Bug#1085953: ip6tables: Extension MARK revision 0 not supported

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1085953: ip6tables: Extension MARK revision 0 not supported
From: Chris Boot <bootc@debian.org>
Date: Wed, 23 Oct 2024 22:07:20 +0100
Message-id: <[🔎] 172971764032.629580.17165434721702009581.reportbug@dietrich.boo.tc>
Reply-to: Chris Boot <bootc@debian.org>, 1085953@bugs.debian.org

Package: src:linux
Version: 6.11.4-1
Severity: important
Tags: ipv6

Hi,

I upgraded a couple of systems from linux-image-6.11.2-amd64 to
linux-image-6.11.4-amd64 and after rebooting the systems' firewalls fail
to start.

The problem can be reproduced very simply:

# ip6tables -w -t mangle -A fooX9269 -j MARK --set-mark 1
Warning: Extension MARK revision 0 not supported, missing kernel module?
ip6tables: No chain/target/match by that name.

When reverting to linux-image-6.11.2-amd64 the firewalls start correctly
again, and the test command displayed above works as expected.

The firewall systems I tested are shorewall6 and the (complex!) ruleset
that kube-proxy generates for Kubernetes 1.31.1.

In all cases I am using ip6tables-nft not ip6tables-legacy.

Thanks,
Chris

-- Package-specific info:
** Kernel log: boot messages should be attached


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.11.2-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages linux-image-6.11.4-amd64 depends on:
ii  initramfs-tools [linux-initramfs-tool]  0.145
ii  kmod                                    33+20240816-2
ii  linux-base                              4.10.1

Versions of packages linux-image-6.11.4-amd64 recommends:
ii  apparmor  3.1.7-1+b1

Versions of packages linux-image-6.11.4-amd64 suggests:
pn  debian-kernel-handbook  <none>
ii  firmware-linux-free     20240610-1
ii  grub-efi-amd64          2.12-5
pn  linux-doc-6.11          <none>

Versions of packages linux-image-6.11.4-amd64 is related to:
pn  firmware-amd-graphics     <none>
pn  firmware-atheros          <none>
pn  firmware-bnx2             <none>
pn  firmware-bnx2x            <none>
pn  firmware-brcm80211        <none>
pn  firmware-cavium           <none>
pn  firmware-intel-sound      <none>
pn  firmware-intelwimax       <none>
pn  firmware-ipw2x00          <none>
pn  firmware-ivtv             <none>
pn  firmware-iwlwifi          <none>
pn  firmware-libertas         <none>
pn  firmware-linux-nonfree    <none>
pn  firmware-misc-nonfree     <none>
pn  firmware-myricom          <none>
pn  firmware-netxen           <none>
pn  firmware-qlogic           <none>
pn  firmware-realtek          <none>
pn  firmware-samsung          <none>
pn  firmware-siano            <none>
pn  firmware-ti-connectivity  <none>
pn  xen-hypervisor            <none>

-- no debconf information

Reply to:

Follow-Ups:
- Bug#1085953: ip6tables: Extension MARK revision 0 not supported
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Processed: Re: Bug#1085953: ip6tables: Extension MARK revision 0 not supported
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1085953: marked as done (ip6tables: Extension MARK revision 0 not supported)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: submitter 1085949
Next by Date: Bug#1084908: arch:all linux-libc-dev causes problems to architecture bootstrap
Previous by thread: Processed: submitter 1085949
Next by thread: Bug#1085953: ip6tables: Extension MARK revision 0 not supported
Index(es):
- Date
- Thread