = 0
mmap(NULL, 55419, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f64efd8d000
close(3) = 0
open("/lib64/libip4tc.so.0", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\27\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=26568, ...}) = 0
mmap(NULL, 2121936, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f64ef977000
fadvise64(3, 0, 2121936, POSIX_FADV_WILLNEED) = 0
mprotect(0x7f64ef97d000, 2093056, PROT_NONE) = 0
mmap(0x7f64efb7c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7f64efb7c000
close(3) = 0
open("/lib64/libxtables.so.5", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340&\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=31200, ...}) = 0
mmap(NULL, 2127904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f64ef76f000
fadvise64(3, 0, 2127904, POSIX_FADV_WILLNEED) = 0
mprotect(0x7f64ef776000, 2093056, PROT_NONE) = 0
mmap(0x7f64ef975000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f64ef975000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\355\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1465744, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f64efd8c000
mmap(NULL, 3575400, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f64ef406000
fadvise64(3, 0, 3575400, POSIX_FADV_WILLNEED) = 0
mprotect(0x7f64ef565000, 2097152, PROT_NONE) = 0
mmap(0x7f64ef765000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15f000) = 0x7f64ef765000
mmap(0x7f64ef76a000, 20072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f64ef76a000
close(3) = 0
open("/lib64/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=14704, ...}) = 0
mmap(NULL, 2109704, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f64ef202000
fadvise64(3, 0, 2109704, POSIX_FADV_WILLNEED) = 0
mprotect(0x7f64ef204000, 2097152, PROT_NONE) = 0
mmap(0x7f64ef404000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f64ef404000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f64efd8b000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f64efd8a000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f64efd89000
arch_prctl(ARCH_SET_FS, 0x7f64efd8a700) = 0
mprotect(0x7f64ef404000, 4096, PROT_READ) = 0
mprotect(0x7f64ef765000, 16384, PROT_READ) = 0
mprotect(0x7f64ef975000, 4096, PROT_READ) = 0
mprotect(0x7f64efb7c000, 4096, PROT_READ) = 0
mprotect(0x60b000, 4096, PROT_READ) = 0
mprotect(0x7f64efd9c000, 4096, PROT_READ) = 0
munmap(0x7f64efd8d000, 55419) = 0
brk(0) = 0x1e13000
brk(0x1e34000) = 0x1e34000
open("/lib64/iptables/libxt_set.so", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\v\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14560, ...}) = 0
mmap(NULL, 2109840, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f64eeffe000
fadvise64(3, 0, 2109840, POSIX_FADV_WILLNEED) = 0
mprotect(0x7f64ef000000, 2097152, PROT_NONE) = 0
mmap(0x7f64ef200000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f64ef200000
close(3) = 0
mprotect(0x7f64ef200000, 4096, PROT_READ) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
open("/proc/sys/kernel/modprobe", O_RDONLY) = 4
read(4, "/sbin/modprobe\n", 4096) = 15
close(4) = 0
vfork() = 7495
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 7495
--- {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7495, si_status=1, si_utime=0, si_stime=0} (Child exited) ---
getsockopt(3, SOL_IP, 0x42 /* IP_??? */, "set\0\0\0\0\0\217\372\377\356d\177\0\0\217\372\377\356d\177\0\0\217\372\377\356d\1", [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x53 /* IP_??? */, "\0\1\0\0\6\0\0\0", [8]) = 0
getsockopt(3, SOL_IP, 0x53 /* IP_??? */, "\6\0\0\0\6\0\0\0\0\0ST\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [40]) = 0
close(3) = 0
open("/lib64/iptables/libxt_standard.so", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\5\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=6152, ...}) = 0
mmap(NULL, 2101432, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f64eedfc000
fadvise64(3, 0, 2101432, POSIX_FADV_WILLNEED) = 0
mprotect(0x7f64eedfd000, 2093056, PROT_NONE) = 0
mmap(0x7f64eeffc000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7f64eeffc000
close(3) = 0
mprotect(0x7f64eeffc000, 4096, PROT_READ) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84]) = 0
getsockopt(3, SOL_IP, 0x41 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [13872]) = 0
setsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 14120) = -1 EINVAL (Invalid argument)
close(3) = 0
write(2, "iptables: Invalid argument. Run "..., 62) = 62
exit_group(1) = ?
next reply other threads:[~2011-10-02 9:13 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-02 9:13 Eugene [this message]
2011-10-03 10:33 ` Anton Farygin
2011-10-03 10:36 ` john
2011-10-03 10:59 ` Anton Farygin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201110022013.18949.john@sakh.com \
--to=john@sakh.com \
--cc=sisyphus@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Sisyphus discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus/0 sisyphus/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus sisyphus/ http://lore.altlinux.org/sisyphus \
sisyphus@altlinux.ru sisyphus@altlinux.org sisyphus@lists.altlinux.org sisyphus@lists.altlinux.ru sisyphus@lists.altlinux.com sisyphus@linuxteam.iplabs.ru sisyphus@list.linux-os.ru
public-inbox-index sisyphus
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git