Bug 219409

Summary: Linux 6.11.4 ip6tables NFLOG options give "unknown option" error
Product: Networking Reporter: William (wjfgb)
Component: Netfilter/IptablesAssignee: networking_netfilter-iptables (networking_netfilter-iptables)
Status: RESOLVED CODE_FIX    
Severity: normal CC: regressions
Priority: P3    
Hardware: All   
OS: Linux   
Kernel Version: 6.11.4 Subsystem:
Regression: Yes Bisected commit-id:

Description William 2024-10-21 14:41:05 UTC 
For Linux 6.11.4 in ip6tables the first option to the NFLOG target gives an "unknown option" error, in my case this option happened to be --nflog-prefix.

Only affects IPv6 (IPv4 appears ok under all versions).
Is ok under 6.11.3 with exact same config etc.

###########################################
Simple test under 6.11.4 

root:~# ip6tables -N TEST_1
root:~# ip6tables -A TEST_1  -j NFLOG --nflog-prefix "Some prefix: "
ip6tables v1.8.7 (legacy): unknown option "--nflog-prefix"
Try `ip6tables -h' or 'ip6tables --help' for more information.
root:~# 
root:~# ip6tables -A TEST_1  -j NFLOG    --nflog-threshold 10
ip6tables v1.8.7 (legacy): unknown option "--nflog-threshold"
Try `ip6tables -h' or 'ip6tables --help' for more information.

###########################################

These tests run without error under 6.11.3.

Checking with ip6tables-save confirms the problem.

I get the same failure under 6.6.57

I am running on Slackware 15.0 on an Intel core i5,
with Slackware packages :-
  iptables-1.8.7-x86_64-3
  libnetfilter_conntrack-1.0.8-x86_64-3
  libnetfilter_log-1.0.2-x86_64-1
  ulogd-2.0.7-x86_64-4

Not sure if this is related to bugid-219397
Comment 1 The Linux kernel's regression tracker (Thorsten Leemhuis) 2024-10-22 08:09:26 UTC 
Not my area of expertise, but from a quick look is seems to be a known
problem due to some typos and people are working on a fix here:

https://lore.kernel.org/all/20241021094536.81487-1-pablo@netfilter.org/
Comment 2 William 2024-11-01 19:29:25 UTC 
It now runs without error under 6.11.6 and 6.6.59
Thanks.