In my opinion, the xt_geoip modules from xtables-addons have nothing to do with your error. I would rather bet on the cooperation of the e1000e network card driver with the tcpip stack. I admit that I also had problems with the cards from the e1000e and e1000 controllers. They were all network cards built into Intel motherboards. Network cards on PCI-E on the e1000e driver, i.e. the whole series of Intel chips did not cause problems. I just use Slackware linux and compile kernels myself. The main rule is that the things that are needed to start the machine should be compiled into the kernel (or included in inirtd) e.g. support for RAM, processor, disk controller from which the system is to start, filesystem of the root partition, etc. The rest can be loaded as modules. The xtables-addons package must be compiled on the kernel on which the system is currently running. Xtables-addons have kernel modules and they install in the extra kernel modules subdirectory.
>>People on the Linux Kernel mailing lists will simply ignore my bug >>reports if the kernel states that it's tainted. Of course these modules come not from the kernel tree itself. And they will not take care of such things. Their point of view is understandable. Best regards wt., 11 lut 2020 o 21:24 Vieri Di Paola <vieridipa...@gmail.com> napisaĆ(a): > On Tue, Feb 11, 2020 at 5:33 PM Witold Tosta <witold.to...@gmail.com> > wrote: > > > > > > > > Now, xt_geoip is never loaded (nor are the other ones). > > > > Could you please explain why you don't want the module xt_geoip to be > > loaded? For Linux system, loading it really doesn't matter. > > Why? Well, I've been using xt_geoip and xtables-addons for years > without issues, but recently I'm having nightmares. > > With recent kernels on different hardware I get very worrisome kernel > traces in syslog. > Things like: > > WARNING: CPU: 6 PID: 0 at net/ipv4/tcp_output.c:915 tcp_wfree.cold+0xc/0x13 > > It's always about tcp_output.c:915. > Oh, and I've tried a whole bunch of kernel versions. > > I even suffered a system freeze/kernel panic after just one week of > system uptime (the traces were the same). > > Regardless of the root cause, the main issue regarding xt_geoip and > xtables-addons modules (that are not properly signed) was that > whenever there's a trace, the kernel reports that it's tainted because > of out-of-tree modules. > People on the Linux Kernel mailing lists will simply ignore my bug > reports if the kernel states that it's tainted. > > Further details here for those who might be curious: > > https://forums.gentoo.org/viewtopic-p-8419232.html?sid=ef4e980cc09c8f5029c827aa11d42f1b#8419232 > > So, yes, xt_geoip is great and probably faster than an ipset-based > alternative. > There's also some doubt as to whether xt_geoip can be used with nftables. > > Anyway, my main concern now are these dreaded kernel messages. > > Thanks, > > Vieri > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > -- Witold Tosta
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
