Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

REJECT iptables rule not applying after 6.12.1 => 6.12.4 upgrade #361

Open
danog opened this issue Dec 17, 2024 · 9 comments
Open

REJECT iptables rule not applying after 6.12.1 => 6.12.4 upgrade #361

danog opened this issue Dec 17, 2024 · 9 comments

Comments

@danog
Copy link
Contributor

danog commented Dec 17, 2024

An iptables setup containing a iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited doesn't block incoming connections on 6.12.4, on an Ubuntu system running the cachyos kernel.

Everything worked correctly on 6.12.1, and testing on a dev cachyos machine on 6.12.5 also seems to work fine: will attempt to test 6.12.5 on ubuntu, opening this issue just to track the existence of the problem at least on 6.12.4.
@ptr1337
Copy link
Member

ptr1337 commented Dec 17, 2024

An iptables setup containing a iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited doesn't block incoming connections on 6.12.4, on an Ubuntu system running the cachyos kernel.

Everything worked correctly on 6.12.1, and testing on a dev cachyos machine on 6.12.5 also seems to work fine: will attempt to test 6.12.5 on ubuntu, opening this issue just to track the existence of the problem at least on 6.12.4.

Since this was likely then an upstream issue, I think we can close this, since its fixed .5. :)

@1Naim 1Naim closed this as completed Dec 21, 2024
@danog
Copy link
Contributor Author

danog commented Dec 24, 2024

Reopening the issue as it reproduces on 6.12.6.

@ptr1337 ptr1337 reopened this Dec 24, 2024
@danog
Copy link
Contributor Author

danog commented Dec 24, 2024

The kernel is built with the following config, from the official PKGBUILD (not the linux-cachyos-deb script):

# Disable automatic CPU selection
export _use_auto_optimization=n
# Use full LLVM LTO
export _use_llvm_lto=full
# Use hugepages
export _hugepage=always
# Enable -O3
export _cc_harder=y
# Use performance governor by default
export _per_gov=y
# No forced preemption
export _preempt=server

# server config (copied from non-lts server config)
export _cpusched=eevdf
export _HZ_ticks=300
export _tickrate=idle
export _cachy_config=''
export _use_lto_suffix=y

packaging happens using https://paste.daniil.it/package-kernel.sh

@danog
Copy link
Contributor Author

danog commented Dec 24, 2024

Built for -march=znver4

@1Naim
Copy link
Member

1Naim commented Dec 29, 2024

Can this be reproduced in a stock 6.12.6/6.12.7 kernel?

@danog
Copy link
Contributor Author

danog commented Jan 1, 2025

Actually, it cannot be reliably reproduced even with the custom-built kernel, might be caused by a combination of factors...

@1Naim
Copy link
Member

1Naim commented Jan 6, 2025

Are you sure this is a kernel bug and not a bug that was introduced from another package?, e.g. if you go back to 6.12.1, does everything work correctly?

@danog
Copy link
Contributor Author

danog commented Jan 6, 2025

The issue is most definitely caused by another package, in conjunction with the kernel upgrade.

@1Naim
Copy link
Member

1Naim commented Jan 6, 2025

Have you figured out the corresponding package that introduced this? If so, has a bug report been made in the upstream project instead? if that is also yes, please link the bug report here :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@danog @ptr1337 @1Naim