On Fri, Mar 01, 2002 at 06:23:46PM +0100, [EMAIL PROTECTED] wrote: > I tried the following: > Made a fresh install of RH7.2. Then got an iptables.src.rpm (1.2.5) and > installed it. (It was a standard RH 7.2 kernel 2.4.9) > iptables -t mangle -L --------> OK > > Then I tried to get a ____fresh 2.4.18____ /not redhat/ kernel and > compiled & installed it. Result: -------> NOT OK > iptables: libiptc/libip4tc.c:384: do_check: Assertion > `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed. > Aborted > > Fresh 2.4.17_______/not RH/ and c & i. Result > iptables -t mangle -L ------> OK > > Fresh 2.5.2______ kernel: > iptables -t mangle -L ------> OK > > Fresh 2.5.5______ kernel: > iptables -t mangle -L -------> NOT OK > iptables: libiptc/libip4tc.c:384: do_check: Assertion > `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed. > Aborted
Exactly. A change incorporated in 2.4.18 and 2.5.5 fails, if you have debugging turned on. > So I can confirm that the problem is with kernel 2.4.18 and 2.5.5. In all > cases the userspace program was RedHat's iptables-1.2.5 Yes, we've noticed that :( > According to you the problem IS in my iptables although I mentioned that > earlier (as can be read later) I used the standard iptables-1.2.5.tar.bz2 > from netfilter.samba.org. Did you use the redhat SPEC file? Maybe it is overriding our COPT_FLAGS environment variable. If you compile the package from the source, it just works. btw: It has to be something RH specific. For example, I have created and am still maintaining the Conectiva Linux iptables RPM. And I didn't do anything special while writing the SPEC. > By "Some vendors, esp. redhat, were mistakenly shipping iptables packages > with > debugging enabled." you mean netfilter.samba.org is one of them ? ;-) no, netfilter.samba.org is not one of them. there is a COPT_FLAGS=-DNDEBUG NDEBUG == NO DEBUG. Unless you don't override this COPT_FLAGS variable, your iptables will work just fine. > Thanks for your help. > > Best regards, > > Gabor Horvath > [EMAIL PROTECTED] -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
