Control: tag -1 patch On Tue, 2016-06-28 at 14:31 -0700, Jacob Lundberg wrote: > Package: src:linux > Version: 3.16.7-ckt25-2+deb8u2 > Severity: important > > We upgraded linux-image-3.16.0-4-amd64 from 3.16.7-ckt25-2 to > 3.16.7-ckt25-2+deb8u2 on some servers today and could no longer use > the ebtables utility to configure the kernel's ebtables. > > Start-Date: 2016-06-28 11:35:27 > Commandline: apt-get dist-upgrade > Upgrade: linux-image-3.16.0-4-amd64:amd64 (3.16.7-ckt25-2, 3.16.7-ckt25-2+deb8u2) > End-Date: 2016-06-28 11:35:53 > > arithon:~# ebtables -t nat -A OUTPUT -p IPv4 --ip-src 10.1.2.3 --ip-proto tcp --ip-sport 8080 -j dnat --to-dst 02:e0:11:22:33:44 --dnat-target ACCEPT > Unable to update the kernel. Two possible causes: > 1. Multiple ebtables programs were executing simultaneously. The ebtables > userspace tool doesn't by default support multiple ebtables programs running > concurrently. The ebtables option --concurrent or a tool like flock can be > used to support concurrent scripts that update the ebtables kernel tables. > 2. The kernel doesn't support a certain ebtables extension, consider > recompiling your kernel or insmod the extension. > . > > Reverting to 3.16.7-ckt25-2 allows ebtables to function once more. > > No log messages appear to be generated when ebtables fails. > > This is somewhat remniscent of netfilter commit ebd3d550701d6a3304e57e356a9418f1a73a998f > https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.73 Yes, thanks for that. I thought I had picked all the same netfilter fixes that went into 3.14.73, but I missed that one. Ben. -- Ben Hutchings Make three consecutive correct guesses and you will be considered an expert.
Attachment:
signature.asc
Description: This is a digitally signed message part