"RATEEST" and "statistic" modules are broken

Bug #982961 reported by Ilya Voronin on 2012-04-16
84
This bug affects 16 people
Affects Status Importance Assigned to Milestone
iptables (Ubuntu)
Undecided
Unassigned
Precise
Medium
Chris J Arges
Quantal
Medium
Chris J Arges

Bug Description

[Impact]
The RATEEST and statistic modules in iptables do not work correctly because they were not built properly. By linking these modules against -lm the modules work correctly.

[Test Case]
Run the following:

# iptables -m RATEEST
/lib/xtables/libxt_RATEEST.so: /lib/xtables/libxt_RATEEST.so: undefined symbol: log
iptables v1.4.12: Couldn't load match `RATEEST':Success

Try `iptables -h' or 'iptables --help' for more information.

# iptables -m statistic
/lib/xtables/libxt_statistic.so: /lib/xtables/libxt_statistic.so: undefined symbol: lround
iptables v1.4.12: Couldn't load match `statistic':Success

To pass the test we shouldn't see 'undefined symbol' for lround/log.

[Regression Potential]
These patches are cherry-picked from upstream iptables.
They only add -lm when building RATEEST and statistics modules.

--

# iptables -m RATEEST
/lib/xtables/libxt_RATEEST.so: /lib/xtables/libxt_RATEEST.so: undefined symbol: log
iptables v1.4.12: Couldn't load match `RATEEST':Success

Try `iptables -h' or 'iptables --help' for more information.

# iptables -m statistic
/lib/xtables/libxt_statistic.so: /lib/xtables/libxt_statistic.so: undefined symbol: lround
iptables v1.4.12: Couldn't load match `statistic':Success

Try `iptables -h' or 'iptables --help' for more information.

This two modules should be linked against -lm

Related branches

Ilya Voronin (ivoronin) wrote :

Quick fix

The attachment "xtables-lm-noasneeded.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in iptables (Ubuntu):
status: New → Confirmed
madHamish (antoine-dymond) wrote :

Patch posted by Ilya Voronin on 2012-05-05 worked for me.

vovo4ka (vovka-krevedko) wrote :

so can anybody give us compiled libxt_statistic.so module?

Ilya Voronin (ivoronin) wrote :

Its easy to build your own:

$ apt-get build-dep iptables
$ apt-get build-dep iptables
$ wget https://launchpadlibrarian.net/104349144/xtables-lm-noasneeded.patch
$ cd iptables-1.4.12
$ quilt import ../xtables-lm-noasneeded.patch
$ quilt push -a
$ dpkg-buildpackage -b
$ cd ..
$ sudo dpkg -i iptables_1.4.12-1ubuntu4_amd64.deb
$ echo "iptables hold" | sudo dpkg --set-selections

Ilya Voronin (ivoronin) wrote :

...

$ apt-get build-dep iptables
$ apt-get source iptables

sles (slesru) wrote :

OK, as I see patch in another bug is released in June.
Any chance to have it in updates ? :-)

Dimitri John Ledkov (xnox) wrote :

iptables (1.4.12-2ubuntu3) raring; urgency=low

  * 9007-lp982961-xtables-lm-noasneeded.patch: fix linking of RATEEST and
    statistic modules. (LP: #982961)

Date: Mon, 03 Dec 2012 11:46:39 +0000
Changed-By: Dmitrijs Ledkovs <email address hidden>
Maintainer: Ubuntu Developers <email address hidden>
https://launchpad.net/ubuntu/raring/+source/iptables/1.4.12-2ubuntu3

Uploaded into raring, but it will probably fail to build from source due to bug 1085958

Changed in iptables (Ubuntu):
status: Confirmed → Fix Committed
Jeff Mitchell (jefferai) wrote :

Any chance to see this in Precise? It's kind of a nasty bug in an LTS. I could build the package myself, but if it will come out in -updates anyways (which I think it should) then I'd rather wait.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package iptables - 1.4.12-2ubuntu3

---------------
iptables (1.4.12-2ubuntu3) raring; urgency=low

  * 9007-lp982961-xtables-lm-noasneeded.patch: fix linking of RATEEST and
    statistic modules. (LP: #982961)
 -- Dmitrijs Ledkovs <email address hidden> Mon, 03 Dec 2012 11:46:39 +0000

Changed in iptables (Ubuntu):
status: Fix Committed → Fix Released
Pavel Labushev (w44w9zx3z) wrote :

Please, release the fix for precise.

