Ubuntu
iptables package

libipt_icmp.so: undefined symbol: __stack_chk_fail_local

Bug #66681 reported by i3dmaster on 2006-10-18

78

Affects		Status	Importance	Assigned to	Milestone
	iptables	Invalid	Undecided	Unassigned
	iptables (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: iptables

zsh 1674 [2] # iptables -A FORWARD -p icmp -m icmp --icmp-type ping -d x.x.x.x/24 -j DROP
iptables v1.3.5: Couldn't load match `icmp':/lib/iptables/libipt_icmp.so: undefined symbol: __stack_chk_fail_local

Try `iptables -h' or 'iptables --help' for more information.

uname -a
Linux ubuntubaby 2.6.17-10-server #2 SMP Fri Oct 13 18:47:26 UTC 2006 i686 GNU/Linux
Ubuntu edgy eft

Kai Kasurinen (kai-kasurinen) on 2006-10-18

Changed in iptables:
status:	Unconfirmed → Confirmed

Revision history for this message

Jürgen Kreileder (jk) wrote on 2006-10-20:

#1

Adding -fno-stack-protector to CFLAGS fixes the problem.

Revision history for this message

i3dmaster (i3dmaster-gmail) wrote on 2006-10-20:

#2

Any security concerns on taking out stack-protector?

Revision history for this message

Jürgen Kreileder (jk) wrote on 2006-10-20:

#3

> Any security concerns on taking out stack-protector?

All older versions of iptables where compiled without this feature, so it doesn't get worse at least.
(-fstack-protector is now enabled by default in Ubuntu's gcc-4.1, that's how it got in.)

Revision history for this message

Rocco Stanzione (trappist) wrote on 2006-10-20:

#4

Can anyone reproduce this on amd64? I can't.

Revision history for this message

Jose Bernardo (bernardo-bandos) wrote on 2006-10-20:

#5

On amd64 it works. On x86 it gives the "Unknown arg `--icmp-type`" error that breaks shorewall and guarddog. At least for me.

Revision history for this message

Kubicle (kubicle-deactivatedaccount) wrote on 2006-10-21:

#6

Nitpicking a bit, but shouldn't this bug be a duplicate of 66106 rather than the other way around? :P

It would be easier to follow the comments if they would be directed to the original report instead of spreading them between the original and newer reports. Of course it doesn't matter much, I'm sure the issue will be resolved either way :)

Revision history for this message

amichair (amichai2) wrote on 2006-10-23:

#7

I just upgraded dapper to edgy RC, and found guarddog is broken, giving the message
"iptables v1.3.5: Unknown arg `--icmp-type'
Try `iptables -h' or 'iptables --help' for more information." this appears to be related. any chance this will be fixed in edgy final? wouldn't want to break all them dapper firewalls down the moment they upgrade...

Revision history for this message

Laurent Bigonville (bigon) wrote on 2006-10-23:

#8

It's working when compiled with -fno-stack-protector

Bug Watch Updater (bug-watch-updater) on 2006-10-23

Changed in iptables:
status:	Unknown → Rejected

Revision history for this message

Andrew Mitchell (ajmitch) wrote on 2006-10-23:

#9

iptables (1.3.5.0debian1-1ubuntu2) edgy; urgency=low
.
* Build with -fno-stack-protector to fix failing ICMP module (Malone: #66681)

Changed in iptables:
status:	Confirmed → Fix Committed

Andrew Mitchell (ajmitch) on 2006-10-23

Changed in iptables:
status:	Fix Committed → Fix Released

Revision history for this message

Jose Bernardo (bernardo-bandos) wrote on 2006-10-25:

#10

Confirmed, now guarddog and shorewall can manage icmp once again without problems. Thanks!

Revision history for this message

Matthias Klose (doko) wrote on 2007-09-08:

#11

reopening, please could somebody recheck this with current gutsy (build with -fstack-protector enabled)?

Changed in iptables:
status:	Fix Released → Incomplete

Revision history for this message

Martin Pitt (pitti) wrote on 2007-09-10:

#12

Works for me on current gutsy amd64.

Revision history for this message

codetiger (nharishankar) wrote on 2007-10-10:

#13

Screenshot.png Edit (271.9 KiB, image/png)

I have attached the error I recieved when I use DHCP function with firestarter

Revision history for this message

Gavin Panella (allenap) wrote on 2007-12-18:

#14

The remote bug tracker no longer functional. Was watching https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=525

Revision history for this message

Connor Imes (ckimes) wrote on 2008-08-23:

#15

Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering is this still an issue for you? Can you try with latest Ubuntu release? Thanks in advance.

Revision history for this message

Daniel T Chen (crimsun) wrote on 2008-09-18:

#16

Works fine for me in 8.10 alpha on amd64 and ia32.

Martin Pitt (pitti) on 2008-09-18

Changed in iptables:
status:	Incomplete → Fix Released
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Screenshot.png Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.