设为首页收藏本站

LinuxSir.cn,穿越时空的Linuxsir!

 找回密码
 注册
搜索
热搜: shell linux mysql
LinuxSir.cn,穿越时空的Linuxsir!»论坛 Linux 发行版讨论区 —— LinuxSir.cn Gentoo Linux 问一句:2.6.16-gentoo-r9内核是否有bug?
返回列表 发新帖
查看: 942|回复: 9

问一句:2.6.16-gentoo-r9内核是否有bug?

[复制链接]
baryon
发表于 2006-6-18 18:01:05 | 显示全部楼层 |阅读模式
装iptables死活搞不定ip_conntrack模块,使ip_nat等模块无法加载,共享上网泡汤了。
两天来google到手酸,把内核选项排列组合了个遍。很受伤。:comp
回复

使用道具 举报

发表于 2006-6-18 18:16:08 | 显示全部楼层
"把内核选项排列组合了个遍"
同情一下
回复 支持 反对

使用道具 举报

shpchp
发表于 2006-6-18 18:20:20 | 显示全部楼层
ip_nat 没有任何问题,估计是你的内核选项有问题。
$ grep IP_NF /boot/config
  1. CONFIG_IP_NF_CONNTRACK=m
  2. CONFIG_IP_NF_CT_ACCT=y
  3. # CONFIG_IP_NF_CONNTRACK_MARK is not set
  4. # CONFIG_IP_NF_CONNTRACK_EVENTS is not set
  5. CONFIG_IP_NF_CT_PROTO_SCTP=m
  6. CONFIG_IP_NF_FTP=m
  7. CONFIG_IP_NF_IRC=m
  8. # CONFIG_IP_NF_NETBIOS_NS is not set
  9. CONFIG_IP_NF_TFTP=m
  10. CONFIG_IP_NF_AMANDA=m
  11. # CONFIG_IP_NF_PPTP is not set
  12. CONFIG_IP_NF_QUEUE=m
  13. CONFIG_IP_NF_IPTABLES=m
  14. CONFIG_IP_NF_MATCH_IPRANGE=m
  15. CONFIG_IP_NF_MATCH_MULTIPORT=m
  16. CONFIG_IP_NF_MATCH_TOS=m
  17. CONFIG_IP_NF_MATCH_RECENT=m
  18. CONFIG_IP_NF_MATCH_ECN=m
  19. CONFIG_IP_NF_MATCH_DSCP=m
  20. CONFIG_IP_NF_MATCH_AH_ESP=m
  21. CONFIG_IP_NF_MATCH_TTL=m
  22. CONFIG_IP_NF_MATCH_OWNER=m
  23. CONFIG_IP_NF_MATCH_ADDRTYPE=m
  24. # CONFIG_IP_NF_MATCH_HASHLIMIT is not set
  25. # CONFIG_IP_NF_MATCH_POLICY is not set
  26. CONFIG_IP_NF_FILTER=m
  27. CONFIG_IP_NF_TARGET_REJECT=m
  28. CONFIG_IP_NF_TARGET_LOG=m
  29. CONFIG_IP_NF_TARGET_ULOG=m
  30. CONFIG_IP_NF_TARGET_TCPMSS=m
  31. CONFIG_IP_NF_NAT=m
  32. CONFIG_IP_NF_NAT_NEEDED=y
  33. CONFIG_IP_NF_TARGET_MASQUERADE=m
  34. CONFIG_IP_NF_TARGET_REDIRECT=m
  35. CONFIG_IP_NF_TARGET_NETMAP=m
  36. CONFIG_IP_NF_TARGET_SAME=m
  37. CONFIG_IP_NF_NAT_SNMP_BASIC=m
  38. CONFIG_IP_NF_NAT_IRC=m
  39. CONFIG_IP_NF_NAT_FTP=m
  40. CONFIG_IP_NF_NAT_TFTP=m
  41. CONFIG_IP_NF_NAT_AMANDA=m
  42. CONFIG_IP_NF_MANGLE=m
  43. CONFIG_IP_NF_TARGET_TOS=m
  44. CONFIG_IP_NF_TARGET_ECN=m
  45. CONFIG_IP_NF_TARGET_DSCP=m
  46. # CONFIG_IP_NF_TARGET_TTL is not set
  47. CONFIG_IP_NF_RAW=m
  48. CONFIG_IP_NF_ARPTABLES=m
  49. CONFIG_IP_NF_ARPFILTER=m
  50. CONFIG_IP_NF_ARP_MANGLE=m
复制代码
$ grep NETFILTER_XT /boot/config
  1. CONFIG_NETFILTER_XTABLES=m
  2. CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
  3. CONFIG_NETFILTER_XT_TARGET_MARK=m
  4. # CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
  5. CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
  6. CONFIG_NETFILTER_XT_MATCH_COMMENT=m
  7. # CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set
  8. CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
  9. # CONFIG_NETFILTER_XT_MATCH_DCCP is not set
  10. CONFIG_NETFILTER_XT_MATCH_HELPER=m
  11. CONFIG_NETFILTER_XT_MATCH_LENGTH=m
  12. CONFIG_NETFILTER_XT_MATCH_LIMIT=m
  13. CONFIG_NETFILTER_XT_MATCH_MAC=m
  14. CONFIG_NETFILTER_XT_MATCH_MARK=m
  15. CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
  16. CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
  17. CONFIG_NETFILTER_XT_MATCH_REALM=m
  18. CONFIG_NETFILTER_XT_MATCH_SCTP=m
  19. CONFIG_NETFILTER_XT_MATCH_STATE=m
  20. # CONFIG_NETFILTER_XT_MATCH_STRING is not set
  21. CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
复制代码
回复 支持 反对

