enable only 26 or 24 checkboxes on white list (Exit code: -1)

[GoogleCodeExporter]

What steps will reproduce the problem?
Use the white list. If the log is disabled you can only enable 26 check boxes 
on the white list. If the log is enabled you can enable 24 check boxes.

What is the expected output? What do you see instead?
If you enable more than the amount of check boxes i explained above you get the 
following error:

Error applying iptables rules.
Exit code:-1

iptables v 1.4.10

What version of the product are you using? On what operating system?
- DroidWall 1.5.1
- sgs i9000
- Android 2.3.3 Firmware JVH and cf root

Please provide any additional information below.

Reboot of the system and delete cache of the app does not solve the problem.

Original issue reported on code.google.com by andreas....@googlemail.com on 12 Jun 2011 at 6:31

[GoogleCodeExporter]

This seems to be a very common problem since I updated iptables to version 
1.4.10
Unfortunately, I could never reproduce it in any device that I can test!

Could you please try DroidWall v1.5.0 (previous version) to see if it fixes the 
problem? You can get the APK in the Donwloads section.

Please let me know the results. If that works, I will try to compile the newest 
iptables (1.4.11.1) and see if it works better.

Thanks

Original comment by rodrigo...@gmail.com on 15 Jun 2011 at 2:05

[GoogleCodeExporter]

Original comment by rodrigo...@gmail.com on 15 Jun 2011 at 2:05

• Changed title: enable only 26 or 24 checkboxes on white list (Exit code: -1)

[GoogleCodeExporter]

hmm this version does generally not work. if i activate the firewall there 
comes another error.

Error applying iptables rules.
Exit code: 1
iptables v 1.3.7
[] Segemation fault / data/data/com.g...
modprobe:  chdir (\system/lib/modules): no such file or directory

.....
this is a huge list. often the error say "No such file or directory"

Original comment by andreas....@googlemail.com on 15 Jun 2011 at 5:39

[GoogleCodeExporter]

i go back to 1.5.1

Original comment by andreas....@googlemail.com on 15 Jun 2011 at 5:40

[GoogleCodeExporter]

Hi, 
got the same problem with 1.5.1 and 1.5.0, but only on galaxy tab with Android 
2.3.3.
Maybe reason is iptables version 1.4.10 ?
Tried to give general write permissions on the iptables file in system/bin via 
root explorer, but didn't help.
My SGS works fine with same version of droidwall 1.5.1. The app is great.

Original comment by fruehsur...@gmail.com on 19 Jun 2011 at 6:36

[GoogleCodeExporter]

Hi,
no more response for my SGT ?
Problems may result from timeout updating iptables when applying too many rules 
?
Please check again. As I've already mentioned: Droidwall 1.5.1 on SGS with 
Android 2.3.3 no problem.
Thx a lot.

Original comment by fruehsur...@gmail.com on 26 Jun 2011 at 3:00

[GoogleCodeExporter]

Hey fruehsur...@gmail.com,

what version of Android 2.3.3 do you have (on SGS?). JVH do not work with me.

Original comment by andreas....@googlemail.com on 26 Jun 2011 at 6:23

[GoogleCodeExporter]

@andreas: i've got JVB and it works great.

Original comment by fruehsur...@gmail.com on 30 Jun 2011 at 8:29

[GoogleCodeExporter]

I was able to compile another iptables version for Android. Seems to be working 
fine on my test devices :)
Can someone please test the attached development version to see if this one 
fixes the "Exit code: -1" problem?
Thanks!

Original comment by rodrigo...@gmail.com on 14 Jul 2011 at 7:45

Attachments:

• droidwall-dev.apk

[GoogleCodeExporter]

Issue 145 has been merged into this issue.

Original comment by rodrigo...@gmail.com on 14 Jul 2011 at 7:46

[GoogleCodeExporter]

Hi Rodrigo,

Downloaded the 1.52-dev version of DroidWall and no it didn't fix the Exit -1 
issue.  It just refuses to apply the rules with or without Log Enabled.

I only noticed this issue now because a restored Titanium Backup of DroidWall 
v1.5.1 and make rule modifications there (on my freshly wiped phone) seemed to 
work fine.  It was only just today when I wanted to add to apps to the white 
list when I got the -1 error.

When I "Show Rule", I see the following at the bottom of the rule list:

...
mobprobe: chdir(/system/lib/modules): No such file or directory
FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:384

I'm on Android 2.3.4 KG1 firmware (VillianROM 2.0) for the Samsung Galaxy S2 
(SGS2).

Original comment by victor.w...@gmail.com on 16 Jul 2011 at 9:56

[GoogleCodeExporter]

Oh, I just checked both my Samsung Galaxy Tab AND my Samsung Galaxy S2 and 
realised that neither of them have a /system/lib/modules directory!  

That explains why the mobprobe chdir error comes up (at least on my SGS2... not 
sure why the SGT doesn't have that error).