Leslie Jones (mailbackup19) wrote :

Any ETA on a proper fix for this? #6 instructions incomplete and duplicate steps

This is a major bug that has been in place for nearly a year!

Tais P. Hansen (taisph) on 2013-01-25
no longer affects: iptables
Chris J Arges (arges) on 2013-01-30
Changed in iptables (Ubuntu Precise):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Chris J Arges (arges)
Chris J Arges (arges) on 2013-01-30
Changed in iptables (Ubuntu Quantal):
importance: Undecided → Medium
status: New → In Progress
assignee: nobody → Chris J Arges (arges)
Chris J Arges (arges) wrote :

Linked branches for quantal/precise to fix this issue.

description: updated
Bryce Harrington (bryce) wrote :

Both branch uploads have been sponsored. Moving subscription from ubuntu-sponsors to ubuntu-sru.

Changed in iptables (Ubuntu Precise):
status: In Progress → Fix Committed
Changed in iptables (Ubuntu Quantal):
status: In Progress → Fix Committed

Hello Ilya, or anyone else affected,

Accepted iptables into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/iptables/1.4.12-2ubuntu2.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Chris J Arges (arges) wrote :

I have installed this in a quantal VM and can verify it does fix the issue.

Any word on the precise SRU?

tags: added: verification-done
removed: verification-needed
Chris J Arges (arges) wrote :

Nevermind, I see both P/Q branches are pending.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package iptables - 1.4.12-2ubuntu2.1

---------------
iptables (1.4.12-2ubuntu2.1) quantal-proposed; urgency=low

  * Add debian/patches/0002-libxt_RATEEST-link-with-lm.patch and
    debian/patches/0003-libxt_statistic-link-with-lm.patch to fix broken
    RATEEST and statistic modules. (LP: #982961)
 -- Chris J Arges <email address hidden> Wed, 30 Jan 2013 09:27:30 -0600

Changed in iptables (Ubuntu Quantal):
status: Fix Committed → Fix Released
Dave Walker (davewalker) wrote :

Hello Ilya, or anyone else affected,

Accepted iptables into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/iptables/1.4.12-1ubuntu5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: removed: verification-done
tags: added: verification-needed
Bryan Quigley (bryanquigley) wrote :

Both commands no longer execute with undefined symbols.

#iptables -m RATEEST
/lib/xtables/libxt_RATEEST.so: no "RATEEST" extension found for this protocol
iptables v1.4.12: Couldn't load match `RATEEST':No such file or directory

# iptables -m statistic
iptables v1.4.12: --probability must be specified when using random mode

My other brief testing also succeeded.

tags: added: verification-done
removed: verification-needed
mark sersland (zres521) on 2013-03-12
Changed in iptables (Ubuntu Precise):
status: Fix Committed → New
mark sersland (zres521) on 2013-03-12
Changed in iptables (Ubuntu Precise):
status: New → Fix Released
Chris J Arges (arges) on 2013-03-14
Changed in iptables (Ubuntu Precise):
status: Fix Released → Fix Committed
Yucong Sun (sunyucong) wrote :

when would this be released ??!!!

tags: added: verification-done-precise
removed: verification-done
Colin Watson (cjwatson) wrote :

@sunyucong: It's waiting for bug 1074923 to be verified.

Chris J Arges (arges) wrote :

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package iptables - 1.4.12-1ubuntu5

---------------
iptables (1.4.12-1ubuntu5) precise; urgency=low

  * Add debian/patches/0002-libxt_RATEEST-link-with-lm.patch and
     debian/patches/0003-libxt_statistic-link-with-lm.patch to fix broken
     RATEEST and statistic modules. (LP: #982961)
  * libxt_string: fix space around arguments. (LP: #1074923)
 -- Chris J Arges <email address hidden> Thu, 28 Feb 2013 13:41:27 -0600

Changed in iptables (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers