bugzilla-daemon@netfilter.org
2004-May-29 21:45 UTC
[Bug 104] Bytes/packets counters sometimes give incorrect values
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=104 ------- Additional Comments From gandalf@netfilter.org 2004-05-29 23:45 ------- iptables calls getsockopt() twice, first with SO_GET_INFO which locks the table in kernel and returns some info and then unlocks the table, among that info is the size of the table. Then iptables allocates memory and calls getsockopt() again but with SO_GET_ENTRIES to get the table, and it passes in the size it got from the first getsockopt() call. SO_GET_ENTRIES also locks the table, then it calls get_entries() which compares the passed in size with the ac tual current size of the table and returns -EINVAL if they don't match. I checked and that's what happens. A simple loop that adds/removes rules at the same time as one try to list the rules reproduces it easily. SO_GET_INFO unlocks the table after it's done and then a rule is either added or deleted and then we call SO_GET_ENTRIES which checks the size we passed in and it differs... abort. I wonder if we can detect that somehow and retry the entire thing automatically a few times. getsockopt() doesn't return an error... Output from net/ipv4/netfilter/iptables.c during the add/remove loop: get_entries: I've got 2328 not 2176! get_entries: I've got 2328 not 2176! get_entries: I've got 2176 not 2328! There might be more problems than these, more testing needed. ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
Reasonably Related Threads
- [Bug 104] Bytes/packets counters sometimes give incorrect values
- [Bug 104] Bytes/packets counters sometimes give incorrect values
- [Bug 104] Bytes/packets counters sometimes give incorrect values
- [Bug 104] New: Bytes/packets counters sometimes give incorrect values
- getsockopt TCP_NODELAY: Socket operation on non-socket