[Fwd: Re: Shorewall and SPARC]

> Roberto C. Sánchez wrote:
> >On Thu, Aug 21, 2008 at 12:34:57PM -0400, Eric Nichols wrote:
> >>Hello,
> >>I've been using shorewall in Etch for quite a while and I absolutely
> >>love it.  I am currently running this on a Sun Ultra 2 (SPARC processor)
> >>and get the following messages below.  Should I be concerned about them?
> >> I can't find anything that references these items.
> >>
> >>ip_tables: conntrack match: invalid size 80 != 72
> >>ip_tables: connmark match: invalid size 24 != 16
> >>ip_tables: MARK target: invalid size 16 != 8
> >>ip_tables: CONNMARK target: invalid size 24 != 16
> >>
> >OK.  I should have been able to diagnose this right away, but it escaped
> >me.  After consultation with the author of Shorewall, I can point you at
> >this: http://www.shorewall.net/3.0/FAQ.htm#faq61
> >
> >Basically, I think that this can be caused by a partially upgraded
> >system.  Did you happen to upgrade iptables but not the kernel?
> >
> >Regards,
> >
> >-Roberto
> >
> I've seen this on just about every sparc install I've done.  I'm running
> stock etch with everything current.  I'm leaning more towards an issue
> in the sparc build itself.  It's not the most widely maintained
> architecture.  Thanks for the followup.
>

> I apologize for the long thread.  This was a discussion I had with the
> shorewall maintainer for debian.  Might be a sparc issue?
>
> ------------------------------ Original Message ------------------------------
> Subject: Re: Shorewall and SPARC
> From:    Roberto C. Sánchez <roberto@...>
> Date:    Thu, August 21, 2008 8:05 pm
> To:      "Eric Nichols" <eric@...>
> ------------------------------------------------------------------------------
>
> On Thu, Aug 21, 2008 at 07:25:50PM -0400, Eric Nichols wrote:
>> Roberto C. Sánchez wrote:
>>> On Thu, Aug 21, 2008 at 12:34:57PM -0400, Eric Nichols wrote:
>>>> Hello,
>>>> I've been using shorewall in Etch for quite a while and I absolutely
>>>> love it.  I am currently running this on a Sun Ultra 2 (SPARC processor)
>>>> and get the following messages below.  Should I be concerned about them?
>>>> I can't find anything that references these items.
>>>>
>>>> ip_tables: conntrack match: invalid size 80 != 72
>>>> ip_tables: connmark match: invalid size 24 != 16
>>>> ip_tables: MARK target: invalid size 16 != 8
>>>> ip_tables: CONNMARK target: invalid size 24 != 16
>>>>
>>> OK.  I should have been able to diagnose this right away, but it escaped
>>> me.  After consultation with the author of Shorewall, I can point you at
>>> this: http://www.shorewall.net/3.0/FAQ.htm#faq61
>>>
>>> Basically, I think that this can be caused by a partially upgraded
>>> system.  Did you happen to upgrade iptables but not the kernel?
>>>
>>> Regards,
>>>
>>> -Roberto
>>>
>> I've seen this on just about every sparc install I've done.  I'm running
>> stock etch with everything current.  I'm leaning more towards an issue
>> in the sparc build itself.  It's not the most widely maintained
>> architecture.  Thanks for the followup.
>>
> I've never used Debian on Sparc hardware, so I don't know.  However,
> according to Tom (the author of Shorewall), this is a common occurrence
> on Debian and it has to do with iptables being built against an
> incompatible set of kernel headers (as compared to the kernel against
> which it is running).
>
> If you try asking your question on the mailing list (and at least
> mention that you have already been give an answer, but that you are
> looking for more info), you might find a Debian+Sparc user who can help.
> You might also try the netfilter mailing list, as this is not
> Shorewall-specific.
>
> Regards,
>
> -Roberto