thr3ads.net - netfilter buglog - [Bug 1203] New: 'DisableExternalCache On' seems to be broken [Nov 2017]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at netfilter.org

2017-Nov-28 09:01 UTC

[Bug 1203] New: 'DisableExternalCache On' seems to be broken

https://bugzilla.netfilter.org/show_bug.cgi?id=1203

            Bug ID: 1203
           Summary: 'DisableExternalCache On' seems to be broken
           Product: conntrack-tools
           Version: unspecified
          Hardware: All
                OS: Ubuntu
            Status: NEW
          Severity: normal
          Priority: P5
         Component: conntrack-daemon
          Assignee: netfilter-buglog at lists.netfilter.org
          Reporter: johanrp70 at gmail.com

Hi,

I have a setup with two firewalls in a VirtualBox environment and is trying to
run conntrackd in active-active mode (DisableExternalCache On).

root at gw1:~# conntrackd -v
Connection tracking userspace daemon v1.4.4. Licensed under GPLv2.

root at gw1:~# uname -a
Linux gw1 4.4.0-87-generic #110-Ubuntu SMP Tue Jul 18 12:55:35 UTC 2017 x86_64
x86_64 x86_64 GNU/Linux

I can se conntrack info in firewall-1 with 'conntrackd -i' and
'conntrack -L'.
But when I run the same commands in firewall-2 it's empty and and I can se
this
in the logfile:


[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-add2: Invalid argument
Tue Nov 28 09:53:41 2017    udp      17 src=192.168.2.10 dst=y.y.y.y
sport=49898 dport=53 [UNREPLIED]
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-upd1: Invalid argument
Tue Nov 28 09:53:41 2017    udp      17 src=192.168.2.10 dst=y.y.y.y
sport=49898 dport=53 [ASSURED]
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-add2: Invalid argument
Tue Nov 28 09:53:41 2017    tcp      6 SYN_SENT src=192.168.2.10 dst=x.x.x.x
sport=39554 dport=443 [UNREPLIED]
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-upd1: Invalid argument
Tue Nov 28 09:53:41 2017    tcp      6 SYN_RECV src=192.168.2.10 dst=x.x.x.x
sport=39554 dport=443
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-upd1: Invalid argument
Tue Nov 28 09:53:41 2017    tcp      6 ESTABLISHED src=192.168.2.10 dst=x.x.x.x
sport=39554 dport=443 [ASSURED]
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-upd1: Invalid argument
Tue Nov 28 09:53:41 2017    tcp      6 FIN_WAIT src=192.168.2.10 dst=x.x.x.x
sport=39554 dport=443 [ASSURED]
[Tue Nov 28 09:53:41 2017] (pid=2286) [ERROR] inject-upd1: Invalid argument
Tue Nov 28 09:53:41 2017    tcp      6 CLOSE src=192.168.2.10 dst=x.x.x.x
sport=39554 dport=443 [ASSURED]

Regards

/Johan

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171128/6670cc2e/attachment.html>

bugzilla-daemon at netfilter.org

2017-Nov-30 08:26 UTC

head link

[Bug 1203] 'DisableExternalCache On' seems to be broken

https://bugzilla.netfilter.org/show_bug.cgi?id=1203

Petski <patrick.kuijvenhoven at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |patrick.kuijvenhoven at gmail.
                   |                            |com

--- Comment #1 from Petski <patrick.kuijvenhoven at gmail.com> ---
Probably related to https://bugzilla.netfilter.org/show_bug.cgi?id=1123

'CommitTimeout' can't be combined with
'DisableExternalCache'

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171130/c0632097/attachment.html>

bugzilla-daemon at netfilter.org

2017-Nov-30 12:02 UTC

head link

[Bug 1203] 'DisableExternalCache On' seems to be broken

https://bugzilla.netfilter.org/show_bug.cgi?id=1203

--- Comment #2 from Johan P <johanrp70 at gmail.com> ---
(In reply to Petski from comment #1)> Probably related to https://bugzilla.netfilter.org/show_bug.cgi?id=1123
> 
> 'CommitTimeout' can't be combined with
'DisableExternalCache'
Oh!! I thought I had searched everywhere for 'DisableExternalCache'. It
works
fine when I removed 'CommitTimeout'.

Thank you!

Regards

/Johan

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171130/9493af9e/attachment.html>

bugzilla-daemon at netfilter.org

2017-Nov-30 12:06 UTC

head link

[Bug 1203] 'DisableExternalCache On' seems to be broken

https://bugzilla.netfilter.org/show_bug.cgi?id=1203

Petski <patrick.kuijvenhoven at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |DUPLICATE

--- Comment #3 from Petski <patrick.kuijvenhoven at gmail.com> ---


*** This bug has been marked as a duplicate of bug 1123 ***

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171130/da235f94/attachment.html>

Possibly Parallel Threads

Search for more reasonably related threads

netfilter buglog - Nov 2017 - [Bug 1203] New: 'DisableExternalCache On' seems to be broken

[Bug 1203] New: 'DisableExternalCache On' seems to be broken

[Bug 1203] 'DisableExternalCache On' seems to be broken

[Bug 1203] 'DisableExternalCache On' seems to be broken

[Bug 1203] 'DisableExternalCache On' seems to be broken

Possibly Parallel Threads