[CCing Ilya and the regression list, as it should be in the loop for regressions: https://docs.kernel.org/admin-guide/reporting-regressions.html]
Hi,
After upgrading to 6.6.57 I noticed that my IPv6 firewall config failed to load.
Quick investigation flagged NFLOG to be the issue:
# ip6tables -I INPUT -j NFLOG Warning: Extension NFLOG revision 0 not supported, missing kernel module? ip6tables: No chain/target/match by that name.
The regression is caused by the following commit: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/c...
Not my area of expertise, but from a quick look is seems to be a known problem due to some typos and people are working on a fix here:
https://lore.kernel.org/all/20241019-xtables-typos-v3-1-66dd2eaacf2f@0upti.m...
Ciao, Thorsten
More precisely, the bug is in the change below:
+#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
- {
.name = "NFLOG",.revision = 0,.family = NFPROTO_IPV4,.checkentry = nflog_tg_check,.destroy = nflog_tg_destroy,.target = nflog_tg,.targetsize = sizeof(struct xt_nflog_info),.me = THIS_MODULE,- },
+#endif
Replacing NFPROTO_IPV4 with NFPROTO_IPV6 fixed the issue.
Looking at the commit, it seems that at least one more target (MARK) may be also impacted:
+#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
- {
.name = "MARK",.revision = 2,.family = NFPROTO_IPV4,.target = mark_tg,.targetsize = sizeof(struct xt_mark_tginfo2),.me = THIS_MODULE,- },
+#endif
The same errors seem to be present in the main tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
I also suspect other -stable trees may be impacted by the same issue.
Best regards, Krzysztof Olędzki