bugzilla-daemon at netfilter.org
2017-Nov-28 09:01 UTC
[Bug 1203] New: 'DisableExternalCache On' seems to be broken
https://bugzilla.netfilter.org/show_bug.cgi?id=1203
Bug ID: 1203
Summary: 'DisableExternalCache On' seems to be broken
Product: conntrack-tools
Version: unspecified
Hardware: All
OS: Ubuntu
Status: NEW
Severity: normal
Priority: P5
Component: conntrack-daemon
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: johanrp70 at gmail.com
Hi,
I have a setup with two firewalls in a VirtualBox environment and is trying to
run conntrackd in active-active mode (DisableExternalCache On).
root at gw1:~# conntrackd -v
Connection tracking userspace daemon v1.4.4. Licensed under GPLv2.
root at gw1:~# uname -a
Linux gw1 4.4.0-87-generic #110-Ubuntu SMP Tue Jul 18 12:55:35 UTC 2017 x86_64
x86_64 x86_64 GNU/Linux
I can se conntrack info in firewall-1 with 'conntrackd -i' and
'conntrack -L'.
But when I run the same commands in firewall-2 it's empty and and I can se
this
in the logfile:
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-add2: Invalid argument
Tue Nov 28 09:53:41 2017 udp 17 src=192.168.2.10 dst=y.y.y.y
sport=49898 dport=53 [UNREPLIED]
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-upd1: Invalid argument
Tue Nov 28 09:53:41 2017 udp 17 src=192.168.2.10 dst=y.y.y.y
sport=49898 dport=53 [ASSURED]
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-add2: Invalid argument
Tue Nov 28 09:53:41 2017 tcp 6 SYN_SENT src=192.168.2.10 dst=x.x.x.x
sport=39554 dport=443 [UNREPLIED]
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-upd1: Invalid argument
Tue Nov 28 09:53:41 2017 tcp 6 SYN_RECV src=192.168.2.10 dst=x.x.x.x
sport=39554 dport=443
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-upd1: Invalid argument
Tue Nov 28 09:53:41 2017 tcp 6 ESTABLISHED src=192.168.2.10 dst=x.x.x.x
sport=39554 dport=443 [ASSURED]
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-upd1: Invalid argument
Tue Nov 28 09:53:41 2017 tcp 6 FIN_WAIT src=192.168.2.10 dst=x.x.x.x
sport=39554 dport=443 [ASSURED]
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-upd1: Invalid argument
Tue Nov 28 09:53:41 2017 tcp 6 CLOSE src=192.168.2.10 dst=x.x.x.x
sport=39554 dport=443 [ASSURED]
Regards
/Johan
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171128/6670cc2e/attachment.html>
bugzilla-daemon at netfilter.org
2017-Nov-30 08:26 UTC
[Bug 1203] 'DisableExternalCache On' seems to be broken
https://bugzilla.netfilter.org/show_bug.cgi?id=1203
Petski <patrick.kuijvenhoven at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |patrick.kuijvenhoven at gmail.
| |com
--- Comment #1 from Petski <patrick.kuijvenhoven at gmail.com> ---
Probably related to https://bugzilla.netfilter.org/show_bug.cgi?id=1123
'CommitTimeout' can't be combined with
'DisableExternalCache'
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171130/c0632097/attachment.html>
bugzilla-daemon at netfilter.org
2017-Nov-30 12:02 UTC
[Bug 1203] 'DisableExternalCache On' seems to be broken
https://bugzilla.netfilter.org/show_bug.cgi?id=1203 --- Comment #2 from Johan P <johanrp70 at gmail.com> --- (In reply to Petski from comment #1)> Probably related to https://bugzilla.netfilter.org/show_bug.cgi?id=1123 > > 'CommitTimeout' can't be combined with 'DisableExternalCache'Oh!! I thought I had searched everywhere for 'DisableExternalCache'. It works fine when I removed 'CommitTimeout'. Thank you! Regards /Johan -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171130/9493af9e/attachment.html>
bugzilla-daemon at netfilter.org
2017-Nov-30 12:06 UTC
[Bug 1203] 'DisableExternalCache On' seems to be broken
https://bugzilla.netfilter.org/show_bug.cgi?id=1203
Petski <patrick.kuijvenhoven at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #3 from Petski <patrick.kuijvenhoven at gmail.com> ---
*** This bug has been marked as a duplicate of bug 1123 ***
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171130/da235f94/attachment.html>
Apparently Analagous Threads
- [Bug 1123] New: conntrackd will not accept connection records into kernel table from another machine
- [Bug 1062] New: Kernel IPv6 event filtering not working
- [Bug 1445] New: conntrackd: segfaults when not disabling internal cache
- [Bug 1229] New: conntrackd man page "State <policy> {<states list>}"
- [ANNOUNCE] conntrack-tools 1.4.3 release