使用道具 举报

baryon
 楼主| 发表于 2006-6-18 19:35:34 | 显示全部楼层
按照楼上的配置,非但NAT没搞定,e1000网卡模块以及无线ipw2200模块还加载不了。
回复 支持 反对

使用道具 举报

shpchp
发表于 2006-6-18 21:05:36 | 显示全部楼层
这说明你的问题与 NETFILTER 部分的选项没有关系,而是整个网络部分的选项有问题。仔细检查一下。
回复 支持 反对

使用道具 举报

baryon
 楼主| 发表于 2006-6-18 21:11:40 | 显示全部楼层
有道理。你的这项我没找到CONFIG_IP_NF_MATCH_POLICY is not set,看来你网络部分的选项与我不同。拜托你把这部分也贴出来吧。
回复 支持 反对

使用道具 举报

shpchp
发表于 2006-6-18 21:22:33 | 显示全部楼层
我也懒得贴了,将整个config传上来了。
这个config是完全根据我的机器(compaq nc4000)优化的。
公共部分可以参考。驱动部分你需要按照你的机器配置加载,我只加载了我的硬件的相应驱动。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?注册

x
回复 支持 反对

使用道具 举报

baryon
 楼主| 发表于 2006-6-19 10:38:49 | 显示全部楼层
谢谢shpchp朋友,我根据您的config改了网络部分,还是老问题,nat起不来,e1000起不来,ipw2200起不来。看来是我的rpwt。
看到编译conntrack模块时报两个变量没初始化,不知是否有关系(我用的gcc 4.1.1)。
回复 支持 反对

使用道具 举报

baryon
 楼主| 发表于 2006-6-20 18:00:01 | 显示全部楼层
不能理解,换2.6.17-gentoo内核就好了。
lsmod
Module                  Size  Used by
ipt_REJECT              5120  0
xt_tcpudp               3200  36
xt_state                2176  1
iptable_filter          3072  1
ipt_MASQUERADE          3328  0
iptable_nat             6532  0
ip_nat                 15788  2 ipt_MASQUERADE,iptable_nat
ip_conntrack           45204  4 xt_state,ipt_MASQUERADE,iptable_nat,ip_nat
ip_tables              13256  2 iptable_filter,iptable_nat
x_tables               13700  6 ipt_REJECT,xt_tcpudp,xt_state,ipt_MASQUERADE,iptable_nat,ip_tables
ieee80211_crypt_wep     5248  1
radeon                113312  1
ipw2200               175176  0
ieee80211              47468  1 ipw2200
ieee80211_crypt         6400  2 ieee80211_crypt_wep,ieee80211
e1000                 107704  0
uname -a
Linux baryon 2.6.17-gentoo #1 PREEMPT Tue Jun 20 16:17:42 GMT 2006 i686 Intel(R) Pentium(R) M processor 2.00GHz GNU/Linux
# Networking
#
CONFIG_NET=y

#
# Networking options
#
# CONFIG_NETDEBUG is not set
CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
CONFIG_UNIX=y
# CONFIG_NET_KEY is not set
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
CONFIG_IP_FIB_HASH=y
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set
# CONFIG_IP_MROUTE is not set
# CONFIG_ARPD is not set
# CONFIG_SYN_COOKIES is not set
# CONFIG_INET_AH is not set
# CONFIG_INET_ESP is not set
# CONFIG_INET_IPCOMP is not set
# CONFIG_INET_XFRM_TUNNEL is not set
# CONFIG_INET_TUNNEL is not set
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
# CONFIG_TCP_CONG_ADVANCED is not set
CONFIG_TCP_CONG_BIC=y

