[Kernel-packages] [Bug 2106326] Re: ip6tables option --set-mark not working with linux-image-6.8.0-1024-nvidia and above

Tue, 15 Apr 2025 07:20:02 -0700 

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: linux-hwe-6.8 (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-signed-nvidia-6.8 in Ubuntu.
https://bugs.launchpad.net/bugs/2106326

Title:
  ip6tables option --set-mark not working with linux-
  image-6.8.0-1024-nvidia and above

Status in linux-hwe-6.8 package in Ubuntu:
  Confirmed
Status in linux-signed-nvidia-6.8 package in Ubuntu:
  Confirmed

Bug description:
  Starting from linux-image-6.8.0-1024-nvidia (and now 1025 as well), I
  receive an error when loading the following sequence of iptables
  rules:

  awg set warp0 fwmark 1
  iptables -A OUTPUT -t mangle -m owner --uid-owner danted1 -m mark --mark 0 ! 
-d localhost -j MARK --set-mark 217
  iptables -A OUTPUT -t mangle -m owner --uid-owner tinyproxy -m mark --mark 0 
! -d localhost -j MARK --set-mark 227
  ip6tables -A OUTPUT -t mangle -m owner --uid-owner danted1 -m mark --mark 0 ! 
-d ip6-localhost -j MARK --set-mark 217
  ip6tables -A OUTPUT -t mangle -m owner --uid-owner tinyproxy -m mark --mark 0 
! -d ip6-localhost -j MARK --set-mark 227
  ip rule add fwmark 217 table 217
  ip rule add fwmark 227 table 217
  ip -6 rule add fwmark 217 table 217
  ip -6 rule add fwmark 227 table 217

  ip6tables v1.8.7 (nf_tables): unknown option "--set-mark"
  Try `ip6tables -h' or 'ip6tables --help' for more information.

  Likely the errors refer to the rules on lines 4 or 5 above.
  Interesting that only ip6tables rule triggers the error, while
  iptables apparently passes correctly.

  These rules are used to force all the traffic on certain local proxy
  servers to go through a VPN interface. They are located in the
  interface .conf file, so they are applied automatically when the
  interface is set up (and now this fails making the VPN interface to
  not load).

  Everything worked OK on nvidia kernel versions 1023 and before.
  Everything still works on another machine running the mainline
  (generic) kernel.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-hwe-6.8/+bug/2106326/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to