bugzilla-daemon at netfilter.org
2017-Feb-16 18:28 UTC
[Bug 1123] New: conntrackd will not accept connection records into kernel table from another machine
https://bugzilla.netfilter.org/show_bug.cgi?id=1123
Bug ID: 1123
Summary: conntrackd will not accept connection records into
kernel table from another machine
Product: conntrack-tools
Version: unspecified
Hardware: x86_64
OS: other
Status: NEW
Severity: major
Priority: P5
Component: conntrack-daemon
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: gerald at palmerhouse.net
OS localhost 4.9.8-1-ARCH #1 SMP PREEMPT Mon Feb 6 12:59:40 CET 2017 x86_64
GNU/Linux
conntrackd version 1.4.4
conntrackd gives the error:
[Thu Feb 16 17:56:27 2017] (pid=1312) [ERROR] inject-add2: Invalid argument
Thu Feb 16 17:56:27 2017 icmp 1 src=192.168.0.15 dst=67.36.196.10 type=8
code=0 id=5486 [UNREPLIED]
[Thu Feb 16 17:56:27 2017] (pid=1312) [ERROR] inject-upd1: Invalid argument
Thu Feb 16 17:56:27 2017 icmp 1 src=192.168.0.15 dst=67.36.196.10 type=8
code=0 id=5486
for each connection it attempts to add to the local table
when
DisableExternalCache On
conntrackd WILL add to external table when the external cache is enabled
but errors with the cache is disabled
with the external cache disabled
entries DO NOT appear in conntrack -L
entries DO NOT appear in conntrackd -e
entries DO NOT appear in conntrackd -i
failures show in conntrackd -s
conntrackd.conf
Sync {
Mode FTFW {
DisableExternalCache On
CommitTimeout 1800
PurgeTimeout 5
}
UDP {
IPv4_address 192.168.0.31
IPv4_Destination_Address 192.168.0.30
Port 3780
Interface ens8
SndSocketBuffer 24985600
RcvSocketBuffer 24985600
Checksum on
}
}
General {
Nice -20
HashSize 32768
HashLimit 131072
LogFile on
Syslog on
LockFile /var/lock/conntrack.lock
UNIX {
Path /var/run/conntrackd.ctl
Backlog 20
}
NetlinkBufferSize 2097152
NetlinkBufferSizeMaxGrowth 8388608
Filter From Userspace {
Protocol Accept {
TCP
UDP
ICMP # This requires a Linux kernel >= 2.6.31
}
Address Ignore {
IPv4_address 127.0.0.1 # loopback
IPv4_address 192.168.0.30
IPv4_address 192.168.0.31
}
}
}
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170216/bd7caedd/attachment.html>
bugzilla-daemon at netfilter.org
2017-Feb-16 18:42 UTC
[Bug 1123] conntrackd will not accept connection records into kernel table from another machine
https://bugzilla.netfilter.org/show_bug.cgi?id=1123 --- Comment #1 from gerald at palmerhouse.net --- conntrack -c works and adds entries to the local table perhaps related to: http://www.linuxquestions.org/questions/showthread.php?p=5547189#post5547189 -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170216/0d5eb633/attachment.html>
bugzilla-daemon at netfilter.org
2017-Mar-10 09:55 UTC
[Bug 1123] conntrackd will not accept connection records into kernel table from another machine
https://bugzilla.netfilter.org/show_bug.cgi?id=1123
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |pablo at netfilter.org
Resolution|--- |FIXED
--- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> ---
http://git.netfilter.org/conntrack-tools/commit/?id=39398cd3c1e488e099ea186ad1e5b725c2f09d1d
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170310/f14a280e/attachment.html>
bugzilla-daemon at netfilter.org
2017-Nov-30 12:06 UTC
[Bug 1123] conntrackd will not accept connection records into kernel table from another machine
https://bugzilla.netfilter.org/show_bug.cgi?id=1123
Petski <patrick.kuijvenhoven at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |johanrp70 at gmail.com
--- Comment #3 from Petski <patrick.kuijvenhoven at gmail.com> ---
*** Bug 1203 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171130/1cad7327/attachment.html>
Apparently Analagous Threads
- [Bug 1203] New: 'DisableExternalCache On' seems to be broken
- [Bug 1445] New: conntrackd: segfaults when not disabling internal cache
- [Bug 1062] New: Kernel IPv6 event filtering not working
- Conntrackd - fail at startup.
- [Bug 1229] New: conntrackd man page "State <policy> {<states list>}"