grsecurity forums


https://forums.grsecurity.net./

kernel 2.6.17 and stealth module

https://forums.grsecurity.net./viewtopic.php?f=3&t=1544

Page 1 of 1

kernel 2.6.17 and stealth module

PostPosted: Wed Aug 30, 2006 8:58 am
by vik
Hello,
on 2.6.17.11-grsec with stealth match support enabled and iptables v1.3.5 patched with grsecurity-iptables-1.3.5.patch I got this:
Code: Select all
iptables -A INPUT -p tcp -m stealth -j DROP
iptables: Unknown error 4294967295


The same for udp.

I don't know if it is the same thing, but it is same error I got when using connlimit from pom. Meanwhile connlimit was upgraded to new 2.6.17 netfilter API and works.

Thanks,
Victor

PostPosted: Thu Aug 31, 2006 2:30 pm
by spender
Are you using the latest patch on the website (released on 8/28)? It has changes to the stealth module that should fix that problem. Let me know if you still experience it.

-Brad

PostPosted: Fri Sep 01, 2006 3:06 am
by vik
I recompliled with grsecurity-2.1.9-2.6.17.11-200608282236.patch, also recompiled iptables, but the same error is there. Please tell me what other informations you need (kernel .config, gcc version, etc).

Thanks,
Victor

PostPosted: Fri Sep 01, 2006 11:51 am
by spender
It works properly on my system. Do you see anything in your dmesg when you get the error? From what I've seen on the netfilter list, that error is related to modules that hadn't updated to the xtables changes, which I had done in the latest 2.6 patch. Are you sure you're running the new kernel?

-Brad

PostPosted: Mon Sep 04, 2006 3:04 am
by vik
Yes, it works, i recompiled again and I found that my .config was wrong. Sorry for this and thank you for replies.

Victor
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/