Creating the /system/lib/modules directory seems to have fixed the Exit Code -1 
issue for me (v1.5.1 and v1.5.2-dev Droidwall), although now I get the 
following error message under "Show Rules" (even after copying and pasting the 
ip_tables file from the DroidWall installation to /system/lib/modules):

modprobe: module 'ip_tables' not found

That error doesn't seem to affect the operation of the firewall however, so I 
guess it's a valid workaround :)

Original comment by victor.w...@gmail.com on 16 Jul 2011 at 10:23

[GoogleCodeExporter]

@victor.w, thank you very much for the information :)
The "FIX ME!" message can be completely ignored. This message is generated by 
the android "libc" on ALL devices when using some iptables features.

Very interesting finding about the /system/lib/modules folder indeed... I will 
investigate this further to check if there is any way to modify iptables in 
order to make this directory optional, or something similar.

Oh, and don't copy iptables to that folder. That folder should contain only 
kernel modules, and those must be compiled specially for your kernel ;)

PS: Can anybody else please confirm if this work-around works? Thanks!

Original comment by rodrigo...@gmail.com on 16 Jul 2011 at 3:35

[GoogleCodeExporter]

Hi Rodrigo,
downloaded 1.5.2-dev and installed on SGT 2.3.3.
Applying rules works, but when activating firewall the same error occurs:

Exit code: -1
iptables 1.4.10

BUT:
The workaround by victor (craeting a new folder system/lib/modules) seems to 
fix my problem as well indeed on my sgt with droidwall 1.5.1. Tried out 40 
rules and activating FW. Works now !

Thx

Original comment by fruehsur...@gmail.com on 17 Jul 2011 at 4:12

[GoogleCodeExporter]

Weird, this "dev" version should report iptables 1.4.7 ... and not 1.4.10
If you don't mind, could you please try to clear DroidWall's data and cache, 
then check if iptables changes to 1.4.7 ?
It is possible that this iptables (1.4.7) don't require the work-around :)
Thanks!

Original comment by rodrigo...@gmail.com on 17 Jul 2011 at 2:21

[GoogleCodeExporter]

Hi Rodrigo,
I'm glad to have droidwall 1.5.1 on my SGT 2.3.3 working with the workaround :-)
For me it's not important on which iptables version it is based.
Thank you very much for droidwall.

Original comment by fruehsur...@gmail.com on 20 Jul 2011 at 5:04

[GoogleCodeExporter]

I think I found a solution that don't require any workaround! :D
Could someone please test the attached development version?

I would really appreciate if someone that applied the workaround could test 
this version without the folder (delete /system/lib/modules and test it).

If this works, I will release an official update on Market today :D

Thanks in advance!

Original comment by rodrigo...@gmail.com on 20 Jul 2011 at 5:13

[GoogleCodeExporter]

Oops, forgot to attach:

Original comment by rodrigo...@gmail.com on 20 Jul 2011 at 5:14

Attachments:

• droidwall-dev.apk

[GoogleCodeExporter]

That fixed it on my atrix! Still get weird not found messages in the show rules 
but it works! Logging doesn't but I understand thats an issue with the atrix 
kernel build.
Awesome work!

Original comment by northwoo...@gmail.com on 20 Jul 2011 at 5:24

[GoogleCodeExporter]

DroidWall 1.5.2 has been just published on the Android Market!
This version should fix this problem for everyone :)

Original comment by rodrigo...@gmail.com on 20 Jul 2011 at 7:26

• Changed state: Fixed

[GoogleCodeExporter]

checked 1.5.2. per auto-update on the market.
works still fine on sgt 2.3.3 and sgs 2.3.4
THX

Original comment by fruehsur...@gmail.com on 23 Jul 2011 at 2:54

[GoogleCodeExporter]

Hi Rodrigo, looks like your workaround version for this issue doesn't work for 
koxudaxi's series of kernels for the Galaxy Tab P1000 
(http://forum.xda-developers.com/showthread.php?t=943669&page=1 and 
http://koxudaxi.sakura.ne.jp/android/cwmzip/).

I tested koxudaxi's 3_0_13 and 3_0_14c versions of the kernel and in both cases 
the Apply Rule Exit Code -1 timeout due to missing "modules" directory still 
occurs.

With those particular kernels, I believe koxudaxi has set the 
/system/lib/modules directory to be "2.6.35.7-koxudaxi-eur_3_0_13" (for the 
3_0_13 kernel).  Creating that directory in /system/lib didn't resolve the 
issue like last time unfortunately.

The repeated error message as seen in DroidWall v1.5.2 under Show Rules is:

modprobe: chdir(2.6.35.7-koxudaxi-eur_3_0_13): No such files or directory

Would be great if you could work out a way for iptables to completely avoid 
looking up the "modules" directory as specified in the kernel when applying 
rules.  I've already raised it as an issue with koxudaxi in his XDA Galaxy Tab 
thread also.

Thanks!

Original comment by victor.w...@gmail.com on 1 Aug 2011 at 5:57