#
# IP: Virtual Server Configuration
#
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
# CONFIG_INET6_XFRM_TUNNEL is not set
# CONFIG_INET6_TUNNEL is not set
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set

#
# Core Netfilter Configuration
#
CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NETFILTER_NETLINK_LOG=m
CONFIG_NETFILTER_XTABLES=m
# CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set
# CONFIG_NETFILTER_XT_TARGET_MARK is not set
# CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
# CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
# CONFIG_NETFILTER_XT_MATCH_CONNTRACK is not set
# CONFIG_NETFILTER_XT_MATCH_DCCP is not set
# CONFIG_NETFILTER_XT_MATCH_ESP is not set
# CONFIG_NETFILTER_XT_MATCH_HELPER is not set
# CONFIG_NETFILTER_XT_MATCH_LENGTH is not set
# CONFIG_NETFILTER_XT_MATCH_LIMIT is not set
# CONFIG_NETFILTER_XT_MATCH_MAC is not set
# CONFIG_NETFILTER_XT_MATCH_MARK is not set
# CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set
# CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set
# CONFIG_NETFILTER_XT_MATCH_REALM is not set
# CONFIG_NETFILTER_XT_MATCH_SCTP is not set
CONFIG_NETFILTER_XT_MATCH_STATE=m
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set

#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=m
# CONFIG_IP_NF_CT_ACCT is not set
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CONNTRACK_NETLINK is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
# CONFIG_IP_NF_FTP is not set
# CONFIG_IP_NF_IRC is not set
# CONFIG_IP_NF_NETBIOS_NS is not set
# CONFIG_IP_NF_TFTP is not set
# CONFIG_IP_NF_AMANDA is not set
# CONFIG_IP_NF_PPTP is not set
# CONFIG_IP_NF_H323 is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=m
# CONFIG_IP_NF_MATCH_IPRANGE is not set
# CONFIG_IP_NF_MATCH_TOS is not set
# CONFIG_IP_NF_MATCH_RECENT is not set
# CONFIG_IP_NF_MATCH_ECN is not set
# CONFIG_IP_NF_MATCH_DSCP is not set
# CONFIG_IP_NF_MATCH_AH is not set
# CONFIG_IP_NF_MATCH_TTL is not set
# CONFIG_IP_NF_MATCH_OWNER is not set
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_HASHLIMIT is not set
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
# CONFIG_IP_NF_TARGET_ULOG is not set
# CONFIG_IP_NF_TARGET_TCPMSS is not set
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
# CONFIG_IP_NF_TARGET_REDIRECT is not set
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
# CONFIG_IP_NF_MANGLE is not set
# CONFIG_IP_NF_RAW is not set
# CONFIG_IP_NF_ARPTABLES is not set

#
# DCCP Configuration (EXPERIMENTAL)
#
# CONFIG_IP_DCCP is not set

#
# SCTP Configuration (EXPERIMENTAL)
#
# CONFIG_IP_SCTP is not set

#
# TIPC Configuration (EXPERIMENTAL)
#
# CONFIG_TIPC is not set
# CONFIG_ATM is not set
# CONFIG_BRIDGE is not set
# CONFIG_VLAN_8021Q is not set
# CONFIG_DECNET is not set
# CONFIG_LLC2 is not set
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
# CONFIG_NET_DIVERT is not set
# CONFIG_ECONET is not set
# CONFIG_WAN_ROUTER is not set

#
# QoS and/or fair queueing
#
# CONFIG_NET_SCHED is not set

#
# Network testing
#
# CONFIG_NET_PKTGEN is not set
# CONFIG_HAMRADIO is not set
# CONFIG_IRDA is not set
# CONFIG_BT is not set
# CONFIG_IEEE80211 is not set
CONFIG_WIRELESS_EXT=y
回复 支持 反对

使用道具 举报

发表于 2006-6-20 19:15:53 | 显示全部楼层
是不是跟这个 bugfix 有关:
commit 6bd4ccaef717ade827577eacc9df870fbf5e7c46
Author: Chris Wright <chrisw@sous-sol.org>
Date:   Tue Jun 20 02:31:55 2006 -0700

    Linux 2.6.17.1

commit b9d3e52e0e0f95ab5198ac20fbc47b3cb1a63407
Author: Patrick McHardy <kaber@trash.net>
Date:   Mon Jun 19 19:14:21 2006 +0200

    [PATCH] xt_sctp: fix endless loop caused by 0 chunk length (CVE-2006-3085)
   
    Fix endless loop in the SCTP match similar to those already fixed in the
    SCTP conntrack helper (was CVE-2006-1527).
   
    Signed-off-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

快速回复 返回顶部 返